[ANN] SatoChip: Open-Source Hardware wallet for less than 10$!

[Toporin]

Hello,

Here is a new secure hardware wallet project based on javacard and compatible with the YubiKey NEO. The sources and building instructions are available on https://github.com/Toporin/SatoChipApplet

https://i.imgur.com/PwKhO8N.png

This project is fully open source and consists of a javacard applet that is to be loaded on a Yubikey (or any smartcard supporting the required functionalities - ECDSA-SHA256). Beside the applet, a java client is provided in the form of a light java library to simplify integration on existing applications (as the yubikey obviously needs to interact with a client application): https://github.com/Toporin/SatoChipClient.

A simple client java application is also provided as a proof-of-work. This application is a fork based on the BitcoinWallet from ScripterRon: https://github.com/Toporin/BitcoinWallet

The SatoChip has partial BIP32 support but due to technical limitations of current javacards, only hardened keys are supported (i.e. child keys using indices 2^31 through 2^32-1). Using SatoChip, an initial BIP32 seed is imported in the javacard and private keys are derived as requested by an external application. Private keys are never exported outside of the secure chip.

The SatoChip also supports the import of regular (non-BIP32 keys) such as vanity keys. Here again, private keys cannot be exported outside of the secure chip. Up to 16 regular keys can be imported on the chip. In any case, the private keys can be used to sign transactions and Bitcoin messages, if sufficient credentials are provided.

Access to private keys (creation, derivation and signature) is enforced through the use of PIN code. This access control is based on the MUSCLE framework on which the applet is built. As part of this framework, it is also possible to securely store and retrieve data & secret keys in secure memory, or use the chip to perform data encryption and decryption, although some functionalities have been disabled for readability of the code.

Please note that this implementation is currently under development: Use at your own risk!
Don't forget to backup the seed as it is not possible to recover it afterward!
I cannot be held responsible for any loss incurred by the use of this application...

Important remark: the Yubikeys currently sold by Yubico are configured for production only and it is not possible to load the applet on these dongles (see this link for more details: https://www.yubico.com/2014/07/yubikey-neo-updates/). Only the development Yubikeys (with serial number below 3,000,000) are suitable for this use!

Advantages:
-Code is free and open source
-Code should be easy to read and maintain (java card is a subset of java)
-Multiple form factor supported in addition to Yubikey (e.g smartcards, sim cards)
-Plug and play
-Smartcards have a long experience in dealing with physical security
-Can be easily used or extended for other crypto-currencies
-Cheap: possible to buy a compliant smartcard for less than 10$!

Also, when used with a Yubikey Neo:
-Yubikey has minimimal size and is practically indestructible
-Yubico is a reliable company that is not going anywhere anytime soon!
-Many other functionalities: Yubikey OTP, U2F, PGP support...
-Possibility to support NFC

Limitations:
-No screen!
-This is still beta code, use with caution!
-The applet could use more testing
-Performances could be improved

I am open to suggestions/corrections/improvements... Remember, this is a work in progress!
Let me know how it works for you and if you have trouble using it!

[Toporin]

Btw, I have three free smartcards with the SatoChip applet loaded for people willing to test and review the wallet.
(You still need a smartcard reader and some patience/skills to set up the installation on your computer)

If you are interested, send me a PM before tomorrow 11:59 PM.
If I have more than three answers, I will pick three people arbitrarily based on their activity on the forum...
 

[Toporin]

Tutorial: SatoChip & ScripterRon's BitcoinWallet How to use:

Required:

• SatoChip loaded on a smartcard or Yubikey
• BitcoinWallet .jar and lib folder saved on your computer
• Java Runtime Environment 8

To run BitcoinWallet:

You can run the Wallet by executing the following command:

Code:

 javaw.exe -Xmx256m -Djava.util.logging.config.file=logging.properties -jar BitcoinWallet-3.0.1.jar PROD

Code:

-Djava.util.logging.config.file=logging.properties

is an optional argument usefull to configure the log with the logging.properties file.
By default, the logging.properties file stored in \jre8\lib is used.

- Wallet setup (only once):
At the first execution, the SatoChip wallet will be setup.
First, the program will ask you to define a PIN and a PUK code:

https://i.imgur.com/Ur6DGbY.jpg

https://i.imgur.com/ogpnhIH.png

The PIN code grants the access to the BIP32 wallet and unlock your account: be sure to keep it secret!
Transactions and message signing is not possible without it. Access is granted until the card is removed or until the wallet is closed
The PUK code could be used in case you block the PIN code with a sufficient number of wrong PIN trials (not supported yet).

After PIN setup, the PIN code is asked for confirmation and to grant access to the chip protected functionalities.
https://i.imgur.com/JjO5gzv.png

Once access is granted, the application will ask you to define a BIP32 seed:
https://i.imgur.com/eQyOJbc.png

This seed will be derived to generate all your Wallet private keys.
Be sure to use a sufficiently long password and to securely backup a copy of the seed!
Once the seed is imported in the secure chip, it is impossible to recover it!
Note that seed generation takes around 2 minutes during which the chip derives the master keys from the seed and performs various operations (you can see the Yubikey or smartcard reader blinking).

- Wallet use:
During normal execution, the application always start by requesting you PIN code:
https://i.imgur.com/JjO5gzv.png

After that, the main windows appears:
https://i.imgur.com/PHMK09D.png
Note that the account balance is still 0 for an obvious reason.

