Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/coinkite/coinkite-tap-proto

SATSCARD and TAPSIGNER from Coinkite
https://github.com/coinkite/coinkite-tap-proto

bitcoin nfc wallet

Last synced: 14 days ago
JSON representation

SATSCARD and TAPSIGNER from Coinkite

Host: GitHub
URL: https://github.com/coinkite/coinkite-tap-proto
Owner: coinkite
License: other
Created: 2021-11-18T15:11:23.000Z (almost 3 years ago)
Default Branch: master
Last Pushed: 2024-04-26T15:32:40.000Z (7 months ago)
Last Synced: 2024-04-26T16:48:17.800Z (7 months ago)
Topics: bitcoin, nfc, wallet
Language: Python
Homepage: https://dev.coinkite.cards
Size: 1.42 MB
Stars: 47
Watchers: 7
Forks: 20
Open Issues: 1
Metadata Files:
- Readme: README.md
- Changelog: CHANGES.md
- License: COPYING-CC

Awesome Lists containing this project

README

# Coinkite Tap Protocol and Helper Program

This Python library enables easy communication with **TAPSIGNER^™**, **SATSCARD^™** and **SATSCHIP^™**.

Repository contents:

1. The protocol specification
2. Python library for speaking the protocol
3. Supporting documentation

Examples/Libraries in other languages:
- C++ https://github.com/nunchuk-io/tap-protocol
- React Native https://github.com/bithyve/cktap-protocol-react-native
- ffi https://github.com/thunderbiscuit/cktap-ffi
- Rust https://github.com/notmandatory/rust-cktap

Recommended NFC desktop reader
- HID Omnikey "CL5022 CL" works well in Windows, Linux and MacOS.
- https://store.coinkite.com/store/nfc-read-b

## Documentation Links

- **[Docs and Spec subdirectory (./docs)](docs)**
- [Protocol specification](docs/protocol.md)
- [NFC specification](docs/nfc-spec.md)
- [Best Practices and Warnings](docs/best-practices.md)
- [Developer's Guide and Usage Hints for TAPSIGNER](docs/tapsigner-hints.md)
- [Emulator README](emulator/)
- [Testing README](testing/)

# Install

## Setup For Everyday Use

First update `pip` to latest version and install wheel (otherwise
legacy setup.py install will be used)

```shell
pip install -U pip wheel
```

Install `cktap`, our helpful command-line program, with just:

pip install 'coinkite-tap-protocol[cli]'

**OR**

If you just want the Python library by itself, use: `pip install coinkite-tap-protocol`

## Setup If You Might Change the Code

1. Do a git checkout
2. Make a fresh virtualenv (suggested)
3. Run:

```
# only library
pip install --editable .
# or with cktap cmdline utility
pip install --editable '.[cli]'
# for testing purposes
pip install --editable '.[test]'
```

This installs `cktap` and any changes you make will be immediately
reflected in the installed version.

## Requirements

- Python 3.6 or higher
- `pyscard` for access to smart card readers
- A supported smart card reader. In theory, all smart card USB CCID class-compliant
devices should work. Our observations:
- **ACS ACR1252U** - okay and widely available, and for sale by Coinkite
- **Identiv uTrust 3700F** - reliable and looks nice
- **HID Omnikey 5022 CL** (not 5021) - fast, cute, and small
- **HID OmniKey 5427 CK** - tested Gen1 device, fast, reliable, must disable keyboard wedge via EEM interface on device at `http://192.168.63.99/`, when correct will identify as VID:PID `076b:5427`
- **NOT recommended:** ACS ACR122U. It can work, and is widely available, but is not reliable.
- See `requirements.txt` file for python packages needed.

## Ubuntu/Debian Notes

Installing `pyscard` require SWIG and libpcsclite:

```shell
# run below before installing dependencies with pip
# tested on Ubuntu 20.04 (only)
sudo apt-get install swig
sudo apt-get install libpcsclite-dev

# some newer debian-based distros (ubuntu24) require:
sudo apt-get install pcscd
sudo systemctl enable pcscd
```

## Fedora/Red Hat Notes

Installing `pyscard` requires SWIG and the pcsc-lite library:

```shell
# run below before installing dependencies with pip
# tested on Fedora 37 (only)
sudo dnf install swig pcsc-lite-devel
```

## Windows Notes

Installing `pyscard` may require SWIG:

1. Download .zip from .
2. Extract and move into `C:\Program Files`.
3. Add that to system PATH.
4. Test: `swig` at command prompt should work.
5. Run `pip install pyscard`.

