Can Snaps use the Serial Assertion to decrypt or sign things?

I’m working with a headless IoT device, and would like to allow secure communications between application snaps and our cloud services. I’d like to be able to do the following kinds of things:

Use something like a digital signature to allow the snap to prove that data it’s sending came from a device with a specific serial number.

Allow users to send encrypted data to a device and have confidence that the data is only readable by that device, and ideally not readable by our cloud services.

It appears the Serial Assertion assigns a specific public/private keypair to each device, which would solve these kinds of problems. So can I write a snap that uses this keypair to manipulate application data?

No, ATM there is no support to use the device key from snaps. It’s main use is to identify the device with the store. We might grow functionality to identify as device against third parties from snaps, but there is no current plans to open the use of the key itself.