logos-execution-zone/keycard_wallet/python/keycard_wallet.py

from smartcard.System import readers  
from keycard.exceptions import APDUError, TransportError
from ecdsa import VerifyingKey, SECP256k1  

from keycard.keycard import KeyCard

from mnemonic import Mnemonic  
from keycard import constants  
  
import keycard

DEFAULT_PAIRING_PASSWORD = "KeycardDefaultPairing"

class KeycardWallet:
    def __init__(self):
        self.card = KeyCard()

    def _is_smart_card_reader_detected(self) -> bool:  
        try:  
            return len(readers()) > 0  
        except Exception:
            return False
    
    def _is_keycard_detected(self) -> bool:
        try:
            KeyCard().select()
            return True
        except (TransportError, APDUError, Exception):  
            # No readers, no card, or card doesn't respond.  
            return False
  
    def is_unpaired_keycard_available(self) -> bool:
        if not self._is_smart_card_reader_detected():
            return False
        elif not self._is_keycard_detected():
            return False
        return True

    def setup_communication(self, pin: str, password = DEFAULT_PAIRING_PASSWORD) -> bool:
        self.card.select()

        if not self.card.is_initialized:
            raise RuntimeError(f"Error setting up communication: uninitialized keycard")

        pairing_index, pairing_key = self.card.pair(password)
        self.pairing_index = pairing_index

        try:
            self.card.open_secure_channel(pairing_index, pairing_key)
            self.card.verify_pin(pin)
        except Exception as e:
            try:
                self.card.unpair(pairing_index)
            except Exception:
                pass
            raise RuntimeError(f"Error setting up communication: {e}") from e

        return True

    def load_mnemonic(self, mnemonic: str) -> bool:
        try:
            # Convert mnemonic to seed  
            mnemo = Mnemonic("english")  
            seed = mnemo.to_seed(mnemonic)  

            # Load the LEE seed onto the card  
            result = self.card.load_key(  
                key_type = constants.LoadKeyType.LEE_SEED,  
                lee_seed = seed  
            )
            return True
        except Exception as e:
            raise RuntimeError(f"Error loading mnemonic: {e}") from e

    def disconnect(self) -> bool:
        try:
            if not self.card.is_secure_channel_open:
                return False
            
            self.card.unpair(self.pairing_index)

            return True
        except Exception as e:
            raise RuntimeError(f"Error during disconnect: {e}") from e
        
    def get_public_key_for_path(self, path: str = "m/44'/60'/0'/0/0") -> bytes | None:
        try:
            if not self.card.is_secure_channel_open or not self.card.is_pin_verified:
                return None

            public_key = self.card.export_key(  
                derivation_option = constants.DerivationOption.DERIVE,  
                public_only = True,  
                keypath = path  
            )   

            public_key = public_key.public_key
            public_key = VerifyingKey.from_string(public_key[1:], curve=SECP256k1)  
            public_key = public_key.to_string("compressed")[1:]

            return public_key
        
        except Exception as e:
            raise RuntimeError(f"Error getting public key: {e}") from e


    def sign_message_for_path(self, message: bytes, path: str = "m/44'/60'/0'/0/0") -> bytes | None:
        try:
            if not self.card.is_secure_channel_open or not self.card.is_pin_verified:
                return None

            signature = self.card.sign_with_path(
                digest = message,
                path = path,
                algorithm = constants.SigningAlgorithm.SCHNORR_BIP340,
                make_current = False
            )

            return signature.signature

        except Exception as e:
            raise RuntimeError(f"Error signing message: {e}") from e
python comments 2026-05-14 12:57:36 -04:00			`from smartcard.System import readers`
			`from keycard.exceptions import APDUError, TransportError`
			`from ecdsa import VerifyingKey, SECP256k1`

			`from keycard.keycard import KeyCard`

			`from mnemonic import Mnemonic`
			`from keycard import constants`

			`import keycard`

			`DEFAULT_PAIRING_PASSWORD = "KeycardDefaultPairing"`

			`class KeycardWallet:`
			`def __init__(self):`
			`self.card = KeyCard()`

			`def _is_smart_card_reader_detected(self) -> bool:`
			`try:`
			`return len(readers()) > 0`
			`except Exception:`
			`return False`

			`def _is_keycard_detected(self) -> bool:`
			`try:`
			`KeyCard().select()`
			`return True`
			`except (TransportError, APDUError, Exception):`
			`# No readers, no card, or card doesn't respond.`
			`return False`

			`def is_unpaired_keycard_available(self) -> bool:`
			`if not self._is_smart_card_reader_detected():`
			`return False`
			`elif not self._is_keycard_detected():`
			`return False`
			`return True`

			`def setup_communication(self, pin: str, password = DEFAULT_PAIRING_PASSWORD) -> bool:`
			`self.card.select()`

			`if not self.card.is_initialized:`
			`raise RuntimeError(f"Error setting up communication: uninitialized keycard")`

			`pairing_index, pairing_key = self.card.pair(password)`
			`self.pairing_index = pairing_index`

			`try:`
			`self.card.open_secure_channel(pairing_index, pairing_key)`
			`self.card.verify_pin(pin)`
			`except Exception as e:`
			`try:`
			`self.card.unpair(pairing_index)`
			`except Exception:`
			`pass`
			`raise RuntimeError(f"Error setting up communication: {e}") from e`

			`return True`

			`def load_mnemonic(self, mnemonic: str) -> bool:`
			`try:`
			`# Convert mnemonic to seed`
			`mnemo = Mnemonic("english")`
			`seed = mnemo.to_seed(mnemonic)`

			`# Load the LEE seed onto the card`
			`result = self.card.load_key(`
			`key_type = constants.LoadKeyType.LEE_SEED,`
			`lee_seed = seed`
			`)`
			`return True`
			`except Exception as e:`
			`raise RuntimeError(f"Error loading mnemonic: {e}") from e`

			`def disconnect(self) -> bool:`
			`try:`
			`if not self.card.is_secure_channel_open:`
			`return False`

			`self.card.unpair(self.pairing_index)`

			`return True`
			`except Exception as e:`
			`raise RuntimeError(f"Error during disconnect: {e}") from e`

			`def get_public_key_for_path(self, path: str = "m/44'/60'/0'/0/0") -> bytes \| None:`
			`try:`
			`if not self.card.is_secure_channel_open or not self.card.is_pin_verified:`
			`return None`

			`public_key = self.card.export_key(`
			`derivation_option = constants.DerivationOption.DERIVE,`
			`public_only = True,`
			`keypath = path`
			`)`

			`public_key = public_key.public_key`
			`public_key = VerifyingKey.from_string(public_key[1:], curve=SECP256k1)`
			`public_key = public_key.to_string("compressed")[1:]`

			`return public_key`

			`except Exception as e:`
			`raise RuntimeError(f"Error getting public key: {e}") from e`


			`def sign_message_for_path(self, message: bytes, path: str = "m/44'/60'/0'/0/0") -> bytes \| None:`
			`try:`
			`if not self.card.is_secure_channel_open or not self.card.is_pin_verified:`
			`return None`

			`signature = self.card.sign_with_path(`
			`digest = message,`
			`path = path,`
			`algorithm = constants.SigningAlgorithm.SCHNORR_BIP340,`
			`make_current = False`
			`)`

			`return signature.signature`

			`except Exception as e:`
			`raise RuntimeError(f"Error signing message: {e}") from e`