Skip to content
Our Javacard Implementation for making secure transactions within Status and Ethereum
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

What is Keycard?

Keycard is a an implementation of a BIP-32 HD wallet running on Javacard 3.0.4+ (see implementation notes)

It supports among others

Communication with the Keycard happens through a simple APDU interface, together with a Secure Channel guaranteeing confidentiality, authentication and integrity of all commands. It supports both NFC and ISO7816 physical interfaces, meaning that it is compatible with any Android phone equipped with NFC, and all USB Smartcard readers.

The most obvious case for integration of Keycard is crypto wallets (ETH, BTC, etc), however it can be used in other systems where a BIP-32 key tree is used and/or you perform authentication/identification.

Where to start?

A good place to start is our documentation site

You can also join the dicussion about this project on Status channel:

How to contribute?

Anyone is welcome to contribute to Keycard!

Most of our communication about the project is going on here:

Should you wish to work on an issue, please claim it first by commenting on the GitHub issue that you want to work on it. This is to prevent duplicated efforts from contributors on the same issue.

How to build the project?

The project is built using Gradle with the Fidesmo Javacard Gradle plugin. You can set the JavaCard HOME not only through the environment but also creating a file with the property "com.fidesmo.gradle.javacard.home" set to the correct path.

Testing is done with JUnit and performed either on a real card or on jCardSim. Although the tests are comprehensive, debugging on the real card is not easy because raw APDUs are not shown in the test log and there is no way to set breakpoints in the applet.

In order to test with the simulator with an IDE, you need to pass these additional parameters to the JVM



  1. Download and install the JavaCard 3.0.4 SDK from Oracle
  2. Clone the Github repo for our fork of jCardSim
  3. Create a (see below for an example)
  4. Run ./gradlew convertJavacard


  1. Follow all steps from the Compilation phase (except the last one)
  2. Disconnect all card reader terminals from the system, except the one with the card where you want to install the applet
  3. Run ./gradlew install


  1. Follow all steps from the Installation phase (except the last one)
  2. Make sure your JRE has the JCE Unlimited Strength Jurisdiction Policy Files installed. For more information check here.
  3. Run ./gradlew test

What kind of smartcards can I use?

  • The applet requires JavaCard 3.0.4 (with the addition of KeyAgreement.ALG_EC_SVDP_DH_PLAIN_XY ) or later.
  • The class byte of the APDU is not checked since there are no conflicting INS code.

The algorithms the card must support are at least:

  • Cipher.ALG_AES_CBC_ISO9797_M2
  • KeyAgreement.ALG_EC_SVDP_DH_PLAIN
  • KeyAgreement.ALG_EC_SVDP_DH_PLAIN_XY
  • KeyPair.ALG_EC_FP (generation of 256-bit keys)
  • MessageDigest.ALG_SHA_256
  • MessageDigest.ALG_SHA_512
  • Signature.ALG_AES_MAC_128_NOPAD
  • Signature.ALG_ECDSA_SHA_256

Best performance is achieved if the card supports:

  • Signature.ALG_HMAC_SHA_512

Other related repositories

Android installer

Java SDK for Android and Desktop

Swift SDK for iOS13 (WIP)

You can’t perform that action at this time.