Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update README.md #16

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update README.md #16

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
113 changes: 65 additions & 48 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,71 +1,76 @@
# SatochipApplet
Open source javacard applet implementing a crypto-currency hardware wallet with full BIP32/BIP39 support.
# Satochip Applet

# Demonstration
---
## Demonstration

[![demonstrationon youtube](https://i.ytimg.com/vi/dbQoUrcb8SI/hqdefault.jpg?sqp=-oaymwEcCNACELwBSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLDn6M4pa5vMLDvRTFuL00UejiWmeQ)](https://youtu.be/t0IsK1fpEQQ)
🎥 [Satochip - How to setup your hardware wallet with Sparrow Wallet](https://youtu.be/Y-bmiHC5PRk?feature=shared)

# Introduction
[![How to setup your hardware wallet with Sparrow Wallet](https://i.ytimg.com/an_webp/Y-bmiHC5PRk/mqdefault_6s.webp?du=3000&sqp=CPSkkr0G&rs=AOn4CLCStGYlrAP3cGdRun7rkdTga8GVPA)](https://youtu.be/Y-bmiHC5PRk?feature=shared)

Satochip stands for **S**ecure **A**nonymous **T**rustless and **O**pen **Chip**. It is a javacard applet that can be used as a secure hardware wallet running for example on a [Yubikey Neo](https://store.yubico.com/store/catalog/product_info.php?ref=368&products_id=72&affiliate_banner_id=1). The Satochip applet has full BIP32/BIP39 supports.
---
## Introduction

Satochip stands for **S**ecure **A**nonymous **T**rustless and **O**pen **Chip**.
It is a javacard applet that can be used as a secure hardware wallet running on multiple form-factor.
The Satochip applet has full BIP32/BIP39 supports.

Using Satochip, an initial BIP32 seed is imported in the javacard and private keys are derived as requested by an external application. *Private keys are never exported outside of the secure chip*. To improve performances, the result of key derivation is cached in secure memory for future requests so that a specific derivation path is only computed once.

The Satochip also supports the import of regular (non-BIP32 keys) such as vanity keys. Here again, private keys cannot be exported outside of the secure chip. Up to 16 regular keys can be imported on the chip. In any case, the private keys can be used to sign transactions and Bitcoin messages, if sufficient credentials are provided.

Access to private keys (creation, derivation and signature) is enforced through the use of PIN code (from 4 to 16 chars).

*This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software.*

Advantages:
### Advantages:
- Code is free and open source (no NDA required);
- Code is easy to read and maintain (javacard is a subset of java);
- Multiple form factor could be supported in addition to Yubikey (e.g sim cards);
- Multiple form factor could be supported (e.g smartcard, sim card, ring, tag...);
- Plug and play;
- Smartcards have a long experience in dealing with security and physical security in particular;
- Can be easily used or extended for other crypto-currencies;
- A test package is run during build to ensure that critical functionalities are implemented correctly.

Also, if used with a Yubikey:
- Yubikey has minimal size and is practically indestructible;
- The Yubico company is not going anywhere anytime soon;
- Many promising functionalities: NFC, Yubikey OTP, U2F, ...;
- Possibility to use the HMAC-SHA1 challenge-response of the Yubikey as second factor for additional security against malwares.
Also:
- Smartcard has minimal size and is weatherproof;
- Many interesting functionalities: NFC, PGP, U2F, ...;
- Possibility to use the HMAC-SHA1 challenge-response as second factor for additional security against malwares.

Disadvantages:
### Disadvantages:
- Building the applet might be a bit tricky;
- The software implementation of HMAC-SHA512 could have an potential impact on the physical security against side-channel attacks (for attackers with physical access to the chip).

# Supported hardware
---
## Supported hardware

To support Bitcoin signatures, the javacard must support ALG_ECDSA_SHA_256, which in practice requires a javacard compliant with the JavaCard 3.0.1 specification. Note that this is a necessary but not sufficient condition since javacards typically implements only a subset of the specification.
To support Bitcoin signatures, the javacard must support ALG_ECDSA_SHA_256, which in practice requires a javacard compliant with the JavaCard 3.0.1 specification.
Note that this is a necessary but not sufficient condition since javacards typically implements only a subset of the specification.
A detailed list of javacard and their supported features is available [here](http://www.fi.muni.cz/~xsvenda/jcsupport.html).

