FR: hardware wallet support for storing the master key

[EDmitry]

Is your suggestion related to a problem? Please describe. With MSC1756 the master key becomes incredibly valuable. It would be nice to store it entirely separate from the computer where Riot is running.

Describe the solution you'd like A few of existing hardware bitcoin wallets (most notably Trezor, since it's open hardware/software) support deriving Ed25519 keys from the mnemonic seed for GPG signing/encryption. It would be great if these hardware devices could be used to sign self-signing/user-signing keys. Or perhaps all three keys could be generated (derived) by the device.

Describe alternatives you've considered Storing the key on Yubikey/Flashdrive. If flash drive is used, the key will have to be copied on the computer for signing operations to be performed. Yubikey can sign/encrypt on the device itself, but if Yubikey is lost, the key is lost as well. Trezor and other mnemonic-based wallets provide an ability to recover keys if the original mnemonic was backed up.

Additional context https://github.com/romanz/trezor-agent — reference project. Handles communication with hardware wallets and interaction with keys, stored on the device, exposes GPG functionality.

https://www.google.com/amp/s/amp.reddit.com/r/TREZOR/comments/7du53z/pythontrezor_ed25519_signing/ — a bit of random information to give a basic understanding of how the signing API works.

[peterclemenko]

I'd like to see this as well