Here’s the use case:
- Sensitive text data is continuously generated in small text blobs at a slow rate
- I would like to encrypt the blobs of data such that only my Trezor can decrypt them (and optionally only show the dencrypted text on-device)
- Decryption would be interactive (require physical access to the Trezor device) but encryption should not require any interaction with the Trezor device. On-device decryption speed is not an issue since the target text blob will be tiny.
Symmetric encryption (such as with encrypt_keyvalue/decrypt_keyvalue) would not be suitable because it would require interactive use of the Trezor device for encryption. I noticed symmetric encryption support is written in SLIP-0011. Another SLIP, SLIP-0012, called “Public key encryption using deterministic hierarchy” was published the same day which might relate to what I’m looking for, but the document was not filled out.
So, I wonder if Trezor has support for public-key authenticated encryption (such as via hybrid encryption like ECIES) or if the components for it are already available within trezorlib.