 Thank you very much for being here I am product manager for keycard. I'm going to give a quick introduction to what is keycard and then Andrea and Michele, we have two of the new developers for keycard that are going to be in the hands-on approach to keycard, so This is supposed to be a very hands-on workshop. You can get your computer ready We have keycards for you. We have readers. We are less readers than keycards So if there are not, we just need 14 readers to plug to your laptop If there's not enough, you can group maybe So Quick introduction to what is keycard, very quickly, and then we can get onto the hands-on workshop So, keycard So This is keycard, very simply put, it's big 32. Yeah, she called the termistic hardware wallet on a smart card So it's a framework that we've developed. It's open source and it's running on Javaka Well, it's not. It's not a simple NFC tag That you would use as a QR code or as an encrypted Data that you get through NFC. It's actually a small computer Keycard is an applet that runs on there. It's open source So you can check it. You can audit it. You can tweak it every way you want for your own application and It runs on very standard hardware. Actually, all of you here, you have a Javaka card on yourself right now most probably because Every piece of cards are running on Javaka and you will see the card in your phones or Javaka's too So the hardware are very common there are a lot of manufacturers for this and One of the consequences is that it's relatively inexpensive Since there are millions of smart cards produced and it has a very high level of physical security Meaning it would be very expensive Physically to get private keys out of this smart card The key card We are providing here and the one we produce in Stalas that we've integrated with our Stalas clients As two type of interfaces. It's both contactless with NFC So that it can integrate with either Android or iOS mobile applications And It's also got a physical interface like that Meaning you can with the USB readers that we've distributed connected to desktop application So that's key card. What can you build them with key card? To submit up quite quickly key card applets It's a hardware wallet so you can either generate a secret Within the card or you can import a secret. Let's say this secret is a seed Then you can make any derivation for a big 32 on the seed within the card And then the card is doing the time the sign of signature You see the signature of the transaction that is passing the card So your application is passing once it's set up and the secrets are here. They never leave the card and And your application is passing the transaction actually to the hash of the transaction and The card is in the signature and passing to the application the signature. That's what it does Why does it have added value? This cross security of your skin It's air gaps. It's offline. That's a not where what it your private key never leave and within your application provides The other thing is private ownership of the private keys to the end user This is tangible the private keys are here and then nowhere else And in terms of application obviously we can think about a lot of things most of us are hardware wallets We've got mobile hardware wallets or desktop hardware wallets. Oh, sorry Mobile or desktop wallet. This can be used to store the keys for identity systems This car is very convenient to hold the identity of the user or for any authentication So that's what's the card and what you can deal with it So we'd like this to be hands-on It's called we just arrived you can get some key cards And to connect them to your to your PC You need some of your readers already distributed some And if they are not enough, maybe you can Groups You can make small groups of three You I mean, let's make small groups with USB readers without a USB reader. We don't. Okay. There is this one. Is there one here? It's bigger than the other one. It's here. There's one more here. Is there one over there? Sure. Yes. Is there one over here? Yes. You got one? Okay. Let's try to find one over there. We don't have enough. We don't have enough. Thank you. Do you know how it works? Because we need to download these little things. Okay. I can check, but it's a few. Okay. I'm going to get this one right now. Yes. Yeah. I'm going to get this one right now. Okay. Okay. There's one over there. Do we want to... It's around six. Yeah. Megabyte. And this... Yeah. I don't want to talk about Megabyte. Yeah, you can. That's the one. Yeah. I can use it. Yeah. Yeah. Yeah. Yeah. Anyone else? Thank you. Thank you. I'll be free there. It's another one for you. Okay. I'm sorry. Stay here. I don't want to pay the water. Okay. So are you able to download at least the two releases of the first two links? Yeah. Because I didn't know it's... Well, otherwise, you can continue. But you don't want to download it. No. Hello. So, why the card is so... I already explained that the card was a very high level of hardware security. This chip are made only for the purpose of storing security for the... and computing for the... But basically to verify identity... The company that makes this chip is very... Everything is... Exploring all possible... So don't be attacked in such a way that attacking a card costs millions of dollars. The key is never in the card. So when you are signing with the... with the art of order, the signature is computed on the card. So it is actually a small computer, not very powerful, but very optimized for this task. And the communication between