cryptnox-logo
Shop Now

Hardware Wallet technical specifications

Phone Application Characteristics

Our mobile application supports both iOS and Android platforms, providing a seamless experience for managing your hardware wallet.

Supported Blockchain Networks

  • Bitcoin
  • Ethereum Virtual Machine (EVM) networks, including smart contracts
  • Tron
  • ERC20 tokens can be manually added

For a more detailed guide on how our hardware wallet integrates with Ethereum Read here

Signature Provider Functionalities (via Mobile App)

  • QR-based hardware wallet compatibility with Metamask QR code communication (EIP 4527)
  • Web3 Dapp connectivity via WalletConnect

Kiosk Mode

The application can be configured into a card “point-of-sale” terminal for secure transactions

Card Initialization Options

  • Dual Card Init (default): Identical BIP32 seed generation via a secure channel (Diffie Hellmann & shared secret)
  • Single Card BIP39 Seed Injection: 12-24 word mnemonic support
  • Internal Key Generation: Most secure option using a True Random Number Generator (TRNG), but note that the BIP32 seed cannot be extracted or backed up

Card Administration

  • Change PIN
  • Change PUK
  • Reset card

Desktop application

Our desktop command line application for advanced users is available for:

  • Windows, macOS, and Linux

Card technical specifications

Authentication

  • PIN (4 to 9 digits) / PUK (12 characters). Card power cycle needed after 3 wrong PIN. Card locked after 12 wrong PIN (4×3). Can be unlocked with the PUK.
  • Slot NIST256 R1 signature authentication (mobile phone secure element or PIV) x 1
  • Slot RSA2048 (Windows Hello TPM) x 1
  • Slot for Webauthn/FIDO2 x 1
  • Option to set a dedicated derivation path which doesn’t require the PIN to sign.
  • Possibility to disable auth by PIN once a key slot is filled.

Secure channel

  • AES256 from Hash (ECDH, PairingKey)
  • With MAC
  • 256 bits pairing key
  • Key in the card certificate tree

Custom user data

  • At initialisations : 20 + 60 bytes user data filed (email/name)
  • 6 custom bytes provided at SELECT
  • 3600 bytes private data buffer

Digital signature

  • ECDSA on “Koblitz Bitcoin” 256 k1 curve
  • ECDSA on NIST P256 r1 curve
  • BIP 340 “Schnorr” signature (256k1)
  • EOS 32 bytes loop option

Key deviation

  • BIP 32 key derivation function, with SLIP10 standard for NIST 256R1 curve. Max derivation depth is 8 levels
Random number generation
  • True Random Number Generator (AIS31 compliant)

Encryption/ Decryption

  • ECIES using an EC key in the BIP32 tree. Based on DECipher from OpenPGP

Authenticity

  • Dynamic card key authentication. Card is loaded with a unique card certificate signed by the factory root key

Logging

  • Counter of number of signatures (4 bytes)
  • History of last 149 signed hash
Reset function
  • With PUK only

Communication Interfaces

  • ISO/IEC 14443 (NFC Contactless)
  • ISO/IEC 7816 (Contact)

Chipset and Base Operating System Certifications:

  • Common Criteria EAL 6+
  • FIPS 140-2