[ANN] Keycard Shell – Open-Source, Multi-Card Hardware Wallet

[walletbro]

Hey, we have been building Keycard as an open-source, JavaCard hardware wallet for a couple of years.

Now we’ve opened pre-orders for our new product Keycard Shell, which turns any Keycard into a fully-fledged, open-source hardware wallet.

What makes Keycard Shell unique from the sea of hardware wallets today?

The problem: Today’s common dual-chip designs export keys to a general-purpose MCU (and have been hacked - see Safe 3). Our Shell solution:

• Dedicated Secure Chip (Java Card): All transactions are signed inside a battle-tested, non-upgradable Java Card secure element – the same EAL6+ tech used in bank cards since the ’90s; one chip per Keycard
• Radical Open Source: Hardware & software are MIT-licensed – schematics, PCB layouts, BOM, Java Card applet, CAD files… audit, modify, even 3D-print your own case

Keycard Shell features

• 100% open source: transparent for you to build on, audit, and modify
• Unlimited Keys on Unlimited Cards: use multiple seeds or create secure backup cards; even ditching steal/paper backup for storing 10 cards in different locations (secured by PIN)
• Duress PIN: enter a second PIN under coercion to reveal a decoy wallet
• Air-Gapped QR Signing: sign offline with Shell’s camera & QR; no radio technology on board; USB exists for updates, and can be turned off
• Universal Compatibility: works with UniSat, BlueWallet, Sparrow, BackPack, imToken & 10+ more via BC UR and ERC-4527
• Future-Proof Design: replaceable Nokia BL-4C battery & modular cards for emerging crypto standards

As always, let us know your opinion! Check out our blog for a deep dive into thread scenarios and security trade-offs, and early prototypes.

And, we are taking pre-orders (w/ 50eur off), so feel free to check out https://keycard.tech

[satscraper]

~

I took a quick look at your release history on GitHub and saw that development has been ongoing since 2018. I'm curious why is the product still only available for preorder with no actual sales yet? What’s caused the long delay in starting manufacturing for the Keycard wallet? Also, could you share which startup is behind the relevant project, and what jurisdiction it's based in?

[walletbro]

~

development has been ongoing since 2018

Keycard is a small part of IFT, some folks might know Status.

Keycard has been around since 2018, right. https://github.com/keycard-tech/status-keycard
The past year we've been building Keycard Shell - a shell to the cards, turning smart cards into fully-fledged hardware wallets: https://github.com/keycard-tech/keycard-shell

Jurisdiction is Switzerland.

[SFR10]

It's always nice to see a new manufacturer in this field, but I have a few questions:

• Is the SE on Shell really 100% open-source?
• Can users disable the USB data transfer functionality without turning the device on?
• Any plans to accept Bitcoin or other cryptocurrencies as a payment method in your shop?

[Tibu]

There are some big players already present on the market such as Tangem (only contactless) or Satochip (dual-interface).
Do you plan to open your "shell" to other smartcard player for a better interroperability?

By the way, nice job guys!

[satscraper]

There are some big players already present on the market such as Tangem (only contactless) or Satochip (dual-interface).

Arculus, Cryptnox and CoolWallet are also worth to mention.

Do you plan to open your "shell" to other smartcard player for a better interroperability?

I have Tangem 2 and use it primarily to top up my crypto card while on the go. Because of that, I would have little interest in their "shell" accessory ^{which requires the wired connection}. One of the key advantages of Tangem is that it connects wirelessly via NFC to its dedicated mobile app ^{that is very convenient for mobile use}.

[dkbit98]

Hey, we have been building Keycard as an open-source, JavaCard hardware wallet for a couple of years.

Interesting to see another airgapped device coming soon, I see shipping is expected to happen around Q4 of this year.
If I understand correctly, for €99 per-order we are getting Keycard Shell device and two plastic Keycards?
It would be super cool if Keycard Shell could be used for reading other smart cards also, to serve multiple functions.

I saw you are offering custom designed cards, can you say if there is any price difference compared to regular Keycards?
Maybe we can order Keycard Shell with custom design cards directly.

[walletbro]

It's always nice to see a new manufacturer in this field, but I have a few questions:

• Is the SE on Shell really 100% open-source?
• Can users disable the USB data transfer functionality without turning the device on?
• Any plans to accept Bitcoin or other cryptocurrencies as a payment method in your shop?

Our security model is quite different. It's modular: Shell is kept as simple as possible, while Keycard has the SE.
Even during signing, the keys don't leave Keycard - unlike with a Trezor Safe 3 for example. Check out the examples we put on our blog: https://keycard.tech/blog/keycard-shell-radically-open-uniquely-secure , and especially the comparison table.

