nSealr

Overview

nSealr is a non-profit, open-source program for Nostr signing devices. It is not a closed hardware wallet product. The shared shape is one companion plus five signer solutions, with shared specs and build documentation in nSealr/specs, nSealr/hardware, and per-solution firmware repositories.

Why hardware signing for Nostr?

A Nostr account is just a keypair. Whoever holds the secret key can speak as you, forever, with no recovery path. Where the key lives is the only honest answer to “is this account safe?”. A hardware signer moves the answer from “everywhere a program can read it” to “inside a device, behind an explicit user gesture”.

See the Why a hardware signer blog post for the long-form argument.

What this site covers

  • Getting Started — what you’re reading: what nSealr is, the signing flow, a glossary.
  • System — product shape, companion surfaces, transports.
  • Guides — hands-on build, flash, and verify walkthroughs.
  • Signers — per-solution status pages with the capability matrix.
  • Specs & Reference — protocol contracts: request format, QR envelope, transports.
  • Security — trust boundaries, threat model, safety contracts.

Pre-production

No part of this program currently makes a production security claim. Real sign_event is signing_disabled on every prototype firmware until camera, display, button, provisioning, and secure-boot gates pass independently.

See the trust boundaries page for the contracts the site enforces today, and the glossary for the meaning of approval_digest, signing_disabled, and friends.

Last updated 2026-05-16