status-keycard/README.md

# What is Keycard?

Keycard is a an implementation of a BIP-32 HD wallet running on Javacard 3.0.4+ (see implementation notes)

It supports among others
- key generation, derivation and signing
- exporting keys defined in the context of EIP-1581 https://eips.ethereum.org/EIPS/eip-1581
- card duplication
- setting up a NFC NDEF tag

Communication with the Keycard happens through a simple APDU interface, together with a Secure Channel guaranteeing confidentiality, authentication and integrity of all commands. It supports both NFC and ISO7816 physical interfaces, meaning that it is compatible with any Android phone equipped with NFC, and all USB Smartcard readers.

The most obvious case for integration of Keycard is crypto wallets (ETH, BTC, etc), however it can be used in other systems where a BIP-32 key tree is used and/or you perform authentication/identification.

# Where to start?

A good place to start is our documentation site https://keycard.status.im/api/

You can also join the dicussion about this project on Status channel: https://get.status.im/chat/public/status-keycard

# How to contribute? 

Anyone is welcome to contribute to Keycard! 

Most of our communication about the project is going on here: https://get.status.im/chat/public/status-keycard

Should you wish to work on an issue, please claim it first by commenting on the GitHub issue that you want to work on it. This is to prevent duplicated efforts from contributors on the same issue.

# How to build the project?

The project is built using Gradle with the [Fidesmo Javacard Gradle plugin](https://github.com/fidesmo/gradle-javacard).
You can set the JavaCard HOME not only through the environment but also creating a gradle.properties file with the 
property "com.fidesmo.gradle.javacard.home" set to the correct path.

Testing is done with JUnit and performed either on a real card or on [jCardSim](https://github.com/status-im/jcardsim). 
Although the tests are comprehensive, debugging on the real card is not easy because raw APDUs are not shown in the test 
log and there is no way to set breakpoints in the applet. 

