JavaCard/NFC Smartcard Signer
Display-less APDU custody. The card cannot provide trusted event review by itself; external review acknowledgement is required before any APDU signing operation reaches the card.
Current evidence
- Python APDU codec with
GET_PUBLIC_KEYandSIGN_EVENT_IDproprietary constants. - secp256k1-backed simulator returning x-only public keys and signatures on 32-byte event ids.
- nsealr-smartcard CLI probes for simulator and PC/SC probes; PC/SC commands fail clearly without
pyscardor a reader. - Tests against shared
nSealr/specsevent-id and APDU status-word rejection vectors. - no trusted review or real-card compatibility claim yet.
| Feature | Target | Current | Contract |
|---|---|---|---|
request_validation_v0 | required | partial | signing-request-v0+implementation-limits-v0+invalid-vectors |
approval_digest_binding | required | partial | approval-digest-v0 |
sign_event_bip340 | required | partial | nostr-sign-event-bip340-v0 |
persistent_secret_custody | required | partial | persistent-secret-custody-v0 |
smartcard_apdu | required | implemented | smartcard-apdu-v0 |
external_review_acknowledgement | required | partial | external-review-acknowledgement-v0 |
response_verification | required | partial | signed-response-verification-v0 |
device_display_review | not_applicable | not_applicable | — |
physical_approval | not_applicable | not_applicable | — |
stateless_session_custody | forbidden | forbidden | — |