No project description provided
Project description
Cryptnox Card
Warning: This is a beta release of the software. It is released for development purposes. Use at your own risk.
A command line user interface to manage and use of Cryptnox cards.
This provides basic wallets for Bitcoin and Ethereum.
It is able to execute cleos commands and use the keys on the card for signing.
To buy NFC enabled cards that are supported by this application go to: https://www.cryptnox.com/
License
The library is available under dual licensing. You can use the library under the conditions of GNU GENERAL PUBLIC LICENSE 3.0+ or contact us to ask about commercial licensing.
Installation and requirements
The package can be installed using pip package manager with:
pip install cryptnoxcard
The application can also be installed from source as python package. In the root of the project, execute:
pip install .
This installs the application into your python packages and makes the crytpnoxcard available as executable.
If during python installation its path was added to system path the executable, e.g. command is available system wide.
Windows Microsoft Visual C++ 14.x build tools
If you wish to install from pip package on windows, because of dependencies you will have to install Microsoft Visual C++ 14.x build tools that you can download from here: https://visualstudio.microsoft.com/visual-cpp-build-tools/
Linux additional packages
On some Debian/Ubuntu Linux systems there binaries for sme libraries are not delivered with the installed package. In this case install the following tools, so that they can be compiled during installation process.
sudo apt-get install build-essential autoconf libtool pkg-config python3-dev swig libpcsclite-dev
MacOS missing certificates
If you’re using macOS and the command CLI is showing issues of missing certificates, open Macintosh HD > Applications > Python3.6 folder (or other version of python you’re using) > double click on Install Certificates.command file.
Running the application
The application can receive commands directly in any command line, or can be started in Interactive Mode by starting without any arguments or options. The later will also start if the executable is called from a GUI, like Windows Explorer.
Exit input
Whenever an input is requested from the user: PIN or PUK code or any other information, the command execution can be exited with the keyword exit. When this is used the command stops the execution.
To not overcrowd the interface this is not mentioned when information is requested by the CLI.
Development environment
For development purposes or for running separately from the system environment pipenv configuration files are provided.
To set it up, use, from the root folder of the project:
pipenv install
or, if you want libraries for development purposes like pylint:
pipenv install --dev
To enter the new environment use:
pipenv shell
This will open a new terminal inside the one it was called from. From here all packages will be available to run the application.
From here the CLI is available as a script:
python cryptnoxcard/main.py
or as a module:
python -m cryptnoxcard.main
Secrets
Each card is protected by two secrets only known to the owner of the card.
PIN code
The PIN code must be 4 to 9 number characters (‘0’-‘9’). After entering the wrong PIN code 3 times the card PIN code is locked, and it must be unlocked using the PUK code.
Entering the correct PIN code resets the number of times the wrong PIN code can be entered.
PUK code
The PUK code must be 15 alphanumerical characters (‘a’-‘z’, ‘A’-‘Z’, ‘0’-‘9’).
Demo mode
Warning: Only use for testing purposes.
The card can be initialized in demo mode. This is done for convenience of the user as you don’t have to enter the card secrets. For this reason it comes at the expense of security.
The card is initialized with following infomation:
Owner name: “DEMO”
Owner email: “DEMO”
PIN code 000000000
PIK code 000000000000
When the application asks for any secret, PIN or PUK code, press “ENTER” key. The application will use the predefined information to fill it for you.
Demo mode on card is determined from the owner name and email.
Interactive mode
An interactive mode is available if the command is entered without any arguments and options.
In this mode the user will get a similar interface as a command line with its own prompt accepting same commands as regular call.
When the mode starts it will show list of available cards.
The prompt is also showing useful information:
cryptnoxcard indicates that the user is in interactive mode
Serial number of the selected card on which the command will be executed
Indication that the card is in demo mode
Seed generation
There are several ways to populate a card with a seed.
Those that need entropy use the random number generator on the card.
Backup
To use this way of creating a seed access to AWS is required. It is out of the scope of this documentation how to acquire Access Key ID and Secret Access Key from the AWS as it’s a third party service and may change.
After getting the entropy from the card the user is asked for AWS access keys, two regions and a name for the backup. Two regions are used for using KMS and Secrets Manager services on two separate machines to increase the security of the saved entropy. Name of the backup is used to identify which entropy will be restored with the Restore command.
The backed up information is retrieved for comparison with the original to make sure the saving process was successful and next time when the data is retrieved is the same as the entropy that is us for seed generation for the card. After this the seed is uploaded to the card.
After the operation a summary will be shown and saved to a file with the name of the regions and name of the backup.
This is safe way to store the entropy as the information for recreating is saved in the cloud in two separate regions chosen by the user. It is also simpler then requesting from the user to secure the mnemonic.
