cryptnox-logo
Shop now

Cryptnox Hardware Wallet technical specifications

Application characteristics: hardware wallet technical specifications

Phone application characteristics

Phone Application Characteristics

Our mobile application supports both iOS and Android platforms, providing a seamless experience for managing your hardware wallet.

Supported Blockchain Networks

  • Bitcoin
  • Ethereum Virtual Machine (EVM) networks, including smart contracts.
  • ERC20 tokens can be manually added.

For a more detailed guide on how our hardware wallet integrates with Ethereum Read here

Signature Provider Functionalities (via Mobile App)

  • QR-based hardware wallet compatibility with Metamask QR code communication (EIP 4527)
  • Web3 Dapp connectivity via WalletConnect

Kiosk Mode

The application can be configured into a card “point-of-sale” terminal for secure transactions.

Card Initialization Options

  • Dual Card Init (default): Identical BIP32 seed generation via a secure channel (Diffie Hellmann & shared secret).
  • Single Card BIP39 Seed Injection: 12-24 word mnemonic support.
  • Internal Key Generation: Most secure option using a True Random Number Generator (TRNG), but note that the BIP32 seed cannot be extracted or backed up.

If you’re new to FIDO2 security cards, read our in-depth guide on how they enhance digital security.

Card Administration

  • Change PIN
  • Change PUK
  • Reset card

Number of Card Pairings

Supports up to 256 cards.

Desktop application hardware wallet technical specifications

Our desktop application is available for:

  • Windows, macOS, and Linux (Ubuntu Core)
  • Command Line Interface for advanced users

Card technical specifications

Authentication

  • PIN (4 to 9 digits) / PUK (12 characters). Card power cycle needed after 3 wrong PIN. Card locked after 12 wrong PIN (4×3). Can be unlocked with the PUK.
  • Slot NIST256 R1 signature authentication (mobile phone secure element or PIV) x 1
  • Slot RSA2048 (Windows Hello TPM) x 1
  • Slot for Webauthn/FIDO2 x 1
  • Option to set a dedicated derivation path which doesn’t require the PIN to sign.
  • Possibility to disable auth by PIN once a key slot is filled.

Secure channel

  • AES256 from Hash (ECDH, PairingKey)
  • With MAC
  • 256 bits pairing key
  • Key in the card certificate tree

Custom user data

  • At initialisations : 20 + 60 bytes user data filed (email/name)
  • 6 custom bytes provided at SELECT
  • 3600 bytes private data buffer

Digital signature

  • ECDSA on “Koblitz Bitcoin” 256 k1 curve
  • ECDSA on NIST P256 r1 curve
  • BIP 340 “Schnorr” signature (256k1)
  • EOS 32 bytes loop option

.

Key deviation
  • BIP 32 key derivation function, with SLIP10 standard for NIST 256R1 curve. Max derivation depth is 8 levels.
Random number generation
  • True Random Number Generator (AIS31 compliant)

Encryption/ Decryption

  • ECIES using an EC key in the BIP32 tree. Based on DECipher from OpenPGP.

Authenticity

  • Dynamic card key authentication. Card is loaded with a unique card certificate signed by the factory root key.

Logging

  • Counter of number of signatures (4 bytes)
  • History of last 149 signed hash
Reset function
  • With PUK only

Communication Interfaces

  • ISO/IEC 14443 (NFC Contactless)
  • ISO/IEC 7816 (Contact)

Chipset and Base Operating System Certifications:

  • Common Criteria EAL 6+
  • FIPS 140-2

    Where to Buy

    If you’re looking to purchase a Cryptnox Hardware Wallet or FIDO2 security card, visit our official partner store here. Already own one? Check out our setup guide to maximize security and learn about hardware wallet technical specifications & more.

cryptnox-logo
Linkedin Github X-twitter Youtube Telegram Medium

Online Store

Apple store

Google Play Store

Legal Notices

Contact

© 2025 CRYPTNOX SA – 36 Avenue Cardinal Mermillod 1227 Geneva, Switzerland IDE : CHE-432.952.622