@[email protected] @[email protected] i think that should actually be possible. since the keys are only needed when the user actively does something, the server may ask the client "hey, for this post to federate, sign these N messages" while it would likely be quite unusable if the signing key is in some hardware store (i think, i haven't really worked with those), this scheme should in theory work if the user trusts the client to not sign malicious stuff