the card and the device that you're using is encrypted. This is the protocol that we implemented above the standard communication protocol. Because the use case of this kind of card is usually used to trust the device at the point of sales or for... But in our case, you can use it with any device. So we have a layer of encryption on top, which protects on many of the middle attacks. Even if they are quite hard to carry out, this kind of attacks can be empowered in any way. And it also prevents random devices sending commands to the card. I mean, it has a pin, for example. And if you send three times the wrong pin, it blocks the card. It would be inconvenient if anybody would... So if you don't... If you are not authorized to even send commands, you cannot block the card at all. So what are the steps to work on the key card? So there is the applet installation. This one is done in factory. So when we ship the blue key card, we show the applet is already installed. When the applet is installed, it doesn't have any secret. It doesn't have a pin. It doesn't have a puke. And it doesn't have the failing code, which is needed for the encrypted channel. So it's really blank. And then there is the installation phase, where you don't still create a wallet. You just define your own pin, puke and failing code within this way. So we don't have to handle the problem of the pin to be shipped in a separate envelope or a scratch code, which can be at the end of your period. You do it yourself on your device and you're safe. Then there is the key generation step. And this can happen in different ways, because of course we want people to be able to import the PAP39 seed phrase or already existing keys. You can load the key, a seed, a binary seed, or you can load just the key pair, even with a chain code or without. And then you can start signing a transaction. And then it's something that you can do only after you have to rise with the pin. So this means the card has to be like a regular ATM card. When you want to sign, you need to insert the pin and the card receives the hash of the transaction, not the entire transaction, because it's not very efficient. First and second, the card doesn't have the screen to show you the value, so it doesn't make any sense. And then you get the signal to the back and the port and the device you can submit this to the back. So that's basically it. Maybe Andrea? Yeah. Okay, so as we said, the key card is dual interface. So... Yeah, so you can use it with NFC and it's maybe the best way to use it, because you can use it with your mobile and the mental application with your Android and then it's easy like you just need to tap... I think you like. You just need to tap and it's easy to use. Otherwise, it's also contact. So we distribute now the USB reader and you can just use it also with a laptop. And so we release like the Java, so Android SDK some months ago already. In the last weeks, we developed the iOS so Swift SDK because with the newest iOS 13 it's possible like to send the APDU... Hello? Can you hear me? Yeah, so before iOS 13, it was impossible to send all kinds of APDU so all the comments that we needed and now it's possible. So I think the first application that was really support the key card is NOSIS that was raised yesterday and it's also safe and it's integrating like the key card as well to factor authentication so it's cool and thank you, thanks. It's then because they helped with the development. And so now if you want to try something, maybe doing something mobile would be longer because we need to develop something for mobile, compile it and deploy it to the phone. So we also developed this key card CLI so we can basically try to use it and see basically all the comments that you can use to interact with the key cards from scratch to sign the signature and signing the transaction and then basically get the same concept you can apply them to mobile application. So I don't know if you were able to download these two things that I was saying before. So the first one, so this is the key card applet and it's basically the software that is running on the key card and it's open source, it's here, state-to-state-m slash state-to-state card. And then the CLI says it's written in Go and you can... Yeah. Yeah. And this one is the CLI that was saying it's written in Go but you can download the release here. Then I was saying if you use Linux, you need to install and run the PCSC demo which is basically... which allows you to interact with the protocol. And nothing, so if you now use the USB and use the card and you can run... Let's say here... But once you're a USB reader, someone wants to type the comments. The one. Do you all have a key card? More here. Do you want to have two? Someone wants to play around with the comments live with the key card and the reader. Okay, so if you have the PCSC demo running and you install the... and you downloaded the key card with the command CLI, you can just run key card info and you basically know like something about the card that you inserted into the reader. So there are a few... things that you can see here. So it says if the applet is already installed, if it's initialised, there are the things that we'll see later. But it's not installed yet. So we can use all the key card installed tool. The command. Or we can use also... I will... Okay, so you can use the key card shell command and you can also type or direct a list of comments. And in this specific case, there's a list of like APDU commands that are needed to install the applet. So