Keycard's SE is a standard JCOP4 by NXP - think credit cards, passports etc - with a proprietary part. Once there is a fitting, open source alternative, we would consider moving over.

USB data is turned off by default. If you like, you can keep that setting turned off, only ever use the usb port for charging, and use non-data cables only.

We are working on crypto payments. Mostly a legal thing. Sadly.

[walletbro]

There are some big players already present on the market such as Tangem (only contactless) or Satochip (dual-interface).
Do you plan to open your "shell" to other smartcard player for a better interroperability?

By the way, nice job guys!

Thank you!

Regarding Tangem. To keep it short and friendly I'd say we prefer Keycard's open source security model over Tangem's closed one.

Now, Satochip is interesting. Satochip and Keycard both have the NFC + chip combo.

With Shell we now add a camera + QR, which makes any Keycard work with: UniSat, BlueWallet, Sparrow, Backpack, imToken...
Technically, Keycard could be integrated with desktop wallets like Sparrow or Electrum. We just haven't gotten around to doing it, yet.
Of course we warmly invite anyone to contribute Keycard card reader support with Sparrow

For anything EVM, you can use Keycard with Status.im apps (mobile via NFC + desktop via reader)

Good point on interoperabilty! Technically, any JavaCard can work with Shell. I've pinged Satochip to see if they'd like to integrate. Again, our full stack is open to contribution 

[walletbro]

There are some big players already present on the market such as Tangem (only contactless) or Satochip (dual-interface).

Arculus, Cryptnox and CoolWallet are also worth to mention.

These are all decent wallets! The one major difference is that Keycard is full stack open source, both card + wallet, Arculus and Cryptnox aren't.

I remembered CoolWallet as the one with display. But it turns out they plan a new one, a JavaCard from the looks of it. I haven't talked to them in a while, and the website doesn't mention the tech stack. But it looks like it's used for backups only. Via NFC. Interesting! Quite expensive for a feature you can just used Keycard for, though.

Do you plan to open your "shell" to other smartcard player for a better interroperability?

I have Tangem 2 and use it primarily to top up my crypto card while on the go. Because of that, I would have little interest in their "shell" accessory ^{which requires the wired connection}. One of the key advantages of Tangem is that it connects wirelessly via NFC to its dedicated mobile app ^{that is very convenient for mobile use}.

Shell can be used 100% air-gapped. No wired connection. You sign transactions by pointing Shell's camera to a wallet like UniSat, BlueWallet, ... etc. Then confirm on Shell's display & sign. Then let UniSat read the signature QR on Shell's display.

Fully air-gapped. Shell's usb port can 1) have data turned off 2) be used for charging only.

Keycard also works via NFC - with one open source EVM wallet - Status.im - for now.

[walletbro]

Hey, we have been building Keycard as an open-source, JavaCard hardware wallet for a couple of years.

Interesting to see another airgapped device coming soon, I see shipping is expected to happen around Q4 of this year.
If I understand correctly, for €99 per-order we are getting Keycard Shell device and two plastic Keycards?
It would be super cool if Keycard Shell could be used for reading other smart cards also, to serve multiple functions.

I saw you are offering custom designed cards, can you say if there is any price difference compared to regular Keycards?
Maybe we can order Keycard Shell with custom design cards directly.

Yes, a discounted €99 for Keycard Shell + two Keycards.

For 1 custom card, sure we can do it right away for the original price. Or for free if you have a fun project we should support.
For a custom Shell or large amounts of custom cards we can talk about price but also what logistics setup would work best for you.

Or, you could simply 3d print your own! Shell's hardware is open source, too:
https://github.com/keycard-tech/keycard-pro/tree/master/hw
https://x.com/vpavlin/status/1897971893979725884

[SFR10]

Our security model is quite different. It's modular: Shell is kept as simple as possible, while Keycard has the SE.

Thank you for providing answers to our questions, but when I checked the comparison table on your homepage ^[screenshot], I was under the impression that Shell also has a SE and it's an open-source one ^{[it even mentions having its own usages]}, as opposed to Keycard.

[satscraper]

I have Tangem 2 and use it primarily to top up my crypto card while on the go. Because of that, I would have little interest in their "shell" accessory ^{which requires the wired connection}. One of the key advantages of Tangem is that it connects wirelessly via NFC to its dedicated mobile app ^{that is very convenient for mobile use}.

Shell can be used 100% air-gapped. No wired connection. You sign transactions by pointing Shell's camera to a wallet like UniSat, BlueWallet, ... etc. Then confirm on Shell's display & sign. Then let UniSat read the signature QR on Shell's display.

Fully air-gapped. Shell's usb port can 1) have data turned off 2) be used for charging only.

Keycard also works via NFC - with one open source EVM wallet - Status.im - for now.

