Key management
Hardware
Product releases
go back

Hardware-backed signing for MetaMask developers

The CubeSigner Snap

September 12, 2023
tags
Key management
Hardware
Product releases
Today, MetaMask launched the first iteration of MetaMask Snaps to the public. Snaps are third-party features that expand MetaMask functionality and that MetaMask users worldwide can install directly into their wallet. Cubist’s Snap is included in the initial release of the <a href="https://metamask.io/snaps/" target="_blank">Snap Directory</a>! The <a href="https://cubist.dev/cubesigner-snap" target="_blank">CubeSigner Snap</a>, which is available open-source on GitHub, lets Snap- or dapp-developers use CubeSigner, our secure key management system, to safely sign transactions on behalf of MetaMask users.<br> <br> We’d love to work with you to advance the security story for user-facing wallets!<br> <br> ## Why use the CubeSigner Snap?<br> <br> Today, building dapps or Snaps that run across different chains means taking on the liability of securely managing users’ keys. If developers mishandle keys, their end users lose money to attackers; if developers misplace keys, their end users lose money to the void. Cubist’s goal is to reduce these risks by moving cryptography _away_ from the UI and _into_ secure hardware—and, in the process, to abstract away the complexity of secure key management to a simple set of API endpoints.<br> <br> <blockquote>"We're thrilled to welcome CubeSigner as key builders within the MetaMask Snaps ecosystem. This partnership underscores our unwavering commitment to ensuring the utmost safety and security for web3 users in the decentralized realm. Cubist’s innovative approach to key management will not only enhance user safety but also provide a more seamless web3 experience for our users." <footer>-- <a href="https://twitter.com/MidwitMilhouse" target="_blank">Christian Montoya</a>, MetaMask Snaps Product Lead</footer> </blockquote> <br> ## How does the CubeSigner Snap work?<br> <br> When you use the CubeSigner Snap, your users sign transactions in a browser-based UI, but their keys stay server-side, and never leave Cubist-managed secure hardware (specifically, HSM-sealed Nitro Enclaves). Since keys are stored in secure hardware _and_ sign in secure hardware, they’re never exposed in memory to attackers, and there’s no risk of accidentally leaking keys.<br> <br> Here’s a demo showing hardware-based signing for MetaMask transactions, powered by the CubeSigner Snap:<br> <br> <video controls width="100%"> <source src="https://user-images.githubusercontent.com/374012/267151661-ce61dc1a-ec81-4a4a-9d4b-886588ac77a9.mp4" type="video/mp4" /> </video> <br> ## What chains does the CubeSigner Snap support?<br> <br> The CubeSigner Snap supports transaction signing for EVM-based chains like Ethereum, Avalanche and Polygon and non-EVM chains (for now, Bitcoin and Solana). CubeSigner supports other chains (e.g., Aptos and Sui) and features (e.g., APIs for managing users and keys), which will be available to Snap users in future releases.<br> <br> ## What’s on the CubeSigner Snap roadmap?<br> <br> The CubeSigner Snap only exposes a subset of the CubeSigner key management platform; we built the Snap to give you a glimpse of how CubeSigner can provide a robust security backend for users of browser-based wallets. In the future, we’ll roll out Snap features like multi-factor approvals, custom signing policies and authentication methods, and signing for more blockchains. If you’re interested in using these features today, you can use the CubeSigner TypeScript SDK. <a href="https://cubist.dev/contact-form-cubesigner-hardware-backed-key-management" target="_blank">Reach out for more information</a>.<br> <br> ## How do I get started?<br> <br> If you’d like to use the CubeSigner Snap to let your MetaMask users store their keys and sign transactions inside secure hardware, <a href="https://cubist.dev/contact-form-cubesigner-hardware-backed-key-management" target="_blank">please contact us here</a>. The Cubist team will help you set up a CubeSigner account and integrate the CubeSigner Snap and SDK into your Snap or dapp.<br> <br>

Read more

Cubist teams up with Babylon and Lombard to bring Bitcoin to Sui

Cubist teams up with Babylon and Lombard to bring Bitcoin to Sui

We look forward to Cap-3 in December, when BTC holders will be able to deposit their BTC to Lombard for staking on Babylon and receive LBTC natively minted on Sui.

November 25, 2024
A step towards smart contracts on Bitcoin

A step towards smart contracts on Bitcoin

Hardware-enshrined smart contracts, which we developed using our CubeSigner key management platform, allow Bitcoin protocols to encode complex operational logic and maintain decentralized governance much like a traditional smart contract on Ethereum.

November 18, 2024
Introducing the Bascule Drawbridge for Bitcoin bridge security

Introducing the Bascule Drawbridge for Bitcoin bridge security

Bascule is a new Bitcoin bridge security system built on top of the CubeSigner key management platform to prevent cross-chain hacks in real-time.

October 23, 2024