when you receive the key card or the blue key card that you can buy, the applet is already installed. So you don't need to do this. But if you are developing something for the key card and you want to upgrade or reinstall the applet or do something else, you need these kinds of commands so that you can reinstall everything. And another thing is that in a smart card, you can also install multiple instances of the key card. So it means that you can have five different HD wallets, which one with a different master key and then you just select a different one when you're interacting with the card. So in this case, if I run this, I also put the bug here and you can see all the APDU commands that are sent. So APDU commands are these bytes that are basically sent to the card. Each one is a set of plus bytes, instruction bytes, some parameters and some data. So in this case it's long because it's like uploading the applet and after this, you basically have the smart card in the same state of the one that you receive when you buy one. So it's installed but not initialized, which means that it's ready to be used, but it doesn't have the master key yet. So if we run again like the key card input that we run before, so now it says that it's installed. As you can see, so now it's installed. It's not initialized, meaning there's no it's not ready to be paired with the device. There's no key, so there's no UAD and there's just a key that it's used for the secure channel. So after this, are you trying something? So maybe if it's not working or if you feel to stop you want to see? Okay, so it will say when you receive the card it's not ready to I mean it's ready to be used, but you need to initialize it and this means basically creating the secrets. So the secrets that you use to use it later. So in this case so the first one is the pin the second one is the third one is the pairing password. So in this case if you run basically with the same shell scripts, whatever you want to to run this up. All these scripts are in the key card set repository, so if you want to use exactly the same share comments you have all the scripts. There's one thing that it invets here in the store script so it's the first one which you need to store the updates. It's still loading so maybe we can just run it here. Okay, so this one has a like path to the card so to the update downloaded before so you need to change it to the real path. So what is this? Okay, so so now I'm running the second script so this one is basically key card set so in here if I go back to the install you can see that there are some comments that are starting with GP and other with key card so GP is like means global platform so it's these standards used to communicate with the team. It's the card manager application on the card so it's the one that allows installing removing updates from the card and it's independent from the key card it's implemented in the card directly. So it's standard set of comments in general to interact with the card and in this case we use this because we are not interacting yet with the key card update and then we have some key cards so starting with key card comments that are basically just like replacing the X bytes that you send. And in this case we are selecting the output so the key card because as you said we can have the key card output and then other output like the visa or something else and then we set like the secrets so we can just for testing using this otherwise you can just not specifying and then key card init which is initializing so it's basically saying starting from now these are the secrets and you can use this card only if you know the secret and if you pair it with the pairing password and you need to use the bin for any signature for example so ok so after this so the key card can be paired with 5 devices so it means that every time you want to interact with the key card you need to pair and to be able to start the pairing comments you need to know the pairing of this one so the pairing password and after that you can call pair then opening a secure channel and then doing something so this script is basically not doing anything so it's pairing opening a secure channel and then un-pairing and I'm doing this un-pair just because otherwise I basically use one of the slots for the pairing and then every time you use another one and after 5 you have to know the pair bin and then I'm just using verify pin because for some comments you need to verify the pin for example in the transaction or in general for example here before so of course when you you don't need to pair every time you use the key card for example when you have a mobile application you just pair the first time and then with the pairing the session you are creating a key and that key you can store it in the phone and you use it every time you come into the card so it's basically once for each device that you want to pair and yeah so these are other script that you can run so for example this one is the number 4 so I can run this before and it's just getting the status of the card the same thing that we before so if it's installed if it's initialized and everything and then you can see the pairing key which is the one that we use to interact after the pairing session and then the pin retry so if every time you so you can put the wrong pin three times otherwise then you need to use the book to initialize the pin and everything so if we so at this point the the key card is initialized but it doesn't have a master key so there's another comment that you