## FreeBSD Notes

Tested against 13.0-RELEASE.

1. `pkg install py38-pyscard py38-coincurve`
- follow devfs.conf instructions
- install usr/ports/devel/libccid
- add `pcscd_enable="YES"` to rc.conf
2. `pip install base58`
3. `pip install -e git+https://github.com/coinkite/python-bip32.git@iss27#egg=bip32`
4. Make your virtualenv with: `virtualenv ENV --system-site-packages`
5. `pkg install py38-secp256k1` (pulls a tragic set of dependencies)

**NOTE:** SWIG is needed to build wheel for `pyscard`. You may need to run `pkg install swig`.

## Emulator

Python code for an emulator which communicates with `cktap`
via a local Unix socket. It's provided without warranty and isn't
installed by default. `cktap` prefers to speak to the emulator
if it is running.

See [README for emulator](emulator/README.md).

# Using the Library

### SATSCARD

```python
>>> from cktap.transport import find_first
>>> card = find_first()
>>> print(card)

>>> card.address()
'bc1q7h0u5yn8y4pajn94ze4gnhz487c8ysvekusqj5'
```

### TAPSIGNER

```python
>>> from cktap.transport import find_first
>>> card = find_first()
>>> print(card)

>>> card.get_xpub('123456')
'xpub6DXuQW17LykdXFyEtRrq9Z3MAegRPLAwFovT34afzK6NNHkwJrWCs4Knhrjf1U22QSSbykyzpfRsDZc9ryk9b6VUfGp89vkQw6YjY4CaEQ3'
```

# Using the CLI

## Providing CVC

Any command which reveals private key info or changes the state of
the card requires the 6-digit numeric code from the back of the
card (called _CVC_, _spend code_, or _Starting PIN Code_ on TAPSIGNER).
You can provide this on the command line, or omit it. Commands
requiring the CVC but entered without it will prompt you for the
CVC. Some commands display limited information without the CVC.
To see more detail, include the CVC on the command line.

## Most Useful Commands

### cktap library

`cktap --version`
- Get the version of cktap library

`cktap list`
- List all cards detected on any reader attached

`cktap certs`
- Check this card was made by Coinkite

## For both SATSCARD and TAPSIGNER

`cktap status`
- Shows status info.

`cktap setup`
- Tells card to pick private key. Chain code can be provided by user. User can [verify](docs/best-practices.md) that provided chain code was used.
- called only once on TAPSIGNER, and for each slot setup on SATSCARD

### For SATSCARD

`cktap open`
- Opens Bitcoin Core or your other wallet by activating the BITCOIN:addr URL scheme for the current slot of the card.

`cktap qr`
- Displays deposit QR code.

`cktap unseal`
- Unseals the current slot and shows the WIF for funds sweeping.
- WIF must be imported into a blockchain-aware wallet.

`cktap balance`
- Calls a web service to get UTXO and show current Bitcoin balance.
- Uses `tord` (if running locally) to proxy the request.

### For TAPSIGNER

`cktap xpub`
- Shows the XPUB in effect.

`cktap backup`
- Saves the card's XPRV into an AES-128-CTR encrypted file with the current date.

`cktap change OLDPINCODE NEWPINCODE`
- Use to change the PIN on the card

`cktap path`
- Shows the derivation path in effect, by default: `m/84h/0h/0h`

### For SATSCHIP

`cktap upload -i /path/to/image.jpg`
- collects artwork meta data (title, description, etc) and uploads signed
result to public server

