I haven't heard about a new hardware signing device in a while, but it looks like a new competitor has entered the chat: Sigil-Web. It describes itself as a "privacy-focused Bitcoin hardware wallet using NXP SE050 secure element."
It seems to me like it's in the same camp as some of the other DIY signers like Spector DIY, Krux, and Seed Signer.
https://m.stacker.news/130689
https://m.stacker.news/130690
https://m.stacker.news/130691
https://m.stacker.news/130692
Security ModelSecurity Model
- Private keys are generated and stored exclusively on the SE050
- Signing operations happen on the SE050 - keys never enter host RAM
- SCP03 encrypted/authenticated channel between host and SE050
- Optional Tor for network privacy (all API calls, Electrum connections)
- TOFU certificate pinning on Electrum SSL connections (MITM protection)
- Signing PIN adds a second factor before any signing operation
I think they do an okay job on thinking through the trade-offs in their https://github.com/0xdeadbeefnetwork/sigil-web/blob/main/docs/THREAT_MODEL.md
HardwareHardware
SIGIL uses the NXP SE050/SE051 secure element. For development:
- OM-SE050ARD - Arduino-compatible SE050 dev board
- FRDM-K64F - NXP Freedom board (provides VCOM USB interface)
- The FRDM-K64F runs NXP's VCOM firmware, exposing the SE050 as a USB serial device. This lets any host (Raspberry Pi, laptop, etc.) communicate with the SE050 over USB.
InterfaceInterface
Seems like you can use any linux device with a USB to interact with the hardware signer. One thing that stands out in their readme is the emphasis on privacy. I'm not sure how useful their "mixing" feature is:
The built-in tumbler provides basic privacy through transaction graph obfuscation using temporary SE050 key slots.How it works:How it works:
- Temporary keypairs generated in SE050 slots (up to 5 hop wallets)
- User deposits to first hop address
- Automated chain of transactions through hop wallets with configurable delays
- Final hop sends to user's main wallet
- Temporary key slots are wiped after completion
Limitations:Limitations:
- 3-5 hops may not be sufficient against sophisticated chain analysis
- Timing correlation possible if delays are too short or predictable
- Amount correlation if tumbling exact/round amounts
- All hops use the same SE050 (single device fingerprint in timing)
Not designed for:Not designed for:
- Evading law enforcement with subpoena power over exchanges
- Mixing large amounts (>0.1 BTC recommended max per job)
- Adversaries with full mempool visibility and timing analysis
So it basically adds up to 5 hops in between incoming transactions and where they eventually come to rest. This might be useful for not getting flagged while coming in to a kyc'd exchange, but otherwise, I don't see the point.
Here's their full list of features:
FeaturesFeatures
Core WalletCore Wallet
- Hardware Security - Private keys never leave the SE050 secure element
- Tor Integration - All network requests routed through Tor (SOCKS5 proxy)
- Electrum Backend - Decentralized Electrum servers with TOFU certificate pinning
- Air-gapped Signing - Transaction signing happens entirely on the secure element
- BIP84 Native SegWit - Modern bc1q addresses with lower fees
- Multi-Slot - 16 independent key slots on a single SE050
Privacy ToolsPrivacy Tools
- Tumbler - Break transaction graph with automated coin mixing (deposit > hops > main wallet)
- Privacy Analyzer - Analyze address clustering and transaction graph patterns
- Pubkeys Monitor - Live SSE stream of public keys exposed in mempool transactions
- Warrant Canary - Cryptographically signed canary using SE050 ECDSA
SecuritySecurity
- SCP03 Key Rotation - Web UI to rotate factory default platform keys (prevents MITM on SE050 bus)
- Signing PIN (2FA) - Optional PIN required before any signing operation
- CSRF Protection - Token validation on all state-changing requests
- Rate Limiting - Brute-force protection on login and sensitive endpoints
- Honeypots - Fake admin panels, debug endpoints, and export routes that log attacker IPs
- Hardened Systemd - ProtectSystem=strict, NoNewPrivileges, PrivateTmp
InterfacesInterfaces
- Web Interface - Hacker-themed UI accessible via Tor hidden service
- CLI Wallet - Full command-line wallet (sigil-wallet)
- Remote Server - SE050 signing oracle API over Tor
- Remote Client - CLI client for remote wallet access
I love seeing new projects and this is something I'm definitely going to watch.
