max on Nostr: Great questions. On (1): the phone can't modify information signed by the hardware, ...
Great questions.
On (1): the phone can't modify information signed by the hardware, it just forwards it to the server. Bitkey hardware ships with a key (not the one used for signing transactions) that can be used to sign messages and which Bitkey servers can verify. If a compromised phone attempts to modify what the hardware has signed, the server would know they've been tampered with and would be able to surface that to the user via a channel like email.
On (2): if the Bitkey servers that communicate the addresses or transaction details to you in the proposed solution were compromised, what they show/send you wouldn't match your phone's screen.
Published at
2023-05-18 17:05:18Event JSON
{
"id": "cc51371e43f601d83c10930f6ab37ae57c88f8b7653dfdb3cd430de5f8582df4",
"pubkey": "f99c62e39e0f5d737fd96e9a67e8bb46e0e50c60822c53c879e8a1eb3e0f6c07",
"created_at": 1684429518,
"kind": 1,
"tags": [
[
"e",
"822611d6fd2394f26aba5c168c553798aaff8a68db216dd65ad7d401a945c489"
],
[
"e",
"f33fd884558fc5a02faee462ad8d81aba6c5e11724e4d5b3b10f6176e6924f9b"
],
[
"p",
"971615b70ad9ec896f8d5ba0f2d01652f1dfe5f9ced81ac9469ca7facefad68b"
]
],
"content": "Great questions.\n\nOn (1): the phone can't modify information signed by the hardware, it just forwards it to the server. Bitkey hardware ships with a key (not the one used for signing transactions) that can be used to sign messages and which Bitkey servers can verify. If a compromised phone attempts to modify what the hardware has signed, the server would know they've been tampered with and would be able to surface that to the user via a channel like email.\n\nOn (2): if the Bitkey servers that communicate the addresses or transaction details to you in the proposed solution were compromised, what they show/send you wouldn't match your phone's screen.",
"sig": "f4e10fefdbbbde48816b47c0c8b6028d8ddae7d299e6a7363a0cce703057da174647be9efb5011f94977235e0ab4fe62b22fd36774ace2c9ab0f6aff972209b0"
}