bitcoindevkit · notmandatory · Sep 1, 2025 · Aug 31, 2025 · Aug 31, 2025 · Aug 31, 2025
diff --git a/Justfile b/Justfile
@@ -28,9 +28,13 @@ help:
 
 # start the cktap emulator on /tmp/ecard-pipe
 start *OPTS: setup
-    source emulator_env/bin/activate; python3 coinkite/coinkite-tap-proto/emulator/ecard.py emulate {{OPTS}} &> emulator_env/output.log & \
-    echo $! > emulator_env/ecard.pid
-    echo "started emulator, pid:" `cat emulator_env/ecard.pid`
+    if [ -f emulator_env/ecard.pid ]; then \
+        echo "Emulator already running, pid:" `cat emulator_env/ecard.pid`; \
+    else \
+        source emulator_env/bin/activate; python3 coinkite/coinkite-tap-proto/emulator/ecard.py emulate {{OPTS}} &> emulator_env/output.log & \
+        echo $! > emulator_env/ecard.pid; \
+        echo "started emulator, pid:" `cat emulator_env/ecard.pid`; \
+    fi
 
 # stop the cktap emulator
 stop:

diff --git a/README.md b/README.md
@@ -26,7 +26,7 @@ It is up to the crate user to send and receive the raw cktap APDU messages via N
   - [ ] response verification
 - [x] [certs](https://github.com/coinkite/coinkite-tap-proto/blob/master/docs/protocol.md#certs)
 - [x] [new](https://github.com/coinkite/coinkite-tap-proto/blob/master/docs/protocol.md#new)
-- [ ] [nfc](https://github.com/coinkite/coinkite-tap-proto/blob/master/docs/protocol.md#nfc)
+- [x] [nfc](https://github.com/coinkite/coinkite-tap-proto/blob/master/docs/protocol.md#nfc)
 - [x] [sign](https://github.com/coinkite/coinkite-tap-proto/blob/master/docs/protocol.md#sign)
   - [x] response verification
 - [x] [wait](https://github.com/coinkite/coinkite-tap-proto/blob/master/docs/protocol.md#wait)
@@ -39,7 +39,7 @@ It is up to the crate user to send and receive the raw cktap APDU messages via N
 #### TAPSIGNER-Only Commands
 
 - [x] [change](https://github.com/coinkite/coinkite-tap-proto/blob/master/docs/protocol.md#change)
-- [ ] [xpub](https://github.com/coinkite/coinkite-tap-proto/blob/master/docs/protocol.md#xpub)
+- [x] [xpub](https://github.com/coinkite/coinkite-tap-proto/blob/master/docs/protocol.md#xpub)
 - [x] [backup](https://github.com/coinkite/coinkite-tap-proto/blob/master/docs/protocol.md#backup)
 
 ### Automated and CLI Testing with Emulator

diff --git a/cktap-ffi/src/error.rs b/cktap-ffi/src/error.rs
@@ -376,3 +376,26 @@ impl From<rust_cktap::ChangeError> for ChangeError {
         }
     }
 }
+
+/// Errors returned by the `xpub` command.
+#[derive(Clone, Debug, PartialEq, Eq, thiserror::Error, uniffi::Error)]
+pub enum XpubError {
+    #[error(transparent)]
+    CkTap {
+        #[from]
+        err: CkTapError,
+    },
+    #[error("BIP32 error: {msg}")]
+    Bip32 { msg: String },
+}
+
+impl From<rust_cktap::XpubError> for XpubError {
+    fn from(value: rust_cktap::XpubError) -> Self {
+        match value {
+            rust_cktap::XpubError::CkTap(err) => XpubError::CkTap { err: err.into() },
+            rust_cktap::XpubError::Bip32(err) => XpubError::Bip32 {
+                msg: err.to_string(),
+            },
+        }
+    }
+}
diff --git a/cktap-ffi/src/lib.rs b/cktap-ffi/src/lib.rs
@@ -18,7 +18,7 @@ use futures::lock::Mutex;
 use rust_cktap::Network;
 use rust_cktap::shared::FactoryRootKey;
 use rust_cktap::shared::{Certificate, Read};
-use std::fmt::Debug;
+use std::fmt::{Debug, Display, Formatter};
 use std::str::FromStr;
 use std::sync::Arc;
 