You spout on about Bitcoin all day but you cannot be bothered to attach LN wallet to your Stacker news account?
Lots of TALK- How about WALKING the Talk and attaching LN wallet here on Stacker News?
What is Stacker News?
It is a social media platform intentionally created to enable a P2P V4V BTC denominated community.
Originally Stacker News (SN) custodyed sats on behalf of participants but the threat of government regulatory prosecution on the pretext of money transmitter forced a move away from the custody of sats by the platform to the platform enabling participants to send sats via their wallets.
To achieve this participants need to attach wallets to both send and receive sats.
Where participants do not or cannot attach LN wallets transactions will often default to Cowboy Credits.
This change was a compromise forced by the threat of government prosecution.
The difficulty of attaching both sending and receiving wallets is moderate- it takes some effort and newbie or non tech people may struggle with it, but most competent Bitcoiners can succeed in attaching wallets and thus enabling sats denominated P2P transactions.
But a number of Stackers have chosen not to attach wallets- in particular sending wallets which enable you to send sats into the SN community.
Very few who have attached just a sending wallet- many have attach just a receiving wallet.
Those who only attach a receiving wallet can receive sats from others but cannot send sats into the community. They may feel that as content providers they have no need or obligation to send sats into and within the SN community. I disagree.
Where these receive but not send (horse but no gun) Stackers proclaim to be Bitcoiners but refuse to enable a sending wallet they are demonstrably hypocrits. They claim they want to build and grow the BTC LN MoE network but they cannot be bothered contributing toward that growth by attaching a sending wallet and demonstrating they are not just talking, but are also walking and supporting a sats denominated platform.
If we do not use the LN wherever and whenever we can it will not grow and develop.
Some claim it is too hard to attach wallets- its too hard on their self custody nodes or wallets- this just highlights how muich work the LN needs before it is capable of anything approaching reliable MoE capability.
The best way to grow and strengthen the LN is it use it – despite its remaining flaws and glitches.
When wallets are supported by people using them they receives transaction fees and can develop liquidity and systems further.
When LN wallets are not used the LN decays- it does not have the usage and fees income to grow.
So when self proclaimed advocates for BTC and LN refuse to attach wallets (especially sending wallets) I see hypocrit.
I will continue to see hypocrit until and unless someone can explain why I should not.
Calling me a Nazi, trolling and making fun of me crudely seeking to avoid the issues I raise will not stop me from asking why are you claiming to be a Bitcoiner but refusing to attach wallets and use the LN here where we can help it grow.
Now some are deliberately concealing their wallet status, as if this is about a right to privacy.
Concealing your wallet status means nobody else can verify whether or not you are serious about using BTC LN, or whether you are just an all talk no walk hypocrit.
Do not trust- verify.
What about this fundamental principle do they not understand?
And then they talk about 'content' being more important than whether or not you have attached wallets - in this context the intentional lack of attached wallets undermines your credibility as your actions do not match your words.
Your submitted content may be great, but you as someone claiming to be a serious Bitcoiner are undermining your credibility and the credibility of your content by being a hypocrit.
Your content, is tainted by your verifiable hypocrisy.
SNs needs both good content providers and those who pay for that content if it is succeed.
I am more in the latter group than the former but both are required overall or the model does not work.
So as a net contributor of sats and thus a net consumer of content I object where content providers refuse to engage in the P2P V4V ethos by refusing to attach both sending and receiving wallets and I will both withhold my contribution of sats and sometimes downvote in response.
V4V needs to work reciprocally or it will not work at all.
The content providers need net sats contributors/content consumers who send sats into the platform, or the entire platform fails.