first functional nostr signing device

In part one of our series ‘evolution of Nostr signing devices‘ we described the issue that there is no fully functional Nostr signing device available yet, that can both create private keys (?) offline and securely sign messages on the device. As of now, this issue still stands, but we expect it to be resolved fairly soon!

On the Nostrasia conference the Satslink device was announced and the creator of Nsec Bunker told the attendees that he plans to build his key management software on the Satslink device. If this is done, it means that we have the first fully functioning Nostr Signing device available!

The problem

Nostr private keys (?) are very sensitive information, loss or theft of your keys means loss of your Nostr identity (?). In Bitcoin, where public -and private key cryptography is also used, this problem is solved by hardware wallets. These devices create and use the private keys offline, so they will never be exposed to the online environment. As described in our last article about the evolution of Nostr signing devices which you can also see in our comparison table for Nostr signing devices: There are no devices that can both create keys offline and sign in an offline environment available yet. The Satslink is changing that, but is at the moment only useful for developers since there is no software available yet.

problem nostr signing devices
Click here for the original comparison table
what is a satslink

Satslink is a general purpose communication hardware device developed by Coinkite, the manufacturer of the Coldcard hardware wallet. This device is optimised to host programs made for Bitcoin script, Bitcoin Lightning and Nostr and securely communicate with other devices. The device is hackable, which means that everyone can go and create programs as they wish. Furthermore, the device contains a secure element to securely store secret information like private keys.

This means that the it is perfectly suited to create a Nostr signing device, but it can even host entire clients (?) or relays (?). Depending on the software that is being developed, the Satslink can become a device Bitcoin, Lightning or Nostr, or even a combination of those. In the future there will be different software for different use cases available, that yo can simply load onto your device. Here you can read more about Satslink.

What Is Nsec Bunker?

what is nsec bunker

Nsec Bunker is key management software that enables the user to keep the private key securely encrypted in the ‘bunker’, while Nostr messages can be signed with temporary delegation tokens in any client. This means that the user can be active in different clients without exposing the private key.

If the delegation token get compromised or isn’t needed anymore, it can simply being revoked with the private key. This means that Nsec Bunker not only makes interaction with Nostr more secure, but it also enables cooperation between different people which is great for organisations. You can give others permission to sign, without the risk of compromise of the private key. Here you can read more about Nsec Bunker.

nsec bunker hosted on a satslink device

If Nsec Bunker runs on a Satslink device, which is likely coming soon, it would become the first ever functional signing device for Nostr with quite amazing features. Since the entire program would be running on the Satslink, the private key would be created securely on the device. This key will be used to create temporary delegation tokens, which can be used to sign for messages in any compatible client on the behave of this key, without ever exposing it online. If one of the tokens get compromised, the private key on the device can simply be used to revoke the token and create a new one. This is basically as good as offline signing, but probably even better.

We say it might be better, because it is much more user friendly to import a token in a client once and use it to sign potentially for years. Alternatively, a regular signing device that can sign offline would have to confirm every single message, which means that the device always have to be connected and many buttons must be pushed every time. Furthermore, with permission tokens different people can get personalised permissions in an organisation, which would not be possible with a regular signing device. In short: We are looking really forward to the moment that this will be released, while we keep looking at all other innovation that will come out of it!

Read More:

Follow us on Nostr!

follow nostrsigningdevice on nostr


5/5 - (1 vote)

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top