Tangem offers the unique capability to function as the seedless wallet utilizing an innovative backup technique. Each card in the related set is capable of restoring sensitive information such as your key and PIN. As Zack Herbert ^{CEO of Foundation} mentioned in the recent interview, SEED phrases may soon be obsolete. Based on the information from your website, it appears that Keycard still relies on seed phrases. Is that correct?

[walletbro]

Our security model is quite different. It's modular: Shell is kept as simple as possible, while Keycard has the SE.

Thank you for providing answers to our questions, but when I checked the comparison table on your homepage ^[screenshot], I was under the impression that Shell also has a SE and it's an open-source one ^{[it even mentions having its own usages]}, as opposed to Keycard.

Thx for bringing that up! Parts of that table are confusing. Let us update it.

Essentially, Shell's "Open source secure element" and "Secure element has its own usages" means that Shell "has" Keycard, and Keycard has the SE. And the card itself can even be used standalone, via NFC.

The card can be managed with GlobalPlatform, an open standard. And the JavaCard runtime that is also an open platform with an open API. For a secure element even these two aspects are not a given.

[walletbro]

I have Tangem 2 and use it primarily to top up my crypto card while on the go. Because of that, I would have little interest in their "shell" accessory ^{which requires the wired connection}. One of the key advantages of Tangem is that it connects wirelessly via NFC to its dedicated mobile app ^{that is very convenient for mobile use}.

Shell can be used 100% air-gapped. No wired connection. You sign transactions by pointing Shell's camera to a wallet like UniSat, BlueWallet, ... etc. Then confirm on Shell's display & sign. Then let UniSat read the signature QR on Shell's display.

Fully air-gapped. Shell's usb port can 1) have data turned off 2) be used for charging only.

Keycard also works via NFC - with one open source EVM wallet - Status.im - for now.

Tangem offers the unique capability to function as the seedless wallet utilizing an innovative backup technique. Each card in the related set is capable of restoring sensitive information such as your key and PIN. As Zack Herbert ^{CEO of Foundation} mentioned in the recent interview, SEED phrases may soon be obsolete. Based on the information from your website, it appears that Keycard still relies on seed phrases. Is that correct?

Shell allows for backup cards, too.
You can create a couple ^{or more} backup cards and then destroy your paper backup.

The main difference to Tangem is that Keycard allows you to add backup cards after the initial setup.

Mind that Tangem doesn't have a "Shell", but you need to use their close-source app. Which had a security vulnerability where imported private keys could be leaked ^{but that's for another day}

[satscraper]

I have Tangem 2 and use it primarily to top up my crypto card while on the go. Because of that, I would have little interest in their "shell" accessory ^{which requires the wired connection}. One of the key advantages of Tangem is that it connects wirelessly via NFC to its dedicated mobile app ^{that is very convenient for mobile use}.

Shell can be used 100% air-gapped. No wired connection. You sign transactions by pointing Shell's camera to a wallet like UniSat, BlueWallet, ... etc. Then confirm on Shell's display & sign. Then let UniSat read the signature QR on Shell's display.

Fully air-gapped. Shell's usb port can 1) have data turned off 2) be used for charging only.

Keycard also works via NFC - with one open source EVM wallet - Status.im - for now.

Tangem offers the unique capability to function as the seedless wallet utilizing an innovative backup technique. Each card in the related set is capable of restoring sensitive information such as your key and PIN. As Zack Herbert ^{CEO of Foundation} mentioned in the recent interview, SEED phrases may soon be obsolete. Based on the information from your website, it appears that Keycard still relies on seed phrases. Is that correct?

Shell allows for backup cards, too.
You can create a couple ^{or more} backup cards and then destroy your paper backup.

The main difference to Tangem is that Keycard allows you to add backup cards after the initial setup.

Mind that Tangem doesn't have a "Shell", but you need to use their close-source app. Which had a security vulnerability where imported private keys could be leaked ^{but that's for another day}

I understand your point, but my main question was whether Keycard can operate in "seedless" mode. Based on your somewhat non-committal response I’m starting to think that it doesn't support this feature, and that generating SEED phrase is the only viable option for it. BTW, does Keycard shell support extending the standard BIP 39 phrase by adding the custom password/phrase ^{or it is strictly limited to the standard words from the BIP 39 word list}?

[SFR10]

Essentially, Shell's "Open source secure element" and "Secure element has its own usages" means that Shell "has" Keycard, and Keycard has the SE.

