rodbishop on Nostr: I think I just worked out a new signing workflow. We can approximate an offline ...
I think I just worked out a new signing workflow.
We can approximate an offline signer using an NFC card that holds an nsec.
Design a nsecbunker, and delegate signing to the bunker, but populate the bunker with a transient nsec, similar to Amethyst transient login.
Client asks bunker for signature. Bunker requests NFC tap in order to get the nsec. On tap, bunker applies the password, signs the event, and then forgets the nsec.
Required to trust the bunker software, but if the bunker gets hacked, or device gets compromised, it does not possess the key.
Thoughts?
We can approximate an offline signer using an NFC card that holds an nsec.
Design a nsecbunker, and delegate signing to the bunker, but populate the bunker with a transient nsec, similar to Amethyst transient login.
Client asks bunker for signature. Bunker requests NFC tap in order to get the nsec. On tap, bunker applies the password, signs the event, and then forgets the nsec.
Required to trust the bunker software, but if the bunker gets hacked, or device gets compromised, it does not possess the key.
Thoughts?