Dual Initialization
For this process two Cryptnox Cards are required. The seed is generated in both cards in a secure way. You will need to start the command with the first card for the host to get information from it. After that the user is asked to remove the card and insert the second card into the same reader. The information from the first card will be injected into the second card and a seed is generated in the second card at this point. The process is not finished. Information will be requested from second card and the user needs to remove the second card and insert the first card into the same reader. The information from the second card will be injected into the first card. At this time the first card will use the information to generate the same seed the second card has already generated. When the process has finished the two card will have the same seed in them and have access to the same accounts.
This is the most secure way to generate a seed while still having a backup. The seed newer leaves the card. The common information is used for it’s generation, but the information that was received from the card in the process is not enough to generate the seed.
Recover
Create seed from the mnemonic, BIP39, entered by the user and upload it onto the card. This mnemonic could be acquired by using the command Upload.
Restore
To use this way of creating a seed access to AWS is required. It is out of the scope of this documentation how to acquire Access Key ID and Secret Access Key from the AWS as it’s a third party service and may change.
If a Backup operation has been finished this command allows for retrieval of the entropy and it’s usage in populating a card with a seed. The user will be asked for AWS access keys, two regions and the name of the backup to be retrieved. The host tries to acquire the backup from the two given regions under the given name. The retrieved information is used to generate a seed that is uploaded to the card.
Upload
Get the entropy from the card. Generate mnemonic BIP39 and seed on the host. Upload the seed to the card. Show the mnemonic to the user for saving it, on a paper or electronic form for later recovery.
With the mnemonic the seed can be generated by anyone and access to funds connected to accounts gained. It is the responsibility of the user to keep the mnemonic safe and secure.
If the mnemonic is lost there is no way to recover the account and funds connected to it.
Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
Unreleased
Added
Separate CLI for working with NFT cards
eht command contract parameter to send ERC20 tokens
Fixed
Exception handling in multiple places.
2.0.0 - 2021-10-13
Added
Dynamic fee calculation for Bitcoin and Ethereum networks
Changed
Recovering seed from mnemonic compliant with BIP39
Derivation paths to be compliant with BIP44
Fixed
Send/transfer memo for EOSIO
Signing multi-input transaction for BTC with user key
Precision of amounts for sending
AWS backup wrong credentials crash the application
verbose option is not doing anything
EOS transfer doesn’t use sender but behaves as send command
1.3.2 - 2021-10-13
Changed
Ethereum endpoint through cryptnox node updated to use different domains on standard ports
With info command for balance show the issue instead of “–”
Fixed
exit keyword when input is requested from user, like PIN or PUK code
Bitcoin sending with multiple inputs is rejected by the node
1.3.1 - 2021-10-07
Fixed
Crash when calling config under currencies
1.3.0 - 2021-10-06
Added
card_config can update the status of PIN-less path and PIN authentication.
Changed
Configuration is saved into the card instead of a file.
Fixed
When waiting for card after card is detected the application crashes.
Ethereum network name conversion
1.2.0 - 2021-09-16
Added
New endpoint for Ethereum network used by default. User can still the infura network with a project key
Changed
Ordering in config command to BTC, ETH, EOS.
When changing PIN or PUK code message made clear that the card is not initialized.
Resetting uninitialized card message updated.
User key check if card is initialized before continuing.
In change_puk check current PUK before asking for new one.
Show warning on command if card origin is unknown or fake instead of exiting command.
Fixed
In demo mode when asked for PUK code, entering anything will go into loop asking for the code.
There is no message when adding piv, but piv is not present
1.1.0 - 2021-09-16
Added
Backup and restore of entropy for seed generation to KMS in HSM.
1.0.2 - 2021-09-09
Changed
Improve setup process.
1.0.1 - 2021-08-20
Fixed
Update package on PiPI.
1.0.0 - 2021-08-20
Added
Command line interface with commands for interacting with Cryptnox cards.
Interactive mode.
Pipfile and requirements for setting up environment.
Setup file to install the library.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file cryptnoxcard-2.1.0.tar.gz
.
File metadata
- Download URL: cryptnoxcard-2.1.0.tar.gz
- Upload date:
- Size: 149.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.7.1 importlib_metadata/4.10.0 pkginfo/1.8.2 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.7
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 2dd4d8af66942936ac7df0a3c17c31c384172c69193f394de0b8d5d58d0243e0 |
|
MD5 | 0a0ad9d34ad0776384a35ec29000834a |
|
BLAKE2b-256 | ebc1e56441d89bac5db5c868acd4ec9e6c087d009f9e7591da12bd3249700f11 |