What Is A Nostr Signing Device?

Nostr signing devices explained

Share this article

The reality of using nostr requires users to have their private key on hand to be able to interact with clients. You will use it to sign in and prove your identity or to create content like notes and events. While private keys give us more control over our data and our account, it does pose some security issues depending on how we get clients to interact with our keys.

Electronic signatures are essential to the nostr experience, but having some distance between clients and your keys is necessary for security.

Sure, the convenience of pasting your key into a website seems to be fine for now while you experiment. But as the protocol matures and your account becomes more valuable in terms of content, followers and reputation, you might not want to be as reckless with your key management.

If you want to protect your electronic signatures from unauthorised access, a Nostr signing device can help add an additional layer of security. This device provides a secure and reliable way of signing notes and interacting with clients while limiting their ability or anyone running a MIM attack to access your keys, which could be used later for tampering, fraud or accessing services like your Cashu wallet using your nostr identity.

How does a nostr signing device work?

When interacting with the nostr protocol to create a note or interact with others, you require a private key to sign and prove that you can access and decrypt specific data or to assign this new data you create to your account.

To interact with a client, you could paste your public key into a site and sign directly in the browser, but this is not recommended, as it can see you compromise your key.

To protect your private key, you should try to keep a safe distance between it and the clients you interact with on your device. One way of doing that is by employing key management tools that store the key on your local device and allow clients to interact with it safely. 

The step up after that is to have a separate device that holds your key and can only be used for one thing, signing your private key when it is needed. Data is sent to/from the Nostr Signing Device (NSD) over webdev Serial, which is not the most secure data transmission method, but it is still a better method when compared to storing your private key on a computer.

While NSDs are built to support NIP-7, clients could interact with them directly, but using a key management tool like Nos2X is far more convenient.

Essentially, the process for using a Nostr signing device involves a separate device connecting to your computer to validate your unique digital signature when a client requests it. 

This signature is generated through a mathematical algorithm that is specific to that particular signature and is then embedded into the notes to create a tamper-proof signature. 

Nostr signing device in action with the Iris client

Where do I get a signing device?

Visit your local electronics store or try Amazon or Alibaba and try to find a:

  • LilyGo TTGO ESP32 microcontroller
  • A 3D printed case for the hardware wallet.

Should you not wish to build your own device, you can purchase a nostr signing device (NSD) from the LN Bits store.

Device setup.

Once you have the device, you will need to:

  • Install Arduino IDE 1.8.19.
  • Install ESP32 boards, using boards manager.
  • Download this repo.
  • Copy these libraries into your Arduino install “libraries” folder.
  • Open this wallet.ino file in the Arduino IDE.
  • Select “TTGO-LoRa32-OLED-V1” from tools>board.
  • Upload to the device.

Nostr key setup.

  • After the device has been set up, connect it to your computer.
  • Flash the hardware-wallet firmware directly from the browser using the installer.
  • Use a compatible browser such as Chrome or Edge. Connect the Tdsiplay, click Flash, and select Erase.
  • Once flashed, to enable USB config mode, press the button on startup.
  • Connect to the device, select `nostrDevice` template, add privatekey,
  • Then select’Save to device` and you should be all set.

Why would I want a signing device?

For individuals

When it comes to signing notes and messing around with clients, individuals tend to overlook the potential risks involved. Social media is meant to be fun, and people tend to let their guard down, clicking on links or installing software that could leave them open to attack. 

Without a secure signing device, confidential data can be compromised, leading to identity theft or fraud. This is where a Nostr signing device comes in as an essential tool for individuals who value their privacy and security. Essentially a signing device can save you from yourself.

The second reason for wanting a signing device is the ease of moving between devices. Perhaps you have a desktop and a laptop. You use them interchangeably or have a work computer and a personal computer and would like to use nostr on either one. 

Still, you don’t want to risk leaving your keys on a PC in the office; well, now you don’t have to; simply bring your device with you wherever you go, log in to the client of your choice, plug in your signing device and off you go.

For businesses

For businesses handling confidential information, security is a top priority, and a social media account is very much part of that. Imagine if you’re running a business and someone compromises your business nostr account and uses the trust built up in your brand to defraud customers; this will not only leave you with a PR nightmare but could be massively damaging to your business’s bottom line. 

Adding a $20 device to your security stack that could end up saving you millions in possible losses is a no-brainer.

Businesses are also dynamic, and account access might need to change hands or allow for different members of the organisation to manage social accounts. Instead of passing on keys through insecure methods like email or chat apps, you can rather create several physical devices which you hand out to parties that require access to the business nostr account. 

Not your keys, not your notes.

A Nostr signing device is optional, and you can get by with key management software or an app that stores your key securely. But for those who might want to avoid taking a chance on security or those who value their privacy and want to protect their confidential information while signing notes, a signing device should be an appealing add-on to your nostr security measures. 

A signing device will add friction to your nostr experience, and you will have to spend a bit of time and money on building the device. But it could turn out to be a significant investment should you ever find your computer compromised or if it has died and you need access to your account. 

Training ground for key management. 

As we move towards a world where we have greater control over our data, where self-custody is the norm and trust is minimised, having a firm grasp of signing with your private keys and managing your keys is going to become a skill that all of us will need to learn and become comfortable with should we wish to participate in the new internet. 

If you’re new to private and public key cryptography, bitcoin might not be the best playing ground because you are dealing with real money and potential financial losses should things go wrong. The potential risks make learning and getting comfortable with this technology far more stressful. 

In the case of nostr, should you expose or lose your keys, you would only lose access to your social media account, a loss most of us can live with, should you not make your money through social media. 

This makes nostr a great playground and introduction to public and private key management in a low-stakes environment. As nostr users become accustomed to the process, it becomes a natural progression to want to try and hold something of value through the same system and acquire a bitcoin hardware signing device.


Do your own research.

If you’d like to try out Nostr or want to learn more about it, we recommend checking out the following resources to kickstart your research.

Are you on Nostr?

If you are a Nostr user and want to hang out and chat with us or follow our content on your preferred Nostr front end, feel free to add us using our PubKey below.

npub10mxnle348mzv2dnj0ylgz3zu9gceenc29x9fr4m6mnars66j7vxsnkn8mj

The Bitcoin Manual’s Nostr Pubkey

Please give us your notes.

If you have used Nostr, which client do you prefer and why? What apps and services would you like to see form part of the growing ecosystem?

Let us know in the comments down below.

Disclaimer: This article should not be taken as, and is not intended to provide any investment advice. It is for educational and entertainment purposes only. As of the time posting, the writers may or may not have holdings in some of the coins or tokens they cover. Please conduct your own thorough research before investing in any cryptocurrency, as all investments contain risk. All opinions expressed in these articles are my own and are in no way a reflection of the opinions of The Bitcoin Manual

Leave a Reply

Related articles

You may also be interested in

Bitcoin Block Art

What Is Bitcoin Block Art?

It’s been a quiet few months when it comes to on-chain graffiti; it seems like a lifetime ago, Ordinals enjoyers claimed they broke Bitcoin, and

Cookie policy
We use our own and third party cookies to allow us to understand how the site is used and to support our marketing campaigns.