Key management
Hardware
Product releases
go back

Hardware-backed signing for MetaMask developers

The CubeSigner Snap

September 12, 2023
tags
Key management
Hardware
Product releases
Today, MetaMask launched the first iteration of MetaMask Snaps to the public. Snaps are third-party features that expand MetaMask functionality and that MetaMask users worldwide can install directly into their wallet. Cubist’s Snap is included in the initial release of the <a href="https://metamask.io/snaps/" target="_blank">Snap Directory</a>! The <a href="https://cubist.dev/cubesigner-snap" target="_blank">CubeSigner Snap</a>, which is available open-source on GitHub, lets Snap- or dapp-developers use CubeSigner, our secure key management system, to safely sign transactions on behalf of MetaMask users.<br> <br> We’d love to work with you to advance the security story for user-facing wallets!<br> <br> ## Why use the CubeSigner Snap?<br> <br> Today, building dapps or Snaps that run across different chains means taking on the liability of securely managing users’ keys. If developers mishandle keys, their end users lose money to attackers; if developers misplace keys, their end users lose money to the void. Cubist’s goal is to reduce these risks by moving cryptography _away_ from the UI and _into_ secure hardware—and, in the process, to abstract away the complexity of secure key management to a simple set of API endpoints.<br> <br> <blockquote>"We're thrilled to welcome CubeSigner as key builders within the MetaMask Snaps ecosystem. This partnership underscores our unwavering commitment to ensuring the utmost safety and security for web3 users in the decentralized realm. Cubist’s innovative approach to key management will not only enhance user safety but also provide a more seamless web3 experience for our users." <footer>-- <a href="https://twitter.com/MidwitMilhouse" target="_blank">Christian Montoya</a>, MetaMask Snaps Product Lead</footer> </blockquote> <br> ## How does the CubeSigner Snap work?<br> <br> When you use the CubeSigner Snap, your users sign transactions in a browser-based UI, but their keys stay server-side, and never leave Cubist-managed secure hardware (specifically, HSM-sealed Nitro Enclaves). Since keys are stored in secure hardware _and_ sign in secure hardware, they’re never exposed in memory to attackers, and there’s no risk of accidentally leaking keys.<br> <br> Here’s a demo showing hardware-based signing for MetaMask transactions, powered by the CubeSigner Snap:<br> <br> <video controls width="100%"> <source src="https://user-images.githubusercontent.com/374012/267151661-ce61dc1a-ec81-4a4a-9d4b-886588ac77a9.mp4" type="video/mp4" /> </video> <br> ## What chains does the CubeSigner Snap support?<br> <br> The CubeSigner Snap supports transaction signing for EVM-based chains like Ethereum, Avalanche and Polygon and non-EVM chains (for now, Bitcoin and Solana). CubeSigner supports other chains (e.g., Aptos and Sui) and features (e.g., APIs for managing users and keys), which will be available to Snap users in future releases.<br> <br> ## What’s on the CubeSigner Snap roadmap?<br> <br> The CubeSigner Snap only exposes a subset of the CubeSigner key management platform; we built the Snap to give you a glimpse of how CubeSigner can provide a robust security backend for users of browser-based wallets. In the future, we’ll roll out Snap features like multi-factor approvals, custom signing policies and authentication methods, and signing for more blockchains. If you’re interested in using these features today, you can use the CubeSigner TypeScript SDK. <a href="https://cubist.dev/contact-form-cubesigner-hardware-backed-key-management" target="_blank">Reach out for more information</a>.<br> <br> ## How do I get started?<br> <br> If you’d like to use the CubeSigner Snap to let your MetaMask users store their keys and sign transactions inside secure hardware, <a href="https://cubist.dev/contact-form-cubesigner-hardware-backed-key-management" target="_blank">please contact us here</a>. The Cubist team will help you set up a CubeSigner account and integrate the CubeSigner Snap and SDK into your Snap or dapp.<br> <br>

Read more

Why we're joining the Shared Security Alliance

Why we're joining the Shared Security Alliance

We look forward to bringing our expertise in anti-slashing to the Shared Security Alliance and collaborating with our fellow members to promote safe practices in the restaking community.

June 18, 2024
What's embedded in your embedded wallet?

What's embedded in your embedded wallet?

Here are the four questions to ask before choosing your embedded wallet provider. If you want to keep your users’ keys safe—and keep yourself safe from key custody risk—read on.

May 6, 2024
Cubist joins the Allora Network as a node operator

Cubist joins the Allora Network as a node operator

As a node operator, Cubist is supporting Allora’s mission by operating a validator to secure the Allora chain and a Reputer to rate the performance of the ML models delivered by Allora Workers.

April 15, 2024