emino on Nostr: Hi, I „solved“ it with fido2 not doing signing but gatekeeping the signing ...

Hi, I „solved“ it with fido2 not doing signing but gatekeeping the signing process and placed share A into the Secure Enclave of the phone and share B on the Secure Enclave of the server, this way we have no share or signing ever exposed anywhere, not even in RAM, does this sound right to you?