use which is generate key and this one is basically generating the key inside the card and then which is basically the master key there are other way to have like a master key in the card and you can generate it on the card or you can upload it or you can upload I think the indexes of a VIP 39 memorandum phrase and then the card is stored in the card and then you can start using it so yeah do you have any question also like if you have problems yeah I'm curious about is there a key sign into the menu in hardware I would assume so yeah yes so I think it would be a problem because it's it's really it's not even it's not even at the OS level that is implemented but there is a special part of the chip which does the computation so you have a chip supporting this card yes because that was a problem yes yes that's this is a startup now can you tell me all the chips on the market they support the course defined in the javacar specification and so they define the fp course like the sec already on yes because on the policy don't have it on Android and iOS that's the biggest problem because you cannot use the secure element for creating a mobile that sucks agree so don't change the that's why your patch has a point yes does it support BLS? no because of the I know it depends because I mean does it need the pairing for signing or is it only to verify it needs ok so with this yeah so it might be a problem I mean it depends the way you use it because well it depends so I'm curious about this other javacar that you mentioned are there locks on power? would I program on my sim card you can Andrea showed before this robot platform commands something that didn't put accent is that there is also a sort of secret channel and it has a key the issuer knows this key but you don't so when they sell you the card you don't know the key so you cannot but if you could the card is actually not locked so if you knew the key you could remove the sim card the one that we distributed now so they have the test keys so they are known the one blue that we can buy they have a different key but it's still known I mean it's like the key card keys but then I mean for the final release maybe we would generate I don't know random key but it's possible to like restore and refresh it or everybody will have their own key so I wouldn't be able to mess with somebody else the idea that after initialization you change this key on your device yeah yeah, do you guys experiment with just a unique key? no but I think they were doing something I don't know I was looking more into implementing because actually the UB key uses the same protocol so the same communication protocol so actually any implementation would be done for Java card but porting this to the UB key hardware we did something we needed as well another question is for example if I have an Estonian ID card our personal designing key from another government do you know if it's possible somebody release software to support it on this government? I don't know so if you can use the same applet on that card I don't know if it's like something so at least you can download as far as I know you can't extract the private key from the Estonian citizenship card like the government knows it so you can run but you cannot port the keys so is there a TSM that helps? it's a secure element so it's basically what is used for TSM for trust and how to manage the applet the applets are managed by the chips or by the module itself and if I investigate who your master is the key as we said the key is fixed so it's actually the user knows it but then the user can change it so they can change the key to load the applets so that nobody else can delete the original applets on their cards so we don't want to manage this centrally we want the user has the ability to load other applets and what they want with a card like this ok do you have any other question? I'm conducting an echelon attack ok so now we can generate the key so we can still use the share command and use the number 5 and it's basically doing the same that we did before so it's selecting the applets setting the secrets to be able to pair opening the secure channel verifying the pin so that because it's regenerating the key if it's already there in this case it was empty so it's generating the key and then I'm pairing so like using it you can start like signing transactions signing data one point is that the card actually has a true random number generator on board so generating the keys on card is really secure ok so yeah where did I get the entry for it's in the chip so it's certified to generate the applet I was just curious no it's a secret ok so now yeah so now there's the kickerstein command and it's basically accepting like 32 bytes of data and the script is like sending an empty byte and it's doing the same the usual select pairing opening the secure channel verifying the pin before signing and then I'm pairing so if I use it and then do this so the output is giving me like the signature you know and the signature so it's like probably in the past 27 or something well then there's a sign message which is actually implemented in CLI but it's not really on the SDK and then there's another concept about the wireless path so as we saw now every time you want to interact with the kicker you need to know the pairing password so for the first time you use it you can generate like the pairing key and then every time you want to sign some data you need to verify your pin so it's always something that you need to know so that you are only the owner of