Thank you for your detailed answer... Based on my understanding, the closed-source nature of the SE used on Keycard should always remain the same and the checkmarks on the SE parts of the Shell would probably mislead ^{[unintentionally]} some users.
^{- I believe the highlighted part on this "screenshot" should also be changed (because of the hardware part).}

[walletbro]

I have Tangem 2 and use it primarily to top up my crypto card while on the go. Because of that, I would have little interest in their "shell" accessory ^{which requires the wired connection}. One of the key advantages of Tangem is that it connects wirelessly via NFC to its dedicated mobile app ^{that is very convenient for mobile use}.

Shell can be used 100% air-gapped. No wired connection. You sign transactions by pointing Shell's camera to a wallet like UniSat, BlueWallet, ... etc. Then confirm on Shell's display & sign. Then let UniSat read the signature QR on Shell's display.

Fully air-gapped. Shell's usb port can 1) have data turned off 2) be used for charging only.

Keycard also works via NFC - with one open source EVM wallet - Status.im - for now.

Tangem offers the unique capability to function as the seedless wallet utilizing an innovative backup technique. Each card in the related set is capable of restoring sensitive information such as your key and PIN. As Zack Herbert ^{CEO of Foundation} mentioned in the recent interview, SEED phrases may soon be obsolete. Based on the information from your website, it appears that Keycard still relies on seed phrases. Is that correct?

Shell allows for backup cards, too.
You can create a couple ^{or more} backup cards and then destroy your paper backup.

The main difference to Tangem is that Keycard allows you to add backup cards after the initial setup.

Mind that Tangem doesn't have a "Shell", but you need to use their close-source app. Which had a security vulnerability where imported private keys could be leaked ^{but that's for another day}

I understand your point, but my main question was whether Keycard can operate in "seedless" mode. Based on your somewhat non-committal response I’m starting to think that it doesn't support this feature, and that generating SEED phrase is the only viable option for it. BTW, does Keycard shell support extending the standard BIP 39 phrase by adding the custom password/phrase ^{or it is strictly limited to the standard words from the BIP 39 word list}?

I think I understand. Do you mean SEEDLESS in the sense that no display ever shows the seed phrase?

No, the current Shell firmware version does display the seed. Technically, it's possible not to.
But the team likes to see demand for that SEEDLESS mode, mostly because it's a trade-off in security.

Also, you can always simply burn your seed paper after creating multiple backup cards, which makes it SEEDLESS in a sense. But I guess not 100% in the sense you would like to have it. Does that make sense?

[satscraper]

I think I understand. Do you mean SEEDLESS in the sense that no display ever shows the seed phrase?

Nope, broadly speaking, seedless refers to a wallet that doesn’t rely on seed phrase to generate/recover its private key. AFAIK Tangem is currently the only hardware wallet that fully implements this approach, embedding the private key directly into the card itself. That said, we might see more seedless solutions in the domain of HW, especially if the developers behind certain projects stay committed to this concept. You can find more details about Tangem’s implementation over there. Once again, I’d like to refer to Zack Herbert's opinion, where he suggests that seed phrases will soon become obsolete.

[guylouis]

Essentially, Shell's "Open source secure element" and "Secure element has its own usages" means that Shell "has" Keycard, and Keycard has the SE.

Thank you for your detailed answer... Based on my understanding, the closed-source nature of the SE used on Keycard should always remain the same and the checkmarks on the SE parts of the Shell would probably mislead ^{[unintentionally]} some users.
^{- I believe the highlighted part on this "screenshot" should also be changed (because of the hardware part).}

@guylouis here, I am also a contributor to to keycard and shell!

You're actually right, it's a bit confusing to say the secure element is open source, we will change the line on the website. Thanks for this. The correct assertion is that the secure element has 'open source software'. Just like we did in our detailed comparison table here
comparison table

Also Keycard is using javacard because we considered javacards were the most open way to do a programmable secure element nowadays. It's an open platform with standard API and runs on a lot of different hardwares from a lot of different vendors. But indeed there is a trust assumption on the hardware (in keycard case: NXP JCOP4).

100% open source secure element based on RISC-V will come but they are not ready yet (see tropic square) and will come in non-programmable versions first. We believe a hardware wallet should never let the secrets keys get out of the secure element and thus be programmable (if it's not programmable, it will have to export the keys out, to a not so secure MCU to do the signing, because non programmable secure element can't perform natively all the crypto primitives of a bip32 wallet like deriving etc.).

Based on our study the only ones who use programmable secure element are ledger and shell (happy to be proven wrong and complete our comparison table on the link above)

Also on the front page of the website the idea we want to convey when we say hardware is fully open is that we provide everything (schematic, bill of material, gerber files for pcb manufacturing) to manufacture it. In that sense only fundation passport (to our knowledge) has the same approach as Shell (see the comparison table). We don't want to convey the impression that each component is open source down to the sillicon level, it wouldn't be possible (MCUs, Asics are not for instance)