BlogNews
Announcing Keycard Shell: The Next Step in Secure, Open-Source Crypto Hardware

Announcing Keycard Shell: The Next Step in Secure, Open-Source Crypto Hardware

Us
Us
on 26 Feb 2025
Announcing Keycard Shell: The Next Step in Secure, Open-Source Crypto Hardware

We’re excited to introduce Keycard Shell, the next generation of our hardware wallet technology. After a year of development, we’re proud to announce that this groundbreaking product will soon be available to buy.

Sign up for our waitlist at keycard.tech/keycard-shell to unlock exclusive community perks!

For over a year, we’ve been crafting a product that takes our trusted Keycard hardware to the next level. Keycard Shell pairs Keycard’s strengths with a fully-fledged hardware wallet. And just like everything we build, it’s completely open source and maximally secure!

Keycard Shell gives the original Keycard product superpowers! When inserted into Keycard Shell, your Keycard becomes a removable secure chip, bringing greater composability, flexibility, and, above all, security to your crypto storage game!

  • Seamless integration: Use Keycard Shell with Metamask, Rabby, OKX, imToken, BlueWallet and 10+ others. Keycard Shell’s QR-signing functionality (ERC-4527, and BC-UR) ensures compatibility with desktop and mobile platforms, making it easy to manage your crypto assets across all your devices.
  • Air-gapped and stateless QR signing: Securely sign transactions through a completely air-gapped QR code system (ERC-4527, and BC-UR). Keys never leave the military-grade encrypted chip on Keycard, and once you remove Keycard, Shell forgets everything that happened!
  • Clear signing - reducing blind signing risk: Retain full visibility and control over BTC, ETH, ERC20 and ERC712 signatures (such as ERC20 approvals). This prevents the risk of unauthorized or blind approvals that have resulted in billions in losses.
  • Multiple stealth smart cards: Back up your seed on multiple smart cards, designed to be easily hidden. Even if one card is lost or stolen, your funds remain secure.
  • Future-proof design: Keycards, batteries, and other components are designed to be affordable and easy to replace or upgrade. As the crypto space evolves, Keycard Shell will grow with it, ensuring longevity and adaptability.

With Keycard Shell, we follow Status’ (our parent company) philosophy of being fully open source. The community doesn’t need to trust the security claims we make about our code and the hardware it runs on – they can verify them for themselves!

So, let’s walk through the architecture.

At the heart of Keycard Shell is your Keycard itself, which isolates your private keys in its encrypted chip. A Keycard can be purchased ready to go or can be JavaCard 3.0.4 (or later) with our open-source applet installed. Find our current applet here: https://github.com/keycard-tech/status-keycard 

Smart cards are very common. You probably have a credit or bank card in your pocket right now – that's a smart card.

Smart cards are extremely secure – that’s why banks use them! Your Keycard’s chip is fully encrypted and enforces its own security policy, providing access only to the exact information that a process requests. This is a much stronger security model than other chips, such as smartphone CPUs, which often give full access to any process requesting information from their secure element.

Even down to the hardware level, Keycard’s chip is as secure as it gets. The smart card’s chip is ‘scrambled’, meaning even if a nefarious hacker looks at the chip through an electron microscope all they’d see is a random layout of transistors – there’s no place to even start hacking!

A key priority in the design of Keycard Shell was keeping the device compact and durable. The architecture includes a Cortex-M microcontroller (MCU), an display, a CMOS camera, and a 12-key keyboard. Everything is held together by injection-molded front and back covers. A USB-C port allows for charging and data connectivity, which can be turned off for even greater security.

The MCU (microcontroller unit) contains the firmware. The firmware’s integrity can be validated using our website. The MCU’s restricted area includes a secure bootloader that can never be updated. This prevents unauthorized or tampered software from running on the device, ensuring that users can trust the hardware wallet's integrity.

Communication between Keycard and Keycard Shell is encrypted via the card’s PIN.

For the battery, we chose a standard BL-4C (Li-ion 800mAh) battery, which is widely available online and easy to replace.

We can’t wait for you to experience Shell. We’re gearing up for our pre-sale, which is coming soon.

Sign up for our waitlist at keycard.tech/keycard-shell to secure your spot and get access to exclusive community perks.

Order your Keycard now and follow us on X for updates on Keycard Shell!