## Detailed Examples

```
% cktap
Usage: cktap [OPTIONS] COMMAND [ARGS]...

Interact with SATSCARD and TAPSIGNER cards via NFC tap.

Command marked [TS] are only for TAPSIGNER and [SC] only for SATSCARD. All
[TS] command also work on SATSCHIP (for artwork).

You can use "bal", or "b" for "balance": any distinct prefix for all
commands.

Options:
-i, --card-ident BLAHZ- Operate on specific card (any substring is enough)
-w, --wait Waits until a card is in place.
-v, --verbose Show traffic with card.
--pdb Prepare patient for surgery to remove bugs.
-e, --emulator-cert Use root cert key generated by emulator
--root-cert-pubkey TEXT Provide alternate root cert key for certificate
checks (testing only)
--version Show the version and exit.
--help Show this message and exit.

Commands:
address [SC] Show current deposit address
backup [TS] Backup private key from card into AES-128-CTR encrypted file
balance [SC] Show the balance held on all slots
certs Check this card was made by Coinkite: Verifies a certificate...
chain Get which blockchain (Bitcoin/Testnet) is configured.
change [TS] Change the CVC code (PIN code)
check Verify you have the spending code (CVC) correct.
core [SC] Show JSON needed to import keys into Bitcoin Core
debug Start interactive (local) debug session.
derive [TS] Change the subkey derivation path to use (shows xpub)
dump [SC] Show state of slot number indicated.
json [TS] Dump wallet values in JSON format similar to Coldcard...
list List all cards detected on any reader attached.
msg Sign a short text message
open [SC] Get address and open associated local Bitcoin app to...
path [TS] Show the subkey derivation path in effect
qr [SC] Show current deposit address as a QR (or private key if...
setup Setup with a fresh private key.
status Show a few things about status of card
unlock Clear login delay (takes 15 seconds)
unseal [SC] Unseal current slot and reveal private key.
upload [SATSCHIP] Upload an image and artwork's metadata to public...
url Get website URL used for NFC verification, and optionally open it
usage [SC] Show slots usage so far.
version Get the version of the card's firmware installed (but not...
wif [SC] Show WIF for last unsealed slot, or give slot number
xpub [TS] Show the xpub in use

% cktap list

% cktap -i RUIXK status
-- TAPSIGNER Card --
Card ident: RUIXK-5XI6U-G55IQ-DVGVI
Birth Height: 723471
Number of backups: 25
Current derivation: m/84h/0h/0h

% cktap -i 26NKY status
-- SATSCARD --
Card ident: XDXKQ-W6VW6-GEQI3-ATSC2
Birth Height: 700001
Active Slot: 7
Address: tb1q779z3npw49qs3rhyk8zhh7l0sgyr9uphm6jlp0

```

% cktap qr -o today.svg
(SVG of QR is saved to file)

% cktap addr
bc1qu4vsv2jqgl0y30ehrs4d0dg23xazpgnxdwuqum

% cktap wif -s 1
Enter spending code (6 digits):
p2wpkh:L16cgmhZJWD7fq3eDi3gL7Yko6WYixxZi4f5T3XxxDCF2HnZdHJa
```

### TAPSIGNER

```
% cktap status
-- TAPSIGNER Card --
Card ident: RUIXK-5XI6U-G55IQ-DVGVI
Birth Height: 723471
Number of backups: 25
Current derivation: m/84h/0h/0h

% cktap backup 347634
Wrote 109 bytes to: backup-RUIXK-2022-02-16T0926.aes

% hd backup-RUIXK-2022-02-16T0926.aes
00000000 d6 3e 40 59 f0 fd 7a 3d 06 67 a5 94 0b 5d 01 09 |.>@Y..z=.g...]..|
00000010 27 58 c3 2a 1f c1 66 d9 84 84 25 96 af 71 23 a1 |'X.*..f...%..q#.|
00000020 0b bc aa ba c1 a3 98 6d f2 cd 9c 24 51 8c f7 bf |.......m...$Q...|
00000030 09 ad 53 0d 9b 07 2b 8e 12 be 73 24 3a 09 a9 3d |..S...+...s$:..=|
00000040 26 6c 98 59 34 95 aa 78 a1 0b 7a 2b 77 98 1f 7a |&l.Y4..x..z+w..z|
00000050 d1 cf d6 e6 fd 31 b3 88 1a d9 df 68 03 a3 8b 06 |.....1.....h....|
00000060 db 66 ef d6 ea 5f 5f 08 9a ed f2 2a 71 |.f...__....*q|
0000006d

```
For more information about specific `cktap` commands check `docs/cli.md`