5.1 Seed Generation (Internal)
Seeds can be generated internally using the GENERATE KEY command.
Generation relies on the Secure Element’s hardware TRNG, certified under AIS-20 Class DRG.3.
The generated seed is stored in secure, non-exportable memory and forms the basis for two independent key hierarchies:
- secp256k1 — for blockchain operations (Bitcoin, Ethereum, etc.)
secp256r1 — for enterprise and authentication use cases (FIDO2, TLS, etc.)