@@ -122,6 +122,24 @@ impl Psbt {
     }
 }
 
+#[derive(uniffi::Object, Clone, Eq, PartialEq)]
+pub struct Xpub {
+    inner: rust_cktap::Xpub,
+}
+
+#[uniffi::export]
+impl Xpub {
+    pub fn encode(&self) -> Vec<u8> {
+        self.inner.encode().to_vec()
+    }
+}
+
+impl Display for Xpub {
+    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
+        write!(f, "{}", self.inner)
+    }
+}
+
 #[derive(uniffi::Enum)]
 pub enum CkTapCard {
     SatsCard(Arc<SatsCard>),

diff --git a/cktap-ffi/src/sats_card.rs b/cktap-ffi/src/sats_card.rs
@@ -6,7 +6,7 @@ use crate::error::{
 };
 use crate::{ChainCode, PrivateKey, Psbt, PublicKey, check_cert, read};
 use futures::lock::Mutex;
-use rust_cktap::shared::{Authentication, Wait};
+use rust_cktap::shared::{Authentication, Nfc, Wait};
 use std::sync::Arc;
 
 #[derive(uniffi::Object)]
@@ -127,4 +127,10 @@ impl SatsCard {
             .map(|psbt| Psbt { inner: psbt })?;
         Ok(psbt)
     }
+
+    pub async fn nfc(&self) -> Result<String, CkTapError> {
+        let mut card = self.0.lock().await;
+        let url = card.nfc().await?;
+        Ok(url)
+    }
 }
diff --git a/cktap-ffi/src/sats_chip.rs b/cktap-ffi/src/sats_chip.rs
@@ -1,11 +1,14 @@
 // Copyright (c) 2025 rust-cktap contributors
 // SPDX-License-Identifier: MIT OR Apache-2.0
 
-use crate::error::{CertsError, ChangeError, CkTapError, DeriveError, ReadError, SignPsbtError};
+use crate::error::{
+    CertsError, ChangeError, CkTapError, DeriveError, ReadError, SignPsbtError, XpubError,
+};
 use crate::tap_signer::{change, derive, init, sign_psbt};
-use crate::{ChainCode, Psbt, PublicKey, check_cert, read};
+use crate::{ChainCode, Psbt, PublicKey, Xpub, check_cert, read};
 use futures::lock::Mutex;
-use rust_cktap::shared::{Authentication, Wait};
+use rust_cktap::shared::{Authentication, Nfc, Wait};
+use rust_cktap::tap_signer::TapSignerShared;
 use std::sync::Arc;
 
 #[derive(uniffi::Object)]
@@ -79,4 +82,16 @@ impl SatsChip {
         change(&mut *card, new_cvc, cvc).await?;
         Ok(())
     }
+
+    pub async fn nfc(&self) -> Result<String, CkTapError> {
+        let mut card = self.0.lock().await;
+        let url = card.nfc().await?;
+        Ok(url)
+    }
+
+    pub async fn xpub(&self, master: bool, cvc: String) -> Result<Xpub, XpubError> {
+        let mut card = self.0.lock().await;
+        let xpub = card.xpub(master, &cvc).await?;
+        Ok(Xpub { inner: xpub })
+    }
 }
diff --git a/cktap-ffi/src/tap_signer.rs b/cktap-ffi/src/tap_signer.rs
@@ -1,10 +1,12 @@
 // Copyright (c) 2025 rust-cktap contributors
 // SPDX-License-Identifier: MIT OR Apache-2.0
 
-use crate::error::{CertsError, ChangeError, CkTapError, DeriveError, ReadError, SignPsbtError};
-use crate::{ChainCode, Psbt, PublicKey, check_cert, read};
+use crate::error::{
+    CertsError, ChangeError, CkTapError, DeriveError, ReadError, SignPsbtError, XpubError,
+};
+use crate::{ChainCode, Psbt, PublicKey, Xpub, check_cert, read};
 use futures::lock::Mutex;
-use rust_cktap::shared::{Authentication, Wait};
+use rust_cktap::shared::{Authentication, Nfc, Wait};
 use rust_cktap::tap_signer::TapSignerShared;
 use std::sync::Arc;
 
@@ -81,