(open-source, Touch ID-gated, ledger-level security, 100 % free)
TL;DR: We ripped Specter open, jammed the private key inside your Mac’s Secure Enclave, and bolted Touch ID in front of the signing button. No dongles, no USB firmware roulette, no “where’s my Ledger PIN?” panic. Just run the app (or build it from source), pair it with your node, and your laptop becomes the safest cosigner you already own.
🥷 What makes it different?🥷 What makes it different?
- Mac’s Secure Enclave key never leaves the chip; Touch ID ≈ hardware-wallet button
- Ships 2-of-3 by default: Enclave key + hardware wallet + remote descriptor
- Entire signing path in Swift + CryptoKit, 1 700 LOC.
- No USB required; PSBTs move via NFC (if you have iPhone) or animated QR.
💡 How it works💡 How it works
specter-enclave init: generates a BIP-32 root inside Secure Enclave (non-extractable).specter-enclave export-xpub: dumps xpub to pair with Bitcoin Core → watch-only wallet.- When you build a PSBT, Specter prompts Touch ID → Enclave signs → PSBT broadcast.
- Optional: add a Coldcard/Tapsigner as second key; Enclave enforces 2-of-3.
🏆 250 k sat lightning bounties🏆 250 k sat lightning bounties
- Improvement / Bugfix PR = 10 000 sats.
- Full code-review write-up = 50 000 sats.
- Critical bug = up to 250 000 sats.
🔮 Coming next🔮 Coming next
- Secure Enclave + YubiKey 2-of-2 mod (no hot storage at all).
- iPhone watch-only companion – scan QR, push PSBT to laptop for Touch ID sign.
- Kernel Panic Kill-Switch – steal-my-laptop and the Enclave key nukes itself.
👉 Grab it, audit it, roast it.👉 Grab it, audit it, roast it.
Because the best hardware wallet is the one you already paid Apple to solder into the motherboard. 🍏⚡️
GitHub (source & dmg): https://github.com/CryptOpenDevelopment/specter-desktop
(MIT licence, forked from Specter Desktop 2025-05-16)
The fork only has two commits which update the README (one of which is to download software): https://github.com/cryptoadvance/specter-desktop/compare/master...CryptOpenDevelopment:specter-desktop:master
Where are the other changes?
Are they in the binary you're linking to? Can those changes be verified?
The Touch ID / Secure Enclave magic isn’t in that two-commit demo branch at all. All the code lives in a separate module (specter-enclave) that we keep in its own repo and pull in at build time. The README edits just point macOS users at the notarised DMG. Nothing is “only in the binary” , you can reproducibly rebuild the exact same DMG from source in about 15 minutes.
Is the source for specter-enclave open? (I search the repo but GH says it's being indexed.)
Yep, 100 % open-source 👍 Repo just went live so GH’s code search is still indexing it.
What's like this, but on anything other than a Mac - like Windows, phone, etc?
Basically, what are the "alternative' hardware wallets?
The Nunchuk app is one, I think.
Nunchuk for mobile multisig, Sparrow/ Specter + hardware signer for any desktop OS.
This code is identical to https://github.com/cryptoadvance/specter-desktop/tree/master/src/cryptoadvance/specter with the exception of your readme, license and requirements.txt...
This has been posted multiple times, so looks like a pretty obvious phishing scam... (And should be treated as such until some known community members can create a reproducible build that matches the distributed binaries)
🔥 Updated installation & setup manual, let me know if you have any issues