cryptnox-sdk-py 1.0.3

Python SDK for managing Cryptnox smart card wallets.

cryptnox-sdk-py

Python SDK for managing Cryptnox smart card wallets

cryptnox_sdk_py is a Python 3 library used to communicate with the Cryptnox Smartcard Applet. It provides a high-level API to manage Cryptnox Hardware Wallet Cards, including initialization, secure channel setup, seed management, and cryptographic signing.

---

Supported hardware

• Cryptnox smart cards 💳
• Standard PC/SC smart card readers: either USB NFC reader or a USB smart card reader → Readers are also available in the Cryptnox shop.

Get your cards and readers here: shop.cryptnox.com

---

Features

• Establish communication with Cryptnox smart cards
• Initialize and manage card lifecycle
• Secure channel authentication and pairing
• Seed generation and restoration (BIP32 / BIP39 compatibility)
• ECDSA secp256k1 signing for blockchain applications

---

Installation

pip install cryptnox_sdk_py

Or from source:

git clone https://github.com/cryptnox/cryptnox-sdk-py.git
cd cryptnox-sdk-py
pip install .

Requires:

• Python 3.11 – 3.13.7
• PC/SC Smart Card service (pcscd) on Linux

On Linux, ensure the PC/SC service is running:

sudo systemctl start pcscd
sudo systemctl enable pcscd

---

Quick usage examples

1. Connect to a Cryptnox Card

import cryptnox_sdk_py
from cryptnox_sdk_py import exceptions

connection = None
try:
    connection = cryptnox_sdk_py.Connection(0)
    card = cryptnox_sdk_py.factory.get_card(connection)
    # Card is loaded and can be used
    print(f"Card serial number: {card.serial_number}")
except exceptions.ReaderException:
    print("Reader not found at index")
except exceptions.CryptnoxException as error:
    # Issue loading the card
    print(error)
finally:
    # Always close the connection when done
    if connection:
        connection.disconnect()

2. Test PIN code

In the PIN verification example below the card must be initialized before calling verify_pin.

import cryptnox_sdk_py
from cryptnox_sdk_py import exceptions

connection = None
try:
    # Connect to the Cryptnox card first
    connection = cryptnox_sdk_py.Connection(0)  # Connect to card at index 0
    card = cryptnox_sdk_py.factory.get_card(connection)
    
    # Once connected, verify the PIN
    pin_to_test = "1234"  # Example PIN
    card.verify_pin(pin_to_test)
    print("PIN verified successfully. Card is ready for operations.")
except exceptions.ReaderException:
    print("Reader not found at index")
except exceptions.CryptnoxException as error:
    print(f"Error loading card: {error}")
except exceptions.PinException:
    print("Invalid PIN code.")
except exceptions.DataValidationException:
    print("Invalid PIN length or PIN authentication disabled.")
except exceptions.SoftLock:
    print("Card is locked. Please power cycle the card.")
finally:
    # Always close the connection when done
    if connection:
        connection.disconnect()

3. Generate a new seed

In the example below the card must be init before generating a seed.

import binascii
import cryptnox_sdk_py
from cryptnox_sdk_py import exceptions

PIN = "1234"  # or "" if the card was opened via challenge-response

def main():
    connection = None
    try:
        connection = cryptnox_sdk_py.Connection(0)
        card = cryptnox_sdk_py.factory.get_card(connection)
        
        seed_uid = card.generate_seed(PIN)
        # seed_uid is of type bytes: display in hex for readability
        print("Seed (primary node m) UID:", binascii.hexlify(seed_uid).decode())
    except exceptions.ReaderException:
        print("Reader not found at index")
    except exceptions.CryptnoxException as err:
        print(f"Error loading card: {err}")
    except exceptions.KeyAlreadyGenerated:
        print("A seed is already generated on this card.")
    except exceptions.KeyGenerationException as err:
        print(f"Failed to generate seed: {err}")
    finally:
        # Always close the connection when done
        if connection:
            connection.disconnect()

if __name__ == "__main__":
    main()

---

Documentation

📚 Full API reference: https://cryptnox.github.io/cryptnox-sdk-py/

---

License

cryptnox-sdk-py is dual-licensed:

• LGPL-3.0 for open-source projects and proprietary projects that comply with LGPL requirements
• Commercial license for projects that require a proprietary license without LGPL obligations (see COMMERCIAL.md for details)

For commercial inquiries, contact: contact@cryptnox.com

========= Changelog

Version 1.0.3 - 2025-12-24

Added ^^^^^^^

• Added get_manufacturer_certificate() method to Base card class with hexed parameter for flexible certificate retrieval

Changed ^^^^^^^

• Updated get_manufacturer_certificate() in BasicG1 with multi-page APDU support for full certificate retrieval
• Updated manufacturer_certificate() function in authenticity module to use the new card-specific method

Version 1.0.2 - 2025-12-08

Changes ^^^^^^^

• Updated dependencies to resolve security vulnerabilities
• Improved Python 3 compatibility in cryptographic utilities

Added ^^^^^^^

• Implemented Python code quality scanning CI/CD pipeline using flake8
• Implemented security vulnerability scanning CI/CD pipeline using OSV-Scanner
• Added automated dependency security checks in GitHub Actions workflows

Fixed ^^^^^^^

• Fixed AttributeError: module 'cryptnox_sdk_py.cryptos.py2specials' has no attribute 'is_python2' error
• Fixed TypeError: can't concat str to bytes error in encode_pubkey() function
• Resolved info command issue that prevented retrieving card information
• Fixed Python 3.12 compatibility issues in py2specials.py module
  • Added proper Python 3 implementation for base 256 encoding/decoding
  • Fixed bytes/string handling in cryptographic operations

Version 1.0.1 - 2025-11-18

Changes ^^^^^^^

• Package renamed from cryptnoxpy to cryptnox_sdk_py
  • All imports must be updated from import cryptnoxpy to import cryptnox_sdk_py
  • Install using: pip install cryptnox-sdk-py
• Updated README.md with new package name and improved examples
• Updated valid PUK validation logic
• Updated GitHub Actions workflows for documentation and CI/CD
• Modified setup configuration (setup.cfg) for better package management

Added ^^^^^^^

• Added flake8 code quality checks to CI/CD workflow
• Added Sphinx documentation framework
• Implemented disconnect() method for Connection class to properly close connections
• Added comprehensive exception handling improvements

Fixed ^^^^^^^

• Fixed card not recognized error
• Resolved PUK retries persistence issue
• Fixed flake8 code style errors throughout the codebase

Removed ^^^^^^^

• Removed basic G0 cards references (no longer supported)
• Removed factory hashlib codes