Keycard Shell transforms any Keycard into a standalone, air-gapped hardware wallet with built-in keypad, display, camera, and USB (which can be turned off). Fully open-source and EAL6+ certified, it uses ERC-4527 QR codes for secure signing and supports infinite removable backups.
All firmware, hardware designs, and toolchain scripts are fully open source under the MIT license.
Scan and display QR codes (ERC-4527) to sign transactions without ever exposing your keys.
EAL6+ certified secure element for key storage and signing.
Support for an infinite number of Keycard smartcards, each with its own key & PIN.
Works seamlessly with MetaMask, imToken, Rabby, BlueWallet, Sparrow, Specter, and more.
Powered by a replaceable Nokia BL-4C battery (25+ year expectancy), water & dust resistant.
A second PIN stops bad actors from stealing crypto by physical force
This repo contains everything needed to build a Keycard Shell.
app: the main firmware code. This is what makes everything happen.bootloader: the bootloader. Since it is non-upgradable we kept its complexity to a minimum.cddl: contains definitions for the various CBOR messages defined by the UR standarddeployment: git-ignored folder containing the signing keys and build resultsfreertos: we use FreeRTOS as our task scheduler.hardware: everything hardware related. From schematics up to case designs.json: example json files for abi, token and chain db. These files are unused.stm32: all platform-specific code for the STM32H5 MCU. It also contains the project file for STM32CubeIDE needed to build the firmware.test: the tests firmware we run in the factory on each unit to check it has been properly assembled.tools: some tools used during the build process or during development.zcbor: the library we use to parse CBOR messages.
The Keycard Shell firmware build system uses CMake for the main firmware compilation and Python tools for post-processing (signing, image creation, database generation).
First, clone the repository and switch to the release tag you want to build:
git clone https://github.com/keycard-tech/keycard-shell.git
cd keycard-shell
git checkout v1.1.1 # use the tag matching the official release you want to verifymake sure you follow the build instructions directly for the tag you checked out since some steps and toolchain versions can differ.
CMake (3.15 or later) and Ninja are required for building the firmware.
On Ubuntu/Debian:
sudo apt install cmake ninja-buildOn macOS (with Homebrew):
brew install cmake ninjaOn Windows (with Chocolatey):
choco install cmake ninjaAlternatively, download from cmake.org and ninja-build.org.
curl -LsSf https://astral.sh/uv/install.sh | shor follow your OS instructions for installing uv.
Required for compiling STM32 firmware. The toolchain is automatically downloaded by the build script:
./tools/download-toolchain.shThe script supports:
- Linux x86_64
- Linux aarch64
- macOS (Apple Silicon / arm64)
- Windows x86_64
After downloading, the toolchain is installed in toolchain/.
Create a deployment directory with two files:
bootloader-pubkey.txt: Contains the public key the bootloader will use to verify the firmware. The key must be hex-encoded, uncompressed, and without the leading04byte.fw-test-key.txt: Contains a hex-encoded private key (the private part of the key inbootloader-pubkey.txt) used to sign the firmware.
uv venv
uv synccmake --preset release
cmake --build --preset releaseAfter building, run:
uv run python tools/firmware-hash.py -b build/shellos.binDownload the official binary from the GitHub releases page and hash it the same way:
uv run python tools/firmware-hash.py -b ~/Downloads/shellos-<date>-<version>.binThe two hashes must match.
If you want to generate a full image to load on a device you built yourself, take a look at the tools/create-image.py script.