Keycard Pal

June 6, 2026 · View on GitHub

Keycard Pal icon

CI Build & Release License Test coverage Platform React Native GitHub release Last commit Stars

Keycard Pal is an air-gapped Android companion app for Status Keycard. It lets you sign Ethereum and Bitcoin transactions over NFC, so your private keys never touch an internet-connected device.

All communication with your watch-only wallet happens through animated QR codes using the Blockchain Commons UR standard. No telemetry.

Keycard Pal comes in two variants:

VariantPackage IDInternet
Keycard Palcom.keycardpalOptional — for future opt-in security features (ENS, simulation)
Keycard Pal Offlinecom.keycardpal.offlineNever — INTERNET permission is absent from the manifest

Both variants are fully functional for signing and key management. Keycard Pal Offline is the right choice if you want a hard, manifest-level guarantee of no network access.

Screenshots

Dashboard Connect software wallet NFC scan

Show QR code Scan QR code Transaction review

Key pair

Features

  • Sign Ethereum transactions: legacy, EIP-1559, and EIP-2930
  • Sign EIP-712 typed data with a decoded preview before you approve
  • Sign personal messages (EIP-191 / SIWE)
  • Sign Bitcoin transactions via PSBT
  • Sign Bitcoin messages (BIP-322)
  • Export wallet keys to MetaMask, Rabby, Ledger Live, Sparrow, BlueWallet, and Bitget
  • Generate and load key pairs directly onto the Keycard
  • Import a recovery phrase (BIP-39, 12 or 24 words, with optional passphrase)
  • Import SLIP-39 Shamir Secret Sharing shares
  • Genuine Keycard verification before first pairing
  • Two variants: Keycard Pal Offline (no internet, manifest-level guarantee) and Keycard Pal (optional internet for future security features)

Requirements

  • Android 7.0+ (API 24)
  • A Status Keycard NFC smart card (use code ShellSummer9746 for a discount on orders over $25)

Getting the app

Download the latest APK from Releases and sideload it onto your device.

Get it on GitHub Get it on Obtainium Get it on F-Droid

For most users, install the universal APK. ABI-specific split APKs are also attached to releases for smaller downloads on known device architectures.

Verification info

  • Package ID: com.keycardpal (Keycard Pal) / com.keycardpal.offline (Keycard Pal Offline)
  • SHA-256 hash of signing certificate: A8:3C:11:4B:1F:42:01:DA:FB:D0:3E:22:1F:1C:29:28:EC:B5:2B:78:BD:A5:E9:3F:29:6F:ED:F2:29:8E:54:6B
  • SHA256SUMS.txt is attached to each GitHub Release to verify APK file hashes.

Install with Obtainium

  1. Install Obtainium.
  2. Add https://github.com/mmlado/keycard-pal as a GitHub app source.
  3. Use GitHub Releases as the update source.
  4. Select the universal APK from the latest release.

Install via F-Droid

Repository URL:

https://fdroid.keycardpal.com/repo/

Fingerprint:

24EB891A8A617F8BF20892CB0CF9267709BA94056E64242AD9EDF638C2FED3D2

The APK is built automatically by GitHub Actions on every version tag.

Building from source

Prerequisites

  • Node.js 20+
  • JDK 17
  • Android SDK with NDK 27.1.12297006

Setup

npm install

Run (development)

npm start        # Terminal 1: Metro bundler
npm run android  # Terminal 2: build and install

Release build

cd android && ./gradlew assembleFullRelease      # Keycard Pal (com.keycardpal)
cd android && ./gradlew assembleOfflineRelease   # Keycard Pal Offline (com.keycardpal.offline)

Development

npm test      # Jest test suite
npm run lint  # ESLint

Buy me a coffee

If Keycard Pal keeps your funds safe, you can send a coffee my way.

  • Ethereum: 0xF665E3D58DABa87d741A347674DCc4C4b794cAc9
  • Bitcoin: bc1qpncfjnresszndse506zmvjya05xcs6493cm8xf

Security

  • Pairing data is stored in encrypted storage backed by the Android Keystore
  • Private keys never leave the Keycard; only the signature result is returned to the app
  • QR codes use Blockchain Commons UR for structured binary encoding
  • Keycard Pal Offline (com.keycardpal.offline) has no INTERNET permission at the manifest level — no runtime flag can enable networking

License

MIT