mineracks/multisig-hsm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

README: add a plain-language 'what is an HSM' explainer

Browse Source 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
mineracks 2026-06-26 14:32:44 +10:00
parent 2b14ab6d57
commit cebe7c178d
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -3,6 +3,12 @@
**An automated treasury tier that signs its own cold→hot refills under on-device policy — with no human **An automated treasury tier that signs its own cold→hot refills under on-device policy — with no human
in the loop, and no single machine able to move a satoshi.** in the loop, and no single machine able to move a satoshi.**
> **New to the term "HSM"?** A *Hardware Security Module* is a dedicated, tamper-resistant device that holds a
> private key and signs with it **on the device** — the key is generated inside the chip and can never be
> extracted, even by the computer it's attached to. Banks and certificate authorities have relied on HSMs for
> decades to keep signing keys out of reach of a compromised server. Here, each of the three signers is a
> **Coldcard running in HSM mode**, and a spend needs two of them to independently approve it under policy.
Three hardware signers (Coldcards in HSM mode), each on a separate host — ideally a separate site. A Three hardware signers (Coldcards in HSM mode), each on a separate host — ideally a separate site. A
**keyless** coordinator builds the refill transaction and fans it to any two of the three. Each device checks **keyless** coordinator builds the refill transaction and fans it to any two of the three. Each device checks
the transaction against **its own on-device spending policy** (per-transaction cap, velocity limit, address the transaction against **its own on-device spending policy** (per-transaction cap, velocity limit, address