The problem that you wish to solve

Wallet private key should be impossible to steal even if attacker manages to hack the cardano-wallet.

The best way to assure that would be to hold private key in Hardware Security Module, like the ones provided by Thales, Yubi.

Note that these are specifically designed for use on the server, and indeed available on Azure and IBM clouds.

(I omit AWS solution, since it does not seem to support EdDSA Ed25519 yet. Google allows co-location of custom HSMs only, standard HSM does not support Ed25519. However, next NIST signing standard is expected to include EdDSA and Ed25519, so I expect it will become supported in few years.)
Future version of TPM may also support this feature.

Description

To support signing by Hardware Security Module, we need the abstract private key API that allows to offload signing and encryption to the HSM device.

Implementation suggestions

Abstract API that allows us to:

• generate key within HSM or import it to HSM without leaving it in memory, nor on disk,
• signing with a HSM key id, by passing payload string, and receiving signed payload.

Later this API can be implemented to support all HSM and KMS solutions that support Ed25519 yet, or will support future FIPS signing standard. Possibly will include TPM 3.0, AWS/Google/Azure KMS solutions, and USB keys with signing capability.

@maerwald @migamake

@jonathanknowles This feature would increase security of the wallet private key, by making it very hard to steal it. (For stealing, one would have to also breach HSM.)
The attacker who hypothetically breaks the wallet could sign a transaction, but it would have to be real time attack.

Could this feature be supported in the next version?