Sorry if it is the wrong category for this post, I will move or delete it if it is wrong.
I am a crypto journalist and I could really use an implanted hardware wallet with all the added PGP capabilities as well as Fido2, OTP and so on. I am looking to also interview any people involved with the project if possible, but I am also looking for advice on implant choice.
Is there any other options supporting hardware wallet, PGP and 2FA features other than the Flex and flexSecure?
I see that flexSecure is a more hackable option but it looks like it does not have access to some Flex applets, are there any applications that are only accessible through the flexSecure?
My biggest concern with the Flex is whether it will still work well if some companies involved decide to close down and power off their servers. Is this the case?
Lastly, is there no way to add any custom applets to an Apex Flex? Only the flexSecure?
Also, if anyone involved with this or any other project is willing to take an interview please let me know!
PS: I pressed enter while writing this post for the first time and it published a partial post that I deleted, resulting in an empty thread that I do not see a way to delete…
Flexsexure is really for people who know what they are doing. It is self contained and really allows you to do what you wish. It is extremely secure if you need it to be.
Apex is for people like me who don’t really code as yet and are happy to be dependent on fidesmo and don’t need something ultra ultra secure. It is still pretty safe though in terms of your security unless you have actual issues with people like the CIA or more likely their equivalents in certain countries who really have no respect for rule of law. Even then they would need to know you have it and that you have something they want to invest in targetting you as opposed to just seeing you disappear.
Ultimately I figure no one really cares about the emails I write or the things I know or access so Apex works well for me. Plus if we ever do get payment options to will be through a 3rd party like fidesmo…
I am a tinkerer who dabbles with electronics, 3D printing and programming (mostly simple Python, but still.) I am not afraid of getting my hands dirty and would like the extra security, but I am really new to NFC and NFC-related applications so I am not sure what I could do with the flexSecure that is not possible with the Flex. On the other hand I know that some applets are only available for the Flex.
Can you give me some more concrete insight into what would be possible with the flexSecure only?
Security is a major concern for me working in crypto, I have been targeted by attacks multiple times in the past. Still, both the devices keep the keys locally if I understand it right, so both should work for me.
There are people here who are much are qualified to comment with precision, so I will leave that to them.
My simple understanding is the apex can only use fidesmo approved apps whereas you can load what you like (and I assume write or obtain from the community) you may want on the secure.
I would expect though from a security perspective, if you are worried about your private keys being stolen both offer very similar security in that they are physically located in your body so someone would need to know where they are and force you to give up the necessary passwords to obtain your local access.
Yeah, short of cutting off my hand and running off with it or the $5 wrench password cracking method I think stealing my keys would be next to impossible.
Edit: I just found a list of interesting JavaCard applets on GitHub. Do I understand well that I would be able to run all of those with the flexSecure but not the Flex?
I’m part of VivoKey, but I do hardware design not Javacard development. Regardless, I should be able to answer some questions for you and if they need correction someone will come along.
The Apex flex can only support applets that are deployed through the Fidesmo app store. That means deploying applets is easier, you’ll see more stability, and we will be able to deploy payment applets when the payment schemes allow it.
The flexsecure is a bare bones smartmx3 p71 Javacard with none of the Fidesmo elements provisioned. You can do whatever you want with it, but you have to set everything up yourself and deploy using Global Platform Pro or similar. If you misplace your keys for the flexsecure there’s no recovery available
Thank you, the payment element pushes me towards the Flex I guess. Is payment support expected to come soon?
Any interesting upcoming applets?
Would you mind if I send you a PM with questions for you and other team members as a journalist? I am still waiting for budget approval on this whole thing so I will wait for the interview.
Edit: Any advice on where to implant it? I like mountain biking, scuba diving and so on and I will fall from time to time so I want to put it in a place where it is unlikely to break.
I am also expecting it to not have issues due to scuba diving depth pressures…
Something that I didn’t realize right away is that VivoKey and Dangerous Things are sister companies/run by the same guy. Dangerous Things is more the hacker DIY side of things (which is admittedly where much of the whole scene came from anyway) with people wanting to experiment with what’s possible, with VivoKey catering more towards non-DIY consumers and businesses. VivoKey has the friendly app ecosystem that makes it easier for customers to install tested, reliable applets right from their phones without having to know about/keep track of the key that secures the implant or have specialized equipment/software. With this ecosystem, VivoKey is able to establish trust and agreements with companies that might be interested in deploying an applet for consumer use, but are leery about letting just anyone have a copy of the binary.
I own an Apex Flex. In my experience, if a useful applet comes up then VivoKey is proactive about testing it and putting it up for download. You can build and test whatever you want with a Flex Secure, but anything proprietary will probably only be available on the Apex Flex due to the trust factor.
It could go under Support but I’ll leave it here for now.
Also, a quick thanks for doing your research before asking questions
For either The Vivokey Apex Flex or the Flex Secure ( Identical form factor ) I would suggest Positions P1 - P4 are very good good options for most people including you and your hobbies
For either The Vivokey Apex Flex or the Flex Secure ( Identical form factor ) I would suggest Positions P1 - P4 are very good good options for most people including you and your hobbies
I had in mind to use the P2 spot but was afraid that maybe the wrist would have worked better when it comes to probability of damage. Will go with P2 then, thank you!
Do you have any resources to point me to that will let me better understand what could I do with custom applets and IDs? I honestly feel like what I am looking are the Applets already supported by the Flex, so the “maybe one day payments” arguments is enough to sway me that way.
In my experience, if a useful applet comes up then VivoKey is proactive about testing it and putting it up for download.
I guess I only get more convinced that the Flex is the right option then. I do not really have lots of NFC/RFID devices I interact with, so custom IDs or being able to clone them is not really important for me.
2FA, identity, PGP, hardware wallet and authentication is what I am after and there are options for that with the Flex.