In order to test with the simulator with an IDE, you need to pass these additional parameters to the JVM

```-noverify -Dim.status.keycard.test.target=simulator```

## Compilation
1. Download and install the JavaCard 3.0.4 SDK from [Oracle](http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archive-downloads-javame-419430.html#java_card_kit-classic-3_0_4-rr-bin-do)
2. Clone the Github repo for our fork of [jCardSim](https://github.com/status-im/jcardsim)
3. Create a gradle.properties (see below for an example)
4. Run `./gradlew convertJavacard`

## Installation
1. Follow all steps from the Compilation phase (except the last one)
2. Disconnect all card reader terminals from the system, except the one with the card where you want to install the applet
3. Run `./gradlew install`

## Testing
1. Follow all steps from the Installation phase (except the last one)
2. Make sure your JRE has the [JCE Unlimited Strength Jurisdiction Policy Files](http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html)
   installed. For more information check [here](https://stackoverflow.com/questions/41580489/how-to-install-unlimited-strength-jurisdiction-policy-files).
3. Run `./gradlew test`

# What kind of smartcards can I use? 

* The applet requires JavaCard 3.0.4 (with the addition of KeyAgreement.ALG_EC_SVDP_DH_PLAIN_XY
) or later.
* The class byte of the APDU is not checked since there are no conflicting INS code.

The algorithms the card must support are at least:
* Cipher.ALG_AES_BLOCK_128_CBC_NOPAD
* Cipher.ALG_AES_CBC_ISO9797_M2
* KeyAgreement.ALG_EC_SVDP_DH_PLAIN
* KeyAgreement.ALG_EC_SVDP_DH_PLAIN_XY
* KeyPair.ALG_EC_FP (generation of 256-bit keys)
* MessageDigest.ALG_SHA_256
* MessageDigest.ALG_SHA_512
* RandomData.ALG_SECURE_RANDOM
* Signature.ALG_AES_MAC_128_NOPAD
* Signature.ALG_ECDSA_SHA_256

Best performance is achieved if the card supports:
* Signature.ALG_HMAC_SHA_512

# Other related repositories

Android installer https://github.com/status-im/keycard-installer-android/

Java SDK for Android and Desktop https://github.com/status-im/status-keycard-java
Update README.md added intro, link to our documentation site, links to some related repos 2019-02-01 10:16:43 +00:00			`# What is Keycard?`

			`Keycard is a an implementation of a BIP-32 HD wallet running on Javacard 3.0.4+ (see implementation notes)`

			`It supports among others`
			`- key generation, derivation and signing`
			`- exporting keys defined in the context of EIP-1581 https://eips.ethereum.org/EIPS/eip-1581`
			`- card duplication`
			`- setting up a NFC NDEF tag`

			`Communication with the Keycard happens through a simple APDU interface, together with a Secure Channel guaranteeing confidentiality, authentication and integrity of all commands. It supports both NFC and ISO7816 physical interfaces, meaning that it is compatible with any Android phone equipped with NFC, and all USB Smartcard readers.`

			`The most obvious case for integration of Keycard is crypto wallets (ETH, BTC, etc), however it can be used in other systems where a BIP-32 key tree is used and/or you perform authentication/identification.`

			`# Where to start?`

			`A good place to start is our documentation site https://keycard.status.im/api/`

			`You can also join the dicussion about this project on Status channel: https://get.status.im/chat/public/status-keycard`

			`# How to contribute?`

			`Anyone is welcome to contribute to Keycard!`

			`Most of our communication about the project is going on here: https://get.status.im/chat/public/status-keycard`

			`Should you wish to work on an issue, please claim it first by commenting on the GitHub issue that you want to work on it. This is to prevent duplicated efforts from contributors on the same issue.`

			`# How to build the project?`
add scripts to install on card and a smoke test 2017-09-21 13:06:36 +00:00
make build work without setting environment variables 2017-09-21 13:29:28 +00:00			`The project is built using Gradle with the [Fidesmo Javacard Gradle plugin](https://github.com/fidesmo/gradle-javacard).`
document the presence of tests 2017-09-25 11:36:28 +00:00			`You can set the JavaCard HOME not only through the environment but also creating a gradle.properties file with the`
			`property "com.fidesmo.gradle.javacard.home" set to the correct path.`
simplify the LOAD KEY command to use a single APDU 2017-09-25 08:27:55 +00:00
explain compilation 2017-10-06 09:58:10 +00:00			`Testing is done with JUnit and performed either on a real card or on [jCardSim](https://github.com/status-im/jcardsim).`
			`Although the tests are comprehensive, debugging on the real card is not easy because raw APDUs are not shown in the test`
			`log and there is no way to set breakpoints in the applet.`

add support to gradle to run tests on simulator 2017-12-31 18:14:40 +00:00			`In order to test with the simulator with an IDE, you need to pass these additional parameters to the JVM`
explain compilation 2017-10-06 09:58:10 +00:00
partial adaptation for Ledger 2019-02-26 12:25:49 +00:00			```-noverify -Dim.status.keycard.test.target=simulator```
explain compilation 2017-10-06 09:58:10 +00:00
			`## Compilation`
			`1. Download and install the JavaCard 3.0.4 SDK from [Oracle](http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archive-downloads-javame-419430.html#java_card_kit-classic-3_0_4-rr-bin-do)`
			`2. Clone the Github repo for our fork of [jCardSim](https://github.com/status-im/jcardsim)`
			`3. Create a gradle.properties (see below for an example)`
make README more clear 2017-10-26 13:00:01 +00:00			4. Run `./gradlew convertJavacard`

			`## Installation`
			`1. Follow all steps from the Compilation phase (except the last one)`
			`2. Disconnect all card reader terminals from the system, except the one with the card where you want to install the applet`
			3. Run `./gradlew install`

			`## Testing`
			`1. Follow all steps from the Installation phase (except the last one)`
add notes regarding cryptography 2017-12-31 17:29:15 +00:00			`2. Make sure your JRE has the [JCE Unlimited Strength Jurisdiction Policy Files](http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html)`
			`installed. For more information check [here](https://stackoverflow.com/questions/41580489/how-to-install-unlimited-strength-jurisdiction-policy-files).`
			3. Run `./gradlew test`
move installation script to gradle with configurable parameters 2017-09-27 17:04:26 +00:00
Update README.md added intro, link to our documentation site, links to some related repos 2019-02-01 10:16:43 +00:00			`# What kind of smartcards can I use?`
begin application implementation 2017-09-25 09:26:15 +00:00
update README 2018-11-07 13:06:22 +00:00			`* The applet requires JavaCard 3.0.4 (with the addition of KeyAgreement.ALG_EC_SVDP_DH_PLAIN_XY`
remove software-based CMAC implementation 2018-11-07 13:18:44 +00:00			`) or later.`
add list of card requirements 2017-11-25 08:43:30 +00:00			`* The class byte of the APDU is not checked since there are no conflicting INS code.`

			`The algorithms the card must support are at least:`
			`* Cipher.ALG_AES_BLOCK_128_CBC_NOPAD`
			`* Cipher.ALG_AES_CBC_ISO9797_M2`
			`* KeyAgreement.ALG_EC_SVDP_DH_PLAIN`
update README 2018-11-07 13:06:22 +00:00			`* KeyAgreement.ALG_EC_SVDP_DH_PLAIN_XY`
add list of card requirements 2017-11-25 08:43:30 +00:00			`* KeyPair.ALG_EC_FP (generation of 256-bit keys)`
			`* MessageDigest.ALG_SHA_256`
			`* MessageDigest.ALG_SHA_512`
			`* RandomData.ALG_SECURE_RANDOM`
remove software-based CMAC implementation 2018-11-07 13:18:44 +00:00			`* Signature.ALG_AES_MAC_128_NOPAD`
add list of card requirements 2017-11-25 08:43:30 +00:00			`* Signature.ALG_ECDSA_SHA_256`

			`Best performance is achieved if the card supports:`
Update README.md added intro, link to our documentation site, links to some related repos 2019-02-01 10:16:43 +00:00			`* Signature.ALG_HMAC_SHA_512`

			`# Other related repositories`

			`Android installer https://github.com/status-im/keycard-installer-android/`

			`Java SDK for Android and Desktop https://github.com/status-im/status-keycard-java`