the card and the only one that you can use it so in general you only use the kicker with your own trusted device we can set a specific path of the HD wallet that can be used with a trusted device so it's for many things where you can be created so you can be like just to open the door here so that you don't expose any key that you are actually using for with your other wallet but you are still authenticating it or you can do something something like paying on a point of sale and with the risk of all the risk that you can have but you don't want to do that in an event something like this you can have just a few tokens on that path and you can just tap it on the thing and trust the device so the way you do it is like there is this setPillowsPath command and to use it you need to of course pairing and verify your pin the path of the HD wallet that you want to use and after this so so after this we set which path we can use with our PillowsPath and basically what we can do is signing with a PillowsPath so as you can see here the script is really too common so one is just selecting and the other one is like signing something and so the example is like using it for these other things and nothing there is another simple example about removing the key and it is basically doing everything and so this one is like just so if you are developing a mobile application that interacts with the the keycap the CLI can be useful so that you can easily restore or initialize or change the path and everything and but then the main SDKs are basically the one for Android and the one for iOS and they basically have the same common sets and inside the the status keycap jar so there is the package in general for Java and Android and then there is there is a demo and we compile like in Android if you are not ready for it there is another one for iOS and so it is basically very similar so the way it works is like a lot of Java code and then you basically initialize a common set and then you basically have the same common that we had before as a method of the common set basically so selecting and then let's see if there is something that is really same so like bearing and then getting the peer retro account so it's very easy to read and it's basically so in this demo it's basically integrating everything you need to have so it's easier to copy and use it so you mentioned iOS, what is the status of iOS as a support, is it? Yeah, so let me also find the other way so before I think I have one more test okay so we think so with iOS 13 which is the new one they implemented everything so they opened more API in the NFC core so you can basically send and receive all the APDs that you saw so you can have a full interaction and before that it was like only reading the ndev tag so it was only for NFC tags just storage yeah let's see here kick us with SDK and then there's an example application in the Moses repository and the common set is basically the same so you can check it and it's basically integrating all the comments in some way and now I don't know, I mean we saw everything so if you have questions or if you want to play with cards with CLI or if you want to use the demo app for Android and iOS and try to compile and deploy it and we're here to help and if you have more questions I think I will just speak up so I missed the beginning of the presentations so about that I was already mentioned but overall how would a status key card compare to something like a treasure one no screw so in general compared to the other hardware wallets so the key card has a very secure storage it's the same secure, more or less the same secure element like the ledger it doesn't have the additional part control in the screen and the buttons because it doesn't have the screen and buttons so it's a very secure storage it is inexpensive and it is a standard hardware so one of the points is that we don't have a product to sell and that is closed even if it's open source with schematics you still are not going to make it yourself but these cards you can find them we bought these white cards with the most of the outlet so there can be many issues of this there can be endless combinations with different features multiple outlets on the same card so from a security point of view it's the same basic of what is in a ledger the same secure element of course you don't have a screen and you don't have buttons so it's a compromise you have to trust the device in this secure channel protocol which at least allows you to pair with a specific device that you want to use up to 5 so you don't have random devices interacting with the card the card has the advantage of being very practical because everyone has an NFC leader so compared to USB solutions they can be also used but it's not as straightforward and it can be used also with USB card pages which are also quite common to find actually so it is meant to be convenient and secure and affordable I hope I answered your question and also for onboarding because it's like something cheap buy give to 5 of your friends so I mean for the physics something to add on the physics on the security so the software and the hardware itself the software can be edited and the hardware which is a secure element I mean these Java cards are usually certified the hardware products these ones are from NXP NXP which is one of the main supplier of Java cards they follow a certification program this one is EAL EAL5 plus certified so that follows a list of tests to test the hardware security how hard it is with a microscope with side channels