Trust Chain & Key Generation
A core security feature of the Tokentagged architecture is that we (the manufacturer) do not know the user's private key. The verification flow is designed to be fully decentralized and can be validated without relying on Tokentagged servers.
To achieve this while simultaneously guaranteeing that the hardware is genuine (anti-counterfeiting), we implement a two-stage key generation process utilizing a "Trust Chain" and user-provided entropy (Chain Code).
1. Manufacturing Process (Root of Trust)
During the secure manufacturing phase, the chip is initialized. At this stage, the card does not yet have a wallet address usable by the user.
Master Key Generation
- The chip generates a unique Master Key Pair (
Priv_Master/Pub_Master) internally. Priv_Masternever leaves the chip.
Root Attestation (Factory Signing)
To prove that this chip was issued by Tokentagged, we sign the chip's identity.
- The Manufacturer uses the offline Tokentagged Root Key (
Priv_Issuer). - A data block is constructed:
12 Bytes Padding (0x00)+Last 20 Bytes of Keccak256(Pub_Master). - The Manufacturer signs this block to create the Root Attestation Signature.
- This signature is permanently stored on the card's flash memory.
The card contains a unique identity (Priv_Master) and a certificate of authenticity (Root Attestation). It does not yet have a derived wallet key.
2. Card Activation (User Key Derivation)
The activation process ensures that the final wallet key is mathematically derived from a secret that only the user knows (the Chain Code).
The Chain Code
The user enters a passphrase (or random entropy) in the Web App. The app calculates a 32-Byte Chain Code (Keccak256 Hash of the passphrase).
On-Chip Key Derivation
The Chain Code is sent to the card via NFC. The card then performs a Deterministic Key Derivation (BIP-32-Standard):
Priv_Card = Derive(Priv_Master, ChainCode, Index_0)
- Card Private Key (
Priv_Card): Derived from the on-chip Master Key and the User's Chain Code. The Master Key is generated inside the chip and never known to us; combining it with the Chain Code adds an extra proof for the user that we cannot derive the final key. - Card Public Key (
Pub_Card): Calculated fromPriv_Card. - Card Address: The Ethereum address derived from
Pub_Card.
For usability, the Web App uses a random passphrase to activate the card. If you want to verify the cryptographic proof, open your browser console before activation. You will find instructions there on how to enter your own passphrase. Afterward, you will receive all generated public keys here and can verify the proof. Direct passphrase input in the Web App will be added in the future.
Card Attestation (Internal Signing)
To prove that the generated Priv_Card belongs to this specific authentic hardware, the chip creates a second link in the trust chain:
- The chip uses its
Priv_Masterto sign the newPub_Card(specifically:12 Bytes Padding+Address). - This creates the Card Attestation Signature.
All derived keys and signatures are stored in the secure memory. The card is now Activated.
The Verification Flow
When a user taps the card to sign a transaction, the client (Web App) validates the entire chain to ensure:
- The signature is valid.
- The key belongs to this hardware.
- The hardware is genuine.
The Pub_Issuer key can also be verified in a fully decentralized way, because all Pub_Issuer keys are verifiable in the SignerRegistry smart contract. The entire workflow can, in theory, be performed without any Tokentagged servers. See the Smart Contract Docs for details.
Summary of Keys
| Key Name | Location | Knowledge | Purpose |
|---|---|---|---|
| Issuer Key | Offline (HSM) | Manufacturer only | Signs the Root Attestation to certify genuine chips. |
| Master Key | Secure Element | Chip only (Internal) | Serves as the immutable identity of the hardware. Signs the Card Key. |
| Chain Code | Input during Activation | User only | Adds user entropy to ensure the Manufacturer cannot know the final wallet key. |
| Card Key | Secure Element | Chip only (Internal) | The actual Wallet Key used to sign Ethereum transactions. |