Go there to see all the wallets and currencies it works with. I think they are specifically lacking a mobile wallet app at the moment.
2 Likes
Why not just take a privkey generated offline at your daemon; transfer that to the implant via proxmark, inject subdermally at exactly any novel implant @amal sells and forget it was ever implanted? Unless you can say more about what utility this applet will provide you that you actually need? privkey + import at exactly any wallet; including those within Tails should be more than enough. I’ve been doing it with validation rewards using Pistol, our node.
I am not sure if I understand your question correctly - the idea of this applet is that the actual transactions are signed on the chip itself, such that the private key never leaves the chip (and never can). You could of course use any other technology / applet to just keep a simple backup of your private key if you wanted to.
1 Like
What is the utility of signing a transaction at the chip itself; when there are a myriad of applications (bitcoin wallet within Tails) at which one could import a privkey once scanned offline using a proxmark?[quote=“StarGate01, post:44, topic:20503, full:true”]
I am not sure if I understand your question correctly - the idea of this applet is that the actual transactions are signed on the chip itself, such that the private key never leaves the chip (and never can). You could of course use any other technology / applet to just keep a simple backup of your private key if you wanted to.
[/quote]
The idea of the Satochip wallet, the Keycard Wallet and most other hardware wallets is to keep the private key inside the protected, write-only storage of the chip. Similar to a TPM module in your PC, the chip can only use the stored private key (e.g. for signatures), but not export it.
This means that the private key is never stored on a potentially unsafe / network connected system (i.e. a PC), dramatically reducing the chances of having the private key stolen.
Even if you were to scan the applet using a proxmark (which I do not recommend for smartcards, use a proper PC/SC compliant reader instead), you would not be able to export the private key from the chip.
“This means that the private key is never stored on a potentially unsafe / network connected system (i.e. a PC), dramatically reducing the chances of having the private key stolen.”
If the keypair is generated offline; and transferred to the implant at a device disconnected from the internet there is zero risk. Nobody is going to go hunting for something subdermal like a flexSecure if it’s deeply seated at the body below the fascia.
It would be difficult to detect something subdermal and henceforth one wouldn’t really be at risk for having their privkey swapped from their implant; the same way one might expect to get simswapped. Having a subdermal kind of ledger seems like it wouldn’t be worth the R&D.
Let’s get right to the point here. The only reason you should ever want to push a key in vs having the chip generate a key pair is so you have a backup of the key. This makes sense in an “all your eggs in one basket” scenario.
Very often the use case of a chip based public private key pair is not cryptocurrency… it’s usually like chip or device authenticity. Register this card with a system and later the card can prove it’s authentic. To what end is up to the application, but the point is that the system can basically guarantee that the private key generated on the card / chip has never been leaked or seen outside the card / chip. That’s powerful.
Since cryptocurrency is a different kind of application, I can understand if you don’t want to put your money on the line and trust the chip will never break or stop working. That’s a risk.
However, I think generally people consider NFC hardware wallets imperfect anyway because there is no user interface to view or confirm transaction details, thus you have to trust the reader or application interacting with the chip.
This limitation of NFC chip based wallets automatically limits best practices for use to “daily wallet” type activities where only small amounts of cryptocurrency are allocated to such a wallet. In this scenario, does it really matter if you generated the key inside the chip and thus have no backup of the private key? Probably not.
If you want to be able to push a private key in as a one time write event, you could develop or modify an applet for this purpose.