attacks to get the secrets out so the hardware products themselves are also thank you you say you're expensive it really depends like we were saying at the beginning these Java cards are produced by millions they are in every phones so they can be really inexpensive when you do volumes the question of the price is more depending on your relationship with your supplier but roughly these things when you manufacture a couple of thousands you're below $5 for such a hardware it's quite simple is it possible to source different form factors? yeah usually there are these form factors or they can be just a simple SIM card without the antenna for phones but some suppliers do rings some do things that you can attach to physical objects then it's up to the guys that manufacture these if I can add to this so this the chip that is here behind this is from one manufacturer and the body of the car with the antenna is made by another manufacturer so this can be even embedded in electronic devices last question I was late can I still have a reader? finish them I don't think there are more thank you thank you very much I was just going to ask about manufacturers where can I source these and what kind of volumes there are so different actors first you need to find a chipset provider the guys that manufacture the chip per say so download such a big number this is NXP engineer NXP STM Samsung and then you need to find a manufacturer that's going to do the process that they describe that buys this chipset and then put them in the physical card and this type of supplier there are hundreds of manufacturers in Europe but there are tons of guys that know how to create a car and then the other thing you can consider is the level of security depending on what you download at the factory level in the car the level of security you want in the factory what we choose ourselves when we manufacture that is that there is not any secret in the car and so the security of the manufacturer on the process the cars are initialized with the phone do you intend to publish any application to direct the car from the phone yes so the status client is implementing now the force for kicker and there is also not status is from us of course and then there are third part application which also integrates of noses safe and wallet I think this one are released and then there are peoples writing you start the car of the system the cost the cost of the operating system of the car the car operating system are developed by you the operating system is developed by NXP I don't know maybe NXP buys it from someone else but they are shipped already on the chip no no there is this thing so the java card applet that we wrote is fully open source and it can be installed on any java card on any java card OS platform but the specification of the chips are under NDA we don't even have you don't need it to use it and to write so all OS they need the specifications and so they are all closed source by default I mean there is no other way the pin code without the secure channel for it be OS no no because if you we have thought that it's better to make pinless interaction with the point of sale the point of sale is untrust so if you enter your pin you are giving a secret to an untrusted device so it's better to have a separate wallet which has little funds and you know it's cash money and we are thinking about ways on how to mitigate the crowd risk and things like this but at least you don't give any secret because giving a pin maybe you are giving also a pattern to your other pins and that's risky are there any such chips on the market or where in the world that are open sourced out to the lowest level unfortunately not I'm having a close look at the risk 5 initiative because actually this thing is an microcontroller with a secure storage and a few other hardware accelerators for cryptography the cool thing what make this secure why an R chip is not secure and this one is is the topology of the transistor is randomized so if you is confiscated let's say so so if you take a microscope and you open whatever in the cup a microcontroller you can say exactly ok this is the round this is the round you open this one and you don't see anything so it's so I'm looking at the risk 5 initiative because it could be used at the basis but there is a lot of development cost to bring the same level of security so to make this really secure element can you import the key yes so you can import a key but you cannot extract the key even with password can you do the backup even with password you can never export the master key but that's the master key generated on the card right yes but for your material key can you export it? no but if you have the seed phrase you already have a backup six days outside of the card but you have an export function in the API yes I wanted to explain it the export function allows private keys and private keys but only under a specific sub-tree just a sub-tree which we have defined we wrote the IAP which should not be used to store any asset but can be used for authentication encryption in things off the blockchain but was there some restoration scheme yes if you can we are thinking about we can export from one something that the key with some other there is a duplication system but I think we are going to remove it because actually the better way is probably to use a multi-seq wallet where you can just change the card associated with it it's really like you can just replace the key you always have two, one somewhere great idea that's what we are going to do