We start by generating a first key by clicking on  'View>Receive address' then 'Create' in the pop up windows:
https://i.imgur.com/IBzQHiH.png
You can create as many key as desired. Note that a new key derivation takes around 30 seconds during which the wallet seems iddle... be patient!

Once it is created, it is possible to send money to this new address:
https://i.imgur.com/s4yHAjE.png

- Wallet spending:

To spend the money received, click on 'Actions'>'Send coins', then copy a destination address, amount and fee in the popup windows:
https://i.imgur.com/0VvxM2j.png

And it's done!
https://i.imgur.com/p7vZHUI.png

In the same 'Action' menu, it is also possible to sign and verify messages:
https://i.imgur.com/hhMCId4.png

[banksycoin]

Amazing. Great work 

Might be interested in trying one out if you still have any available.

[2112]

Can your code handle testnet coins?

[Toporin]

@banksycoin:

Yes I still have smartcard left for testing purpose. You can give me a shipping address by PM and I'll send one to you free of charge!
(Please note that you still need a smartcard reader to use it though)

@2112:

The SatoChip applet on the javacard should support Testcoin, however the BitcoinWallet implementation by ScripterRon only support Bitcoin.
The applet only manages the private keys, it has no knowledge of address or network. So basically any altcoin using the SECP256k1 could be used with it afaik. With minor changes, it should also be able to support NXT coin which uses Curve25519. The main difficulty is to integrate it in a particular wallet client... For testing purpose, there is a simple java library API (https://github.com/Toporin/SatoChipClient) that may provide some starting point...

[banksycoin]

That is great news

PM sent.

[Toporin]

@banksycoin

The card was sent this morning!
Expect a few days to receive it (sent from Europe)...

[Jouke]

Great work. I have a Neo lying around and I am going to free time this week to test this!

[btchip]

Congrats, nice to see that people are actually reading and using my code Retrieving the public key by using the "half" key agreement is a nice trick too.

On our side, we've not given up on Java Card and will be releasing in the coming weeks a SHA512 version that'll be significantly faster (about /10 so far)

I'd also suggest you relicense to AGPL - considering you use part of my code released under this license, and it's also a great way to make sure that the source code of improved versions always stays available.

[Tibuxx]

Hi !

May I ask you a smartcard for testing purpose ?
BTW, it's realy a good project.

I will test it as soon as I get the card.

 

[Toporin]

@btchip:
You are right about the AGPL license. I'm still struggling with the intricacies of code licenses but I will correct that!
Thanks by the way for the great work!

@Tibuxx:
Yes I still have smartcards left. Send me your address by PM and I'll ship one to you :-)

[Tibuxx]

@Toporin

Pm send yesterday. I'm living in EU, hope I'll recieve it fast ...
Keep in touch ! 

[Tibuxx]

Hi Toporin.

Thank you ! I've received the simcard this morning.  
But it's a white one ... Need some skin tweak before I test the card.

What do you think :  

First print (blank test card)

https://i.imgur.com/oJynDUQ.jpg?1

https://i.imgur.com/VCm6cNn.jpg?1

Second run on the simcard

https://i.imgur.com/r9nUbRl.jpg?1

I'll start the tests tomorrow ...

[Mitchell]

If you have one left, I would love to try it out, if not, I'll buy one once I have some BTC. Everything is locked up in cold storage and trades.

[Tibuxx]

If you have one left, I would love to try it out, if not, I'll buy one once I have some BTC. Everything is locked up in cold storage and trades.

Of course, cold storage is the best storage you could find !
Physical coins, paper wallet, etc. use pre-print private key to store the crypto-value.
Of course it's better than an online trade plateform but if you lose your paper/coin, you lose your BTC !

With this card, the simlock is a great shield against hackers, plus a good software implementation to deal with the blockchain.

Furthermore, with this new design, the card's looking gorgeous 

[zetaray]

$10 is a very good price for a hardware wallet. But this JavaCard and Yubi key costs more than $10 and this need a special Yubi key that is not available. Not many people can test this project.

[soowein]

Can your code handle testnet coins?

[Tibuxx]

$10 is a very good price for a hardware wallet. But this JavaCard and Yubi key costs more than $10 and this need a special Yubi key that is not available. Not many people can test this project.

Javacard is cheap compair with the YubiKey ...

[Toporin]

Thanks Tibux for the design, this looks nice!

If you have one left, I would love to try it out, if not, I'll buy one once I have some BTC. Everything is locked up in cold storage and trades.

Mitchełł, yes I still have one card (last one!). You can give me your address by PM and I will send it to you!

Can your code handle testnet coins?

While the javacard applet should support testoin, the simple java client that I use does not. It should be possible to do the tests using the java interface library directly (https://github.com/Toporin/SatoChipClient), although it is much less convenient. I will try to improve that as it's obviously a very important point. 

$10 is a very good price for a hardware wallet. But this JavaCard and Yubi key costs more than $10 and this need a special Yubi key that is not available. Not many people can test this project.

Indeed testing is not very easy for the moment but this project is still very experimental. Also, I would not recommend using it with serious amount of Bitcoin yet until it has been tested more seriously. If someone is interested to test the card and have trouble with the setup, he can contact me by PM and we will find a way...