commits branch releases Fetching contributors Fetching latest commit… Permalink README.md btchipJC Java Card Bitcoin Hardware Wallet /LedgerHQ/btchipJC You signed in with another tab or window.Reload to refresh your session.You signed out in another tab or window.What if we could write some code once, and run it on all platforms ?That’s the old promise of Java fulfilled by Java Card — a very tiny subset of Java, extremely popular on SIM cards.Java Card also defines how to isolate multiple applications on the same smartcard, making it possible to have several providers hosting their applications.And even to be used as a standard development platform for end users.But, of course, there are issues.First the technical ones.Java Card API is evolving very slowly — Elliptic Curves support was only added in recent releases, and there is no standard API to directly obtain the public key associated to a private key, which is annoying for Hierarchical Deterministic Wallets.

RIPEMD 160 is nowhere to be found, which makes it complicated to display an address, and SHA 512 support is only found is the latest implementations, which just kills Hierarchical Deterministic Wallets for good.Some of those features are only available with a vendor NDA, and we’d like to try to avoid making this mandatory for the community.Regarding the first part, there is an ECDH Key Agreement API that let you retrieve a 32 bytes secret — run it with the generator point of the curve, and you get the X coordinates of the public key.Then if you sign something, the host can perform a key recovery and send back the full public key to the card, which can verify it by signing and verifying an arbitrary message.This trick was first used by Toporin in the SatoChip appletThen, the SHA 512 problem.There is some open source code around which is unfortunately extremely slow (more than 10 seconds per round).Let’s optimize it taking a few Java Card properties into consideration.First of all, we want to avoid function calls.

Even more virtual function calls, which are resolved every time by the Virtual Machine.Then, we want to run everything in RAM.Writing to flash is of course always slower.But we usually have less than 4kB of RAM available for the application.Another interesting thing that comes to mind when browsing the Virtual Machine specification — accessing an array is slow, because the firewall needs to check both the size of the array and the type of the array.So we want to avoid arrays as much as possible.And last but not least, we’re running Java, so no unsigned types.Also portable Java Card, so the largest type available is a short.You can imagine that rewriting SHA 512, designed to be implemented on a 64 bits architecture is going to be fun.Long story short, after a lot of tears and preprocessing abuse, we did it, and now a single round runs in less than 1 second.Still slow, but workable.The technical issues being dealt with, let’s move to the deployment.Finding the right device is hard, finding the right device with open keys is even harder.

Yubico used to sell their Yubikey Neo with open keys, but not anymore.bitcoin block proof of workThere are other attempts to list suitable cards, and anything based on JCOP 2.4.2 should be fine.bitcoin dollar equivalentDon’t hesitate to point us to any interesting deal you could find.In any case, we’ll do our best to find some partnerships to let you try your own customizations and test new secure Bitcoin use cases in the most open possible way.gia bitcoin tang m?nhThis applet is an implementation of the Ledger Wallet Hardware Wallet specification emulating an NFC Forum Type 4 tag to display the second factor, with specific extensions It is compatible with the core API with a few limitations if not using a proprietary API to recover public keys - the public key cache needs to be provisioned from the client side.armory bitcoin not found

A demonstration of this application and workaround if no proprietary API is present is provided in the Python API and also in Mycelium Several other integration examples are provided on Ledger Unplugged product page Developers can also check if a Java Card platform is supported and its performance with the Eligibility applet All applet code is provided under the GNU Affero General Public License v3 - for any question or commercial licensing, reach us at hello@ledger.fr Ledger Unplugged sold by Ledger on the Fidesmo platform or downloaded on a Fidesmo enabled device includes an NXP implementation of the ProprietaryAPI interface which is only available under NDA, providing better performance regarding the speed of cryptographic operations.best bitcoin wallet singaporeUsers are free to switch between the commercial version and their own version compiled from those sources, after deleting it.bitcoin austin texas

The commercial version is also provisioned with an attestation key pair signed by a shared Ledger public key (see below) allowing a third party to check for genuine applications.Due to heavy optimizations using a C preprocessor, building is currently recommended on a Unix platform or with MinGW on Windows.Pre built files are provided for reference only.If you don't need to rebuild the preprocessed files, you can use an automated build with Ant.First download a recent Java Card SDK (at least 3.0.1) from Oracle and install it Then choose a building script - if building for an NFC only platform, build-no-ndef.sh is recommended.If you wish to test the NDEF second factor (typically on a platform supporting both NFC and a different interface), you can use build.sh instead Then modify the build script to point JCENV to the installation directory, and possibly the applet and ELF AIDs if necessary.For example Fidesmo mandates a specific AID according to your account configuration.Finally run the build script to generate a loadable .cap file in the build/ directory Installation can be done using global platform tools such as GlobalPlatformPro or GPShell Specific optional installation parameters are described in the Java Card application specification First you'll need to register a Fidesmo account Then you can use Fidesmo API to upload the generated CAP file, and create a recipe to install and delete the application You can use the following samples For a service recipe to install the application (without installation parameters), replacing with your AIDs, provided by Fidesmo For a service recipe to delete the application To perform a manual personalization, you'll need at least to : You'll need to rebuild a version of Ledger Wallet application with your specific AID Mycelium supports natively custom built versions of the application - just specify your instance AID in the Settings menu on the Ledger options group.