An interesting guide to consult before shopping can be found [here](https://github.com/martinpaljak/GlobalPlatformPro/tree/master/docs/JavaCardBuyersGuide).

## Tested and working

### Yubikey Neo
**Important remark:** the Yubikeys currently sold by Yubico are configured for production only and it is not possible to load the applet on these dongles (see [this link](https://www.yubico.com/2014/07/yubikey-neo-updates/) for more details). Only the development Yubikeys (with serial number below 3,000,000) are suitable for our use!

### NXP JCOP J2D081
Available for purchase [here](https://www.javacardsdk.com/product/j2d081/). (MOQ: 5 pieces).
### Tested and working

### Swissbit PS-100u VE card Secure micro SD memory card
More info [here](http://www.swissbit.com/index.php?option=com_content&view=article&id=293&Itemid=601)
(Note however that Swissbit does not sell its product directly to end users but only to business partners).
Navigating the javacard ecosystem can be tricky, as there are many different configuration options even within the same chipset. Here is a non-exhaustive list of tested smartcards and devices.

### J3D081 JCOP v2.4.2 R2
Available for purchase [here](https://www.motechno.com/product/j3d081-dual-interface-javacard-3-0-1/). (MOQ: 1 piece).
#### Yubikey Neo
**Important remark:** the Yubikeys currently sold by Yubico are configured for production only and it is not possible to load the applet on these dongles (see [this link](https://www.yubico.com/2014/07/yubikey-neo-updates/) for more details).
Only the development Yubikeys (with serial number below 3,000,000) are suitable for our use!

# Buidl
#### NXP JCOP4 P71 SECID based javacard
- J3R110
- J3R180
- J3R200 -> Recommended card, buy yours at [the official Satochip website](https://satochip.io/product/card-for-diy-project/)
- Also exist in SIM form factor, available [here](https://satochip.io/product/blank-sim-javacard-for-diy-project/).

You can build the javacard CAP files or use the lastest [built version](https://github.com/Toporin/SatochipApplet/releases).
#### NXP JCOP3 P60 SECID based javacard
- J3H145

To generate the CAP file from the sources, you can use the [ant-javacard](https://github.com/martinpaljak/ant-javacard) Ant task (see the instruction on the ant-javacard github repository).
---
## Buidl

You can build the javacard CAP files or use the lastest [built version available](https://github.com/Toporin/SatochipApplet/releases).
To generate the CAP file from the sources, you can use the [ant-javacard](https://github.com/martinpaljak/ant-javacard) Ant task. _(See the instruction on the ant-javacard github repository)._

## Building on Ubuntu
### Building on Ubuntu

* Clone Satochip applet repository:
```
Expand Down Expand Up @@ -97,9 +102,10 @@ git submodule add https://github.com/martinpaljak/oracle_javacard_sdks sdks

The .cap file should build in the SatochipApplet folder.

# load applet into card
### Load the applet into card

Once you have a CAP file, you have to download it on the chip card. You can use [GlobalPlatformPro](https://github.com/martinpaljak/GlobalPlatformPro) to do this:
Once you have a CAP file, you have to upload it on your smartcard.
You can use [GlobalPlatformPro](https://github.com/martinpaljak/GlobalPlatformPro) to do this:

- Download the latest release from https://github.com/martinpaljak/GlobalPlatformPro/releases
- (Put the CAP file in the same folder as the GPJ jar file for convenience)
Expand All @@ -110,32 +116,43 @@ Once you have a CAP file, you have to download it on the chip card. You can use

A more detailed tutorial is available on the GlobalPlatformPro [repository](https://github.com/martinpaljak/GlobalPlatformPro).

# Use
A specific tutorial for the Satochip applet is available on the [Satochip Academy](https://satochip.io/build-your-own-satochip-hardware-wallet/).

---
## Usage

To use the applet, you have to connect your client application to the smartcard and send command APDU. These commands will be processed by the smartcard who will then send a response APDU.

### Supported software clients

- Bitcoin: the [Bitcoin Electrum-Satochip](https://github.com/Toporin/electrum-satochip/releases) is a version of [Electrum](https://github.com/spesmilo/electrum) that was slightly modified to integrate the Satochip hardware wallet.
- Litecoin: the [Litecoin Electrum-Satochip](https://github.com/Toporin/electrum-satochip/releases) is a version of [Electrum for Litecoin](https://github.com/pooler/electrum-ltc/) that was slightly modified to integrate the Satochip hardware wallet.
- Bitcoin Cash: the [Electron Cash-Satochip](https://github.com/Toporin/electrum-satochip/releases) is a version of [Electron Cash](https://github.com/Electron-Cash/Electron-Cash) that was slightly modified to integrate the Satochip hardware wallet.
**Note:** Satochip is natively supported by Electron Cash, we strongly encourage you to download the client from the [official website](https://electroncash.org/).
- eCash (XEC): Satochip is natively supported by Electrum ABC, we strongly encourage you to download the client from the [official website](https://www.bitcoinabc.org/electrum/).
- Bitcoin (BTC):
- [Sparrow Wallet](https://sparrowwallet.com/download/). _(Satochip is natively supported since v.1.8.0)_
- [Electrum-Satochip](https://github.com/Toporin/electrum-satochip/releases) is a version of [Electrum](https://github.com/spesmilo/electrum) that was slightly modified to integrate the Satochip hardware wallet.

- Litecoin (LTC):
- [Litecoin Electrum-Satochip](https://github.com/Toporin/electrum-satochip/releases) is a version of [Electrum for Litecoin](https://github.com/pooler/electrum-ltc/) that was slightly modified to integrate the Satochip hardware wallet.

- Bitcoin Cash (BCH):
-[Electron-Cash](https://electroncash.org/). _(Satochip is natively supported since v.4.0.11)_

- Metamask: you can use your Satochip hardware wallet with a forked version of Metamask called [Satomask](https://github.com/Toporin/metamask-extension/releases). To allow the communication between the card and your web browser, you will need the [Satochip Bridge](https://github.com/Toporin/Satochip-Bridge/releases).
- eCash (XEC):
- [Electrum ABC](https://www.bitcoinabc.org/electrum). _(Satochip is natively supported since v.4.0.11)_

- MyEtherWallet: you can use your Satochip hardware wallet with a forked version of MyEtherWallet called [MEW Satochip](https://github.com/Toporin/MyEtherWallet/releases). To allow the communication between the card and your web browser, you will need the [Satochip Bridge](https://github.com/Toporin/Satochip-Bridge/releases).
- Ethereum (ETH), Polygon (POL), Binance Smart Chain (BSC), Tezos (XTZ) and many other EVM-compatible blockchains:
- [Uniblow](https://uniblow.org/get). _(Satochip is natively supported since v.2.6.0)_

### Deprecated (use older releases for this)
[SatoChipClient](https://github.com/Toporin/SatoChipClient) is a small java library that allows to easily interface the SatoChip applet to your application through a simple set of API. An example of application is the [BitcoinWallet](https://github.com/Toporin/BitcoinWallet) java application, that uses SatoChipClient through another Bitcoin library called [BitcoinCore](https://github.com/Toporin/BitcoinCore).
- The [Wallet Connect protocol](https://satochip.io/wallet-connect/) is also supported through [Uniblow](https://uniblow.org/get)
- See [this step-by-step tutorial to use your Satochip hardware wallet](https://satochip.io/satochip-rabby-wallet/) with [Rabby](https://rabby.io/) - through the Wallet Connect protocol

# Credits
---
## Credits

- The CardEdge javacard applet is derived from the [MUSCLE framework](http://pcsclite.alioth.debian.org/musclecard.com/info.html).
- The Bitcoin transaction parser is derived from [Btchip](https://github.com/LedgerHQ/btchipJC).
- The BitcoinWallet application is based on ScripterRon [BitcoinWallet](https://github.com/ScripterRon/BitcoinWallet) client and [BitcoinCore](https://github.com/ScripterRon/BitcoinCore) library.

# License
---
## License

This application is distributed under the GNU Affero General Public License version 3.

Expand Down