Thanks Realpra
And thanks for the interest.
Hello,
I have not fully understand the scope of what you are trying to do (and too much to read as well), but you seem to be mostly on the starting into the smart card world.
I don't know if this relates to what you do or not:
https://bitcointalk.org/index.php?topic=94119.0Current status: integrating it with Electrum for a sensible GUI. The card itself works for what I believe is sufficient functionality to keep a wallet.
Yeah I'm just starting out alright, still I can see the path ahead.
What you are doing seems very similar though focused on securing the computer wallet.
I can see you chose the JavaCard; with dropping hardware prices that's probably a good choice too.
I would love to share notes, that you have come so far already is impressive - I myself usually work slower.
Do you sign transactions on the card or do you only store information on the card?
If its the second, how do you prevent keys leaving the card and getting used by someone else?
Perhaps a glbse IPO ? I suspect you would get a lot of interest.
I will keep it in mind. Currently I mostly need help to develop, which money won't help a great deal with.
Also I am still not entirely sure what I am trying to do is possible so I don't want to owe people money yet!
Progress report:I have looked into Bitcoin a bit more and what my cards need to do.
It seems ECDSA is used to sign and what is signed is a SHA256 hash of the transaction data/tx.
Both of these algorithms are unfortunately a bit heavy computationally for a smartcard - simply programming them could use up a lot of/all EEPROM.
Hence some co-processing will likely be needed - I still have to research more on what my exact options are there.
Further I have found that the card needs to store a reference to any transaction it wants to spend as this is required info in a tx.
This will not be a major problem as most of these txs will be generated from the card itself and only a few will be "refills" that may be relayed to the card by a merchants terminal.
Fraudulent data from a terminal to the card can at worst only lead to having to pay twice and some unintentional doublespends by the user - security is still fine.
It will still be a no-trust security model.
I have also received the SDK which is very slick and all, I will share it with you guys when/if possible.
Next is finding out the exact card specifications needed (16EEPROM? ECDSA/sha coprocessor?) and what to program. If an algorithm is not supported I can program it, but this is CPU? expensive and a bit time consuming.
ZeitControl sells many different cards, some with different coprocessors and some with lots of EEPROM for custom implementations of unsupported things.