Card Secrets
Secret name | Stored / scope | Short description | Notes / APDU (management) |
Factory Dual Basic Group Secret | Secure Element (factory-loaded) | EC secret used for the dual generation protocol and to sign public material exchanged between paired cards. Protects the integrity of dual-gen exchange. | Mentioned as “Dual Basic Group Secret” loaded at factory; used in dual generation signatures. |
Card long-term attestation key (card private key) | Secure Element (card keypair) | Card’s permanent EC keypair (R1) used to sign the card certificate and authenticate ephemeral session keys. | Readable only as the certificate (GET MANUFACTURER CERTIFICATE / GET CARD CERTIFICATE). |
Session (ephemeral) private key | Secure Element (ephemeral per select/secure-channel) | Short-lived EC private key generated inside the card and used for ECDH in the secure channel. Never exported. | Exposed externally only as the card’s ephemeral public key inside the basic card certificate (GET CARD CERTIFICATE). |
PairingKey (first pairing secret & pairing key slot) | Card secure storage (32 bytes) | The 32-byte secret used to derive AES/MAC session keys with a host for the authenticated secure channel. There is 1 pairing key slot; can be public if desired but normally secret. | Set at INIT; used in OPEN SECURE CHANNEL key derivation; can be changed with CHANGE PAIRING KEY (INS = 0xDA). Fallback: a PUK-derived pairing key (SHA256^32 of PUK) can be used (index 0xFF). |
Secure Channel session keys (AESkey / MACkey) | Volatile (session only) | Keys derived from ECDH(SessionCardPriv, SessionUserPub) ∥ PairingKey ∥ SessionSalt via SHA-512, split into AES and MAC keys. Protect confidentiality/integrity of APDUs while channel open. | Derived during OPEN SECURE CHANNEL. Not persistent. See Open Secure Channel and “Encrypted APDUs”. |
PIN | Card secure storage (verified state) | User numeric PIN (4–9 digits) used to authenticate the user for most protected operations. PIN verification state is session-valid until a signature or deselect/power-off. | Initialized at INIT; VERIFY PIN (INS=0x20), CHANGE PIN (INS=0x21), UNBLOCK PIN (INS=0x22). Retry counters and power-cycle rules apply. |
PUK | Card secure storage (12 bytes) | Card reset/unblock secret. Used to unblock PIN, to authorize PUK-protected changes (e.g., change pairing key, set PINless path, set pub export), and to perform RESET. | Initialized at INIT; RESET (INS=0xFD) requires PUK and pairing protection; CHANGE PAIRING KEY / SET PIN AUTH require PUK. PUK tries: unlimited but throttled with power-cycle behavior. |
PUK-derived pairing fallback (SHA256^32 PUK) | Derived (fallback) | Deterministic pairing key obtained by hashing the PUK 32 times; usable as pairing key index 0xFF if pairing info lost. | Documented fallback for recovery when pairing key lost. Use OPEN SECURE CHANNEL with P1=0xFF to use this. |
User private keys (off-card) | Typically off-card (e.g., device TPM / Secure Enclave) | Private keys that a user may keep in a host (e.g., OS TPM or Secure Enclave) used to perform challenge-response auth against the card (the card stores only the public key). These act as PIN replacements. | Card stores user public keys in slots (ADD USER KEY); CHECK USER KEY verifies signatures. The private keys themselves must be protected by the host. |
User key credential (FIDO) credential ID & public key | Card slot (slot 3 stores FIDO credID + pubkey) | FIDO credential identifier and associated EC public key (card stores ID + public key). Used to verify WebAuthn-style signatures for PIN replacement / signing auth. | ADD USER KEY (slot=3) stores: credID length, credID, EC pubkey, PUK. CHECK USER KEY handles FIDO verification and counter. |
Pinless path derivation settings | Card secure storage (derivation path + enabled flag) | The BIP32 derivation path used for PIN-less signing (e.g., m/43’/60’/1581’…); guarded by PUK to set/unset. The path enables transactions without PIN when used via the PIN-less SIGN mode. | Set via SET PINLESS PATH (INS=0xC1) with PUK. Using PIN-less SIGN (P1=0x03) uses this path. |
Dual-generation partial secrets (per card) | Secure Element (temporary during dual gen) | During the dual-generation protocol two cards each generate a partial secret and exchange signed public material to end with a shared seed (SHA256(ECDH)). Each card stores its part; the final shared seed is set as the card seed. | Performed with LOAD KEY P1=0x04/0x05 sequence. Signature checks use Basic Group Secret. Dual generation yields a recoverable pair of cards that share the same seed. |
Master seed — the BIP32 master secret | Secure Element (non-exportable once set) | The 256-bit master seed (BIP32 / SLIP10 seed) — the root of all derived blockchain keys. This is the ultimate secret: cannot be read or exported, only reset via PUK. All blockchain keys are deterministically derived from it. | Generated on-card (GENERATE KEY INS=0xD4) or loaded (LOAD KEY P1=0x03). Once set it cannot be changed except by RESET with PUK. This is the last/most sensitive secret. |