Transaction Signing

Transaction signing in Secubit is performed entirely within the secure boundary of the Hardware Security Module (HSM). Private keys never leave the HSM in plaintext, and all signing operations are coupled with strict access policies and authentication checks.

When a transaction request reaches the HSM, the module first verifies that the request has been authenticated by the end-user through a PassKey or Secure Element signature. Only after this verification does the HSM derive or access the corresponding key material needed for the signing process.

Key derivation and cryptographic signing happen strictly inside the HSM, leveraging hardware acceleration and tamper-resistant protections. The resulting digital signature is returned to the application layer, while the private key remains confined to secure storage.

This approach ensures that transactions cannot be signed without explicit user approval and that no attacker—whether external or insider—can extract or misuse signing keys. By binding every signature to in-HSM execution, Secubit establishes a trustworthy root of security for all wallet operations.