for performance we require that the db has access to your key for giftwrap purposes. Thats how we unwrap thousands of encrypted noted instantly. bunker can’t really do that.
I still don’t understand why key delegation isn’t a thing. Sign and publish an event with a parent key that everyone knows about that attests a child key is authorized to sign events on its behalf, and then use it in a client. If that client does something the user doesn’t want, sign and publish a revocation from the parent key. Clients need to do extra work of subscribing to these kinds though. Seems like it would absolve the need to have a separate signer app.
1