I was talking to some people thinking deeply about this the other day. Today, I guess you can store private keys in the secure enclave but you can't use them without taking them out and putting them in memory which kind of defeats the purpose. If they could add that that would be significant.
However there are still issues with running lightning nodes on mobile phones. The node is effectively offline if the app isn't open. If they'd allow the key to sign data from the enclave and allow apps to be always-on in the background, we'd all be able to securely run lightning nodes from our phones.
would it would be possible to run a lighting node on a mobile device and then have a watch tower that can look over it? Maybe Apple can provide a watch tower for its users devices?
Today, I guess you can store private keys in the secure enclave but you can't use them without taking them out and putting them in memory
Are you sure? According to the Bloomberg article the key is not accessible by the Operating System. But they don't support EC-DSA yet (I guess that means only RSA and Schnorr?).
Anyways, Apple is always happy to sell new features that are exclusive to new hardware. And they are desperate for new features - just look how much time they wasted on "better camera" in the presentation last year.
reply
I think it’s possible to run code in the secure enclave so the keys would never leave it, just sign things and return them signed. It’s likely how FaceID etc works.
reply
They were saying there isn't a public API for it (if I'm remembering correctly).
reply
Oh hmmm, they might've been been wrong or I might've misunderstood them.
reply