Hello,
This is my very first thread on Stacker.news.
Even if the topic is about a brand, it's in no way a promotion for said product. On the contrary, it highlights the free, open-source nature of the solution, as well as the latest technological advances of the device.
Introduction
Let me introduce you to the Satochip hardware wallet—an EAL6+ certified smartcard equipped with NFC, designed to act as a signing device for Bitcoin and Nostr events.
Why smartcards?
Smartcards offer several advantages:
- Affordable and widely available;
- Dual interfaces - contactless (NFC) and contact (Chip);
- Minimal electronics, reducing the attack surface;
- Secure Element (SE)-based for enhanced security.
What makes Satochip unique.
Satochip stands out because it is 100% open-source. You can build your own signing device in under 10 minutes for just a few dollars.
Additionally, this signing device has been natively supported by Sparrow Wallet since version 1.8.0.
Satochip applet
The latest beta Satochip applet is available on Toporin's official Github.
This release comes with:
- Schnorr signature support for Taproot (to be used with Sparrow-Satochip wallet)
- Schnorr signature support for Nostr (no key tweaking)
How to use it - Bitcoin
As said previously, if you build your own hardware wallet, you will be able to use it with Sparrow Wallet out of the box to sign your Bitcoin transaction. PIN code protected and BIP32/BIP39 compliant and can also be used in a multi-sig setup.
How to use it - Schnorr
Schnorr signatures can be tested using Pysatochip v0.15.3 command line interface:
- Import a private key on keyslot #0:
python3 satochip_cli.py --verbose satochip-import-privkey --keyslot 0 --privkey aabbccddeeff00112233445566778899aabbccddeeff00112233445566778899- Get the corresponding publick key:
python3 satochip_cli.py satochip-get-pubkey-from-keyslot --keyslot 0- Sign a hash with Schnorr on this keyslot:
python3 satochip_cli.py satochip-sign-schnorr-hash --hash 796962c8f2a7b8540f818cbe37d2894b1ab4b71bccddced12e2a4dc11d8802c3 --keyslot 0How to use it - Nostr
You can sign a Nostr message then broadcast it using a specific command:
python3 satochip_cli.py --verbose satochip-sign-nostr-event --keyslot 0 --message "Just discover Satochip and it's f*ck*ing great!" --kind 1 --broadcastBuild your own signing smartcard
Grab a compatible JavaCard
Navigating the Javacard ecosystem can be difficult... There are many different configuration options that are available, even within the same chipset. For example, while there are multiple Javacards that use the NXP JCOP4 P71, it is generally the SECID versions that will work, whereas EMV versions will not.
Tested and working JavaCards
The following cards are readily available, tested and confirmed to work.
-
NXP JCOP4 P71 SECID Based Javacards
- J3R110
- J3R180
-
NXP JCOP3 P60 SECID Based Javacards
- J3H145
-
THD-89 Based JavaCards (these currently don't work reliably with the official Satochip builds)
- CodeWav NFC Sticker Tag Micro Edition
- THETAKey T101
- THETAKey T104 (CodeWav-2 NFC Card)
Javacard features required
The list of tested cards above isn't exhaustive and generally speaking a Javacard needs to support the following features:
- Javacard 3.0.4 (Or higher)
- Support the following Functions
- javacard.security.KeyAgreement: ALG_EC_SVDP_DH_PLAIN, ALG_EC_SVDP_DH_PLAIN_XY
- javacard.security.Signature: ALG_ECDSA_SHA_256
- javacard.security.MessageDigest: ALG_SHA_256, ALG_SHA_512
- javacard.security.RandomData: ALG_SECURE_RANDOM
- javacardx.crypto.Cipher: ALG_AES_BLOCK_128_ECB, ALG_AES_BLOCK_128_CBC_NOPAD
Requirements
You will need:
- OpenJDK version 8 +
- GlobalPlateform, the tool needed to flash the card
- A generic smartcard reader
- The Satochip applet file
Download OpenJDK
On Windows
You can download OpenJDK 8 here
Once downloaded, you can install it with all the defaults.
On Linux
sudo apt install openjdk-8-jdkDownload the Satochip applet
Grab the Satochip Applet on the official Github repository
Flash the applet to the JavaCard
This repository includes a release of GlobalPlatformPro which can be used to flash the applets.
GlobalPlatformPro requires a working installation of Java, so if you didn't install Java at an earlier step, you need to do that before proceeding...
To flash the applet using the default AIDs (which is required to work with existing Satochip compatible software) you can use the following commands.
On Windows
gp.exe --install ./ SatoChip-v0.14-0.2.cap On Linux
java -jar gp.jar --install ./ SatoChip-v0.14-0.2.cap Applets can be uninstalled in the same way using the
--uninstall command.Conclusion
Satochip represents the perfect blend of open-source philosophy, affordability, and security. By leveraging widely available JavaCards, it makes secure, hardware-based cryptographic signing accessible to everyone.
Whether you're using it as a multi-signature Bitcoin wallet, an affordable signing device, or a Nostr event signer, Satochip provides a versatile and trust-minimized solution.
With its 100% open-source codebase, anyone can audit, modify, or even build their own signing smartcard in minutes—ensuring full transparency and complete user control. As the ecosystem evolves, the Satochip community continues to push the boundaries of security and self-sovereignty in Bitcoin and beyond.
The tools are here. The code is open. The possibilities are endless. 🚀