There are definitely options beyond proprietary ones, including options with much different approaches than a traditional HSM storing the keys with / without encryption (ideally with a passphrase entered onto the device). I really like the approach pioneered for Bitcoin wallets.
-
-
If it dies, I can do recovery on a new one (or a compatible implementation) by entering my recovery seed into it directly and I'll have back all of my wallets and keys. I also really like that I could quite feasibly memorize a recovery seed since it's 12 / 18 / 24 common words.
-
Satoshi Labs (Trezor) got the recovery seed and deterministic wallet approach standardized, so there are a lot of compatible options available. The trezor-agent project providing SSH / GPG support also appears to support some other devices like Ledger models too.
-
If I wanted to transport keys across a border, I'm confident that I could memorize a 12 word recovery phrase, which is the 128-bit security level. Bitcoin and ed25519 have an 128-bit security level anyway. Using 24 words is useful to split physical backups into two pieces though.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.