Key management
Hardware
Product releases
go back

Hardware-backed signing for MetaMask developers

The CubeSigner Snap

September 12, 2023
tags
Key management
Hardware
Product releases
Today, MetaMask launched the first iteration of MetaMask Snaps to the public. Snaps are third-party features that expand MetaMask functionality and that MetaMask users worldwide can install directly into their wallet. Cubist’s Snap is included in the initial release of the <a href="https://metamask.io/snaps/" target="_blank">Snap Directory</a>! The <a href="https://cubist.dev/cubesigner-snap" target="_blank">CubeSigner Snap</a>, which is available open-source on GitHub, lets Snap- or dapp-developers use CubeSigner, our secure key management system, to safely sign transactions on behalf of MetaMask users.<br> <br> We’d love to work with you to advance the security story for user-facing wallets!<br> <br> ## Why use the CubeSigner Snap?<br> <br> Today, building dapps or Snaps that run across different chains means taking on the liability of securely managing users’ keys. If developers mishandle keys, their end users lose money to attackers; if developers misplace keys, their end users lose money to the void. Cubist’s goal is to reduce these risks by moving cryptography _away_ from the UI and _into_ secure hardware—and, in the process, to abstract away the complexity of secure key management to a simple set of API endpoints.<br> <br> <blockquote>"We're thrilled to welcome CubeSigner as key builders within the MetaMask Snaps ecosystem. This partnership underscores our unwavering commitment to ensuring the utmost safety and security for web3 users in the decentralized realm. Cubist’s innovative approach to key management will not only enhance user safety but also provide a more seamless web3 experience for our users." <footer>-- <a href="https://twitter.com/MidwitMilhouse" target="_blank">Christian Montoya</a>, MetaMask Snaps Product Lead</footer> </blockquote> <br> ## How does the CubeSigner Snap work?<br> <br> When you use the CubeSigner Snap, your users sign transactions in a browser-based UI, but their keys stay server-side, and never leave Cubist-managed secure hardware (specifically, HSM-sealed Nitro Enclaves). Since keys are stored in secure hardware _and_ sign in secure hardware, they’re never exposed in memory to attackers, and there’s no risk of accidentally leaking keys.<br> <br> Here’s a demo showing hardware-based signing for MetaMask transactions, powered by the CubeSigner Snap:<br> <br> <video controls width="100%"> <source src="https://user-images.githubusercontent.com/374012/267151661-ce61dc1a-ec81-4a4a-9d4b-886588ac77a9.mp4" type="video/mp4" /> </video> <br> ## What chains does the CubeSigner Snap support?<br> <br> The CubeSigner Snap supports transaction signing for EVM-based chains like Ethereum, Avalanche and Polygon and non-EVM chains (for now, Bitcoin and Solana). CubeSigner supports other chains (e.g., Aptos and Sui) and features (e.g., APIs for managing users and keys), which will be available to Snap users in future releases.<br> <br> ## What’s on the CubeSigner Snap roadmap?<br> <br> The CubeSigner Snap only exposes a subset of the CubeSigner key management platform; we built the Snap to give you a glimpse of how CubeSigner can provide a robust security backend for users of browser-based wallets. In the future, we’ll roll out Snap features like multi-factor approvals, custom signing policies and authentication methods, and signing for more blockchains. If you’re interested in using these features today, you can use the CubeSigner TypeScript SDK. <a href="https://cubist.dev/contact-form-cubesigner-hardware-backed-key-management" target="_blank">Reach out for more information</a>.<br> <br> ## How do I get started?<br> <br> If you’d like to use the CubeSigner Snap to let your MetaMask users store their keys and sign transactions inside secure hardware, <a href="https://cubist.dev/contact-form-cubesigner-hardware-backed-key-management" target="_blank">please contact us here</a>. The Cubist team will help you set up a CubeSigner account and integrate the CubeSigner Snap and SDK into your Snap or dapp.<br> <br>

Read more

Understanding and preventing the Bybit hack

Understanding and preventing the Bybit hack

This blog post digs into the hack itself, and then explains how a different approach to security would have made the attackers’ job much harder.

February 25, 2025
K3 brings wallet automations to CubeSigner users

K3 brings wallet automations to CubeSigner users

We are excited to announce that Cubist has partnered with K3 Labs to provide the secure wallet infrastructure underlying their new drag-and-drop Web3 automation platform.

February 5, 2025
Cubist teams up with Babylon and Lombard to bring Bitcoin to Sui

Cubist teams up with Babylon and Lombard to bring Bitcoin to Sui

Together with Lombard, we have been extending the CubeSigner hardware-backed key management platform to bring smart contract capabilities to Bitcoin and unlock Bitcoin liquid staking on Sui.

November 25, 2024