Just seen it! Anyone can confirm?
Yes.
Please develop an easy to use guide, that is not for software engineers only, on how to use all these apps properly.
Thanks
Indeed. Iāll start planning out a guide.
2 Likes
Dunno if this is the right topic for this, but can we have some improvements in Apex Manager app ?
1st can we have the option in the app to generate keys for the Smart PGP applet ?
2nd can we have a memory breakdown per applet ?
3rd can we have the Apex Manager app working with the vivokey login?
4th some of the docu links in fidesmo applet description is missing or very slim.
1 Like
its on the roadmapā¦ just pretty far down the prio list at this exact moment
probably not actually. i donāt think itās even possible with full ISD accessā¦ @StarGate01 @BryanJacobs any thoughts? I think it may be possible if each applet surveys its own memory use and reports itā¦ but part of the way Fidesmo deploys applets is each applet goes into their own security domain, which is by design meant to isolate each applet and its memory from one anotherā¦ for security. Because of this, I donāt think any one applet could know the memory use of other applets.
If you mean the OpenID Connect IdP that currently supports Spark chips, the short answer is - eventually yes, Apex will be supported for something like this. The longer answer is that there are undulations that will have to be sorted through first such as actually decommissioning the current system and building a new IdP off the new api.
Ah yes these all need updates pretty badly. Itās on the to do list!
1 Like
The only way to get close to slowing a memory breakdown per app is to " remember" the memory status before and after each app install.
As you say, you canāt get it inspecting the card from outside. If thereās a magic GlobalPlatform way I donāt know it.
2 Likes
Indeedā¦ then we have dynamic memory use for apps like otp etc.
@amal could you please share whatās on the Apex roadmap? Thanks a lot!
There are a couple things on the road map I think I can share at this point.
First is we are switching to a fully open source implementation of Fido2 applet that is ctap2.1 compliant. More details coming soon.
Second we are working on a lot of utility stuff to make using and managing apex based products easier / better. What those things are exactly, I donāt think is a good idea to reveal at this pointā¦ but working to make all of the management aspects of each applet available in a mobile management app is paramount.
7 Likes
Any timeline for the Apex Manager iOS app?
Not really a timeline but itās in the works.
Slight derailment, I am trying to write down rsa4096 bit keys in the apex with openkeychain and itās failing. Is this a bug of the smartpgp applet? Anyone else having the same issues? I do have enough free space. rsa2048 and ECDSA, NIST P-521 works fine, but NIST P is not very well supported on some of my routers. Thanks
This needs more explanation but basically you need to initiate the applet to support 4096 rsa keysā¦ which I believe wipes out your previous keys. @StarGate01 should know a bit more about itā¦ and weāll definitely be exploring this as part of the management app
1 Like
Yup, I red this under
but I do not think I have a way to do so via fidesmo interface(I was wrong, this should be from the apex manager interface, fidesmo is responsible only for delivery)
Honestly for now I am still setting it up so I do not care much if I have to nuke the applet and the keys inside
p.s. 
fido2 opensource applet
second edit, I would have to order ACR reader it seems or wait for [WIP] Use proxmark3 as standard PCSC smartcard reader by gm3197 Ā· Pull Request #2030 Ā· RfidResearchGroup/proxmark3 Ā· GitHub
to get merged.
So it seems using SmartPGP/bin/smartpgp-cli at master Ā· github-af/SmartPGP Ā· GitHub
I should be able to
'switch-rsa4096': CardConnectionContext.cmd_switch_rsa4096,
Re: 4K RSA keys.
See flexsecure-applets/docs/applets/1-pgp.md at master Ā· DangerousThings/flexsecure-applets Ā· GitHub , find the CLI tool in SmartPGP/bin at master Ā· github-af/SmartPGP Ā· GitHub , the command you need is ./smartpgp-cli switch-rsa4096 to properly initialize the applet.
3 Likes
We will integrate this kind of stuff into the manager app ā¦ eventually.
2 Likes
No worries folks, as long as there is a possibility to reconf the applet, I am okay with that. I do not care if I have to do it with app, python script or something else. Maybe some not so technical users may object that this is missing from the app. Actually I red that enabling support of rsa 4k require applet reconf, but I did not recall where exactly in github it was. On top of that, I spent some time going in the cryptography rabbit whole researching even more RSA vs ECC. Lack of sleep and cryptography match like bread and butter. As an outcome Iāve did some recompiling, and bringing ecc support into the devices that did not initially supported it. ECC looks like very nice use case where memory for storing the keys is/may be limited. My appex is almost full by now 
1 Like
One more wish: An applett for emulating NTAG 424 DNA with JavaCards. Would make it usable as a boltcard for BTC.
1 Like
what exactly is it doing? if itās using the AES auth feature then an applet would only be half of your problem - you would not have the keys necessary to properly register the applet with boltcard.
nowā¦ if anyone knew someone at boltcard and we could strike a deal of some kind, we could solve that problem.
U get the keys from an lnbits-instance.
2 Likes