Key management
Hardware
Product releases
go back

Hardware-backed signing for MetaMask developers

The CubeSigner Snap

September 12, 2023
written by
Aleksandar Milicevic
Founding Engineer
Andres Nötzli
Founding Engineer
Ann Stefan
Co-Founder & COO
Anthony Adams
Senior Software Engineer
Deian Stefan
Co-Founder & Chief Scientist
Fraser Brown
Co-Founder & CTO
tags
Key management
Hardware
Product releases
Today, MetaMask launched the first iteration of MetaMask Snaps to the public. Snaps are third-party features that expand MetaMask functionality and that MetaMask users worldwide can install directly into their wallet. Cubist’s Snap is included in the initial release of the <a href="https://metamask.io/snaps/" target="_blank">Snap Directory</a>! The <a href="https://cubist.dev/cubesigner-snap" target="_blank">CubeSigner Snap</a>, which is available open-source on GitHub, lets Snap- or dapp-developers use CubeSigner, our secure key management system, to safely sign transactions on behalf of MetaMask users.<br> <br> We’d love to work with you to advance the security story for user-facing wallets!<br> <br> ## Why use the CubeSigner Snap?<br> <br> Today, building dapps or Snaps that run across different chains means taking on the liability of securely managing users’ keys. If developers mishandle keys, their end users lose money to attackers; if developers misplace keys, their end users lose money to the void. Cubist’s goal is to reduce these risks by moving cryptography _away_ from the UI and _into_ secure hardware—and, in the process, to abstract away the complexity of secure key management to a simple set of API endpoints.<br> <br> <blockquote>"We're thrilled to welcome CubeSigner as key builders within the MetaMask Snaps ecosystem. This partnership underscores our unwavering commitment to ensuring the utmost safety and security for web3 users in the decentralized realm. Cubist’s innovative approach to key management will not only enhance user safety but also provide a more seamless web3 experience for our users." <footer>-- <a href="https://twitter.com/MidwitMilhouse" target="_blank">Christian Montoya</a>, MetaMask Snaps Product Lead</footer> </blockquote> <br> ## How does the CubeSigner Snap work?<br> <br> When you use the CubeSigner Snap, your users sign transactions in a browser-based UI, but their keys stay server-side, and never leave Cubist-managed secure hardware (specifically, HSM-sealed Nitro Enclaves). Since keys are stored in secure hardware _and_ sign in secure hardware, they’re never exposed in memory to attackers, and there’s no risk of accidentally leaking keys.<br> <br> Here’s a demo showing hardware-based signing for MetaMask transactions, powered by the CubeSigner Snap:<br> <br> <video controls width="100%"> <source src="https://user-images.githubusercontent.com/374012/267151661-ce61dc1a-ec81-4a4a-9d4b-886588ac77a9.mp4" type="video/mp4" /> </video> <br> ## What chains does the CubeSigner Snap support?<br> <br> The CubeSigner Snap supports transaction signing for EVM-based chains like Ethereum, Avalanche and Polygon and non-EVM chains (for now, Bitcoin and Solana). CubeSigner supports other chains (e.g., Aptos and Sui) and features (e.g., APIs for managing users and keys), which will be available to Snap users in future releases.<br> <br> ## What’s on the CubeSigner Snap roadmap?<br> <br> The CubeSigner Snap only exposes a subset of the CubeSigner key management platform; we built the Snap to give you a glimpse of how CubeSigner can provide a robust security backend for users of browser-based wallets. In the future, we’ll roll out Snap features like multi-factor approvals, custom signing policies and authentication methods, and signing for more blockchains. If you’re interested in using these features today, you can use the CubeSigner TypeScript SDK. <a href="https://cubist.dev/contact-form-cubesigner-hardware-backed-key-management" target="_blank">Reach out for more information</a>.<br> <br> ## How do I get started?<br> <br> If you’d like to use the CubeSigner Snap to let your MetaMask users store their keys and sign transactions inside secure hardware, <a href="https://cubist.dev/contact-form-cubesigner-hardware-backed-key-management" target="_blank">please contact us here</a>. The Cubist team will help you set up a CubeSigner account and integrate the CubeSigner Snap and SDK into your Snap or dapp.<br> <br>

Read more

Cubist + Really and the future of movie fan engagement

Cubist + Really and the future of movie fan engagement

Our newest partner, Really, is re-imagining moviegoing. Really wallets, powered by CubeSigner, allow movie fans to use NFTs access exclusive rewards, content, and events.

December 21, 2023
Cubist partners with Ava Labs to power Core seedless wallet

Cubist partners with Ava Labs to power Core seedless wallet

The new Core wallet offers seedless wallet creation and recovery using CubeSigner's primitives for social login and 2FA across many EVM and non-EVM chains.

December 15, 2023
Introducing the Secure Staking Alliance

Introducing the Secure Staking Alliance

Cubist is excited to announce the Secure Staking Alliance, a new cross-industry partnership with the mission of making staking—from traditional staging to liquid staking and restaking—more secure.

November 9, 2023