status-im
/
status-keycard
mirror of https://github.com/status-im/status-keycard.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Our Javacard Implementation for making secure transactions within Status and Ethereum
32 Commits 8 Branches 10 Tags 3.3 MiB
Java 100%
Go to file
Michele Balistreri 11bfc4a4bf test files 2017-10-06 12:05:31 +03:00
gradle/wrapper add skeleton app 2017-09-21 15:09:04 +03:00
src add web3j based test 2017-10-06 11:58:41 +03:00
testwallets test files 2017-10-06 12:05:31 +03:00
.gitignore make build work without setting environment variables 2017-09-21 16:29:28 +03:00
APPLICATION.MD add ability to SIGN precomputed hashes. Switch to ECDSA with SHA256 for 2017-10-04 15:10:59 +03:00
README.md add ability to SIGN precomputed hashes. Switch to ECDSA with SHA256 for 2017-10-04 15:10:59 +03:00
SECURE_CHANNEL.MD document overhead 2017-09-25 10:53:04 +03:00
build.gradle add web3j based test (incomplete) 2017-10-05 14:10:49 +03:00
gradlew add skeleton app 2017-09-21 15:09:04 +03:00
gradlew.bat add skeleton app 2017-09-21 15:09:04 +03:00

README.md

JavaCard Hardware Wallet

The status.im Hardware Wallet. At the moment Secure Channel and PIN management/verification are implemented.

The project is built using Gradle with the Fidesmo Javacard Gradle plugin. You can set the JavaCard HOME not only through the environment but also creating a gradle.properties file with the property "com.fidesmo.gradle.javacard.home" set to the correct path.

Loading and installing the applet requires gpshell to be installed on the system. The gradle.properties file must contain the following properties

  • im.status.gradle.gpshell = the path to the gpshell executable
  • im.status.gradle.gpshell.isd = the AID of the issuer security domain
  • im.status.gradle.gpshell.mac_key = the MAC key for the ISD
  • im.status.gradle.gpshell.enc_key = the ENC key for the ISD
  • im.status.gradle.gpshell.kek_key = the KEK key for the ISD
  • im.status.gradle.gpshell.kvn = the Key Version Number for the ISD

Testing is done with JUnit and performed on a real card. Although the tests are comprehensive, debugging is not easy because raw APDUs are not shown in the test log and there is no way to set breakpoints in the applet. Using a simulator like jCardSim would make debugging easier but only a subset of bugs can be reliably found with this system. Code changes would be needed for tests to support jCardSim. The tests are run with the test task in gradle.

Example gradle.properties file

com.fidesmo.gradle.javacard.home=/home/username/javacard-2_2_2
im.status.gradle.gpshell=/usr/local/bin/gpshell
im.status.gradle.gpshell.isd=A000000003000000
im.status.gradle.gpshell.mac_key=404142434445464748494a4b4c4d4e4f
im.status.gradle.gpshell.enc_key=404142434445464748494a4b4c4d4e4f
im.status.gradle.gpshell.kek_key=404142434445464748494a4b4c4d4e4f
im.status.gradle.gpshell.kvn=2

Implementation notes

  • The class byte of the APDU is not checked since there are no conflicting INS code.
  • Automated tests using JUnit 5 are included. The test require the application to be already installed. The first card terminal found by Java will be used, to please disconnect all card terminals except the one to be used for testing.