I don’t have much experience with the SC applet side of java but in general you can get reproducible builds there with only minimal fuckery JVM — reproducible-builds.org
To confirm, this means getting your own smart cards and getting them converted into implantable form? That might be an option, I have to admit that while I’m good at security/crypto I have very little experience with physical things so I don’t know what the constraints would be here.
That’s obviously not ideal but something I’d be willing to deal with. (In fact, if anyone’s currently working on code/convenience scripts/ecosystem to operate this chip more openly, including things like key management, I’d be happy to contribute!)
Awesome! I look forward to hearing more about this.
If you want one which isn’t supplied by Fidesmo these are the only ones I’ve found so far, and dual-interface so probably no good for implant conversion but useful for testing and development.
I’d be happy to send you one of my minimum 10 order once it arrives here if you’d like.
Fair warning, I have not completely worked out what’s required as far as keys, development environment etc so it’s going to be very much an experiment on my part.
Thanks for the response. I’ll probably pick up a pack and just play around. It would be awesome to have a way to set your own master keys etc… And I totally understand why apex needs it for fedisimo to work and have hopes of payments.
I’m very familiar with the process of pushing out OEM devices, however on a bit larger scale, but have taken a keen interest in NFC especially after my first implant (xSIID) and now I just installed an xM1 after my titan. I’ll be figuring out the DF2 and apex shortly and still have a NExT to install.
I haven’t enjoyed electronics this much in a while!
I have some neat ideas and a possible opportunity to make some things happen with AOSP, but we will see if I can get my proposal approved
I want to use OTP to login to my phone with the apex (or a custom one!).
You can load OTP, FIDO2, FIDO u2f. So you still need an app like the vivokey authenticator app, bitwarden, or any number off others. I use the authenticator app and bitwarden. My vivokey acts like a master password to get into those.
even though apex has a lot of storage (80kB) compared to the NExT or even the xDF2 / flexDF2 (8kB) … it’s still a far cry from what would be needed to store a ton of password data. This is why the Apex will not likely ever have a natively stored password database. The best bet will be to use Apex as a key to access / decrypt an encrypted password database of some kind… either access to a cloud based password manager, or literally decrypting a password database file like how Keypass works.
ndef is quite wasteful actually… if you have to have a special app or something to decrypt, then you might as well sort yourself out a raw storage applet and write your own interface for it. that way you could store raw binary without need for message and record headers etc… but still, it’s not likely to be worth doing at all because of the limited number of site credentials you could store.
to make it work you’d have to store not only the username and password for the site, but also the url of the site so you know which website the credentials are for… and maybe you could do some substitution for username … like ^1 means username 1 which is like my@email.bro and ^2 means other@email.hah or whatever… but still you would run out of room pretty fast.
JVM — reproducible-builds.org