Pretty safe bitcoin proof-of-concept wallet with keys on a smartcard

Prepare your smartcard
A detailed description can be found at:
(look for "initialize the device")

The steps are:

First check if your scmartcard reader is found:
$ opensc-tool –-list-readers

Next step is the initialization of the smart-card to set the SO-PIN and user PIN.

Example (don't use those pin numbers, choose your own!):
$ sc-hsm-tool --initialize --so-pin 1234567890123456 --pin 123456 --label MyCardCon
Creating an elliptic-curve key-pair
First you have to find out the path to your library. In my setup it is in /usr/local/lib. In the python code of the smartbtc programm that path is used. If you make a soft-link, then you do not need to change the code:

$sudo ln -s /usr/local/lib/

A command to generate an elliptic curve keypair of the in Bitcoin used keytype secp256k on the smartcard with id 20 and label EC0 is:

$ pkcs11-tool --module /usr/local/lib/ --login --keypairgen --key-type secp256k1 --id 20 –label EC0

You can see the result with a dump of the objects on the smartcard:

$ pkcs15-tool -D

- it is possible with the SmartCardHSM to backup and restore keys. But only if you initialize the smartcard and the backup-smartcard with the same so-called DKEK key at initialization. See the documentation. Loosing your keys is loosing your bitcoins, use this!
- for the next key you should change label and id!

Generate your Bitcoinaddress
First extract your public key from the smartcard.
Example usage if the key id of your ECC key is 20:

$ pkcs15-tool --read-public-key 20 | /usr/local/bin/openssl ec -pubin -text -noout | sed '1,2d;$d'| sed 's/[^0-9a-f]//g' | tr -d "[:cntrl:]" >

The public key should be in the file .

Now you can compute your bitcoinaddress from the public key with this python script. It is using the same python bitcoinlib as the smartbtc programm. Navigate to "Description" where to get it.
When you have dowloaded it, you need to run in the source directory:
$ sudo python3 install
See for more information on how to install a python library.

The python script:

#!/usr/bin/env python3
import os,sys,re

from bitcoin.wallet import P2PKHBitcoinAddress
from bitcoin.core import b2x,x,lx
from bitcoin import SelectParams

if len(sys.argv) != 3:
    print("Usage:",sys.argv[0],"<network> <file with pubkey in hex>")
    print("Derive the Pay-to-Pubkey-Hash Bitcoinaddress from a EC Public Key")
    print("nework is mainnet or testnet")

with open(sys.argv[2],"r") as fp:
   pubkey =

pubkey = pubkey.rstrip()
print("public key: ", pubkey,"-", len(pubkey))
pubkey = x(pubkey)

# Select Network:
network = sys.argv[1]
   print("Error: netwerk should be mainnet or testnet")

address = P2PKHBitcoinAddress.from_pubkey(pubkey)
print("P2PKH Address in:",network," is:", address)
print("length is:",len(address))

Example usage: $ python3 ./ testnet

You should start with the bitcoin testnetwork.
Now you have your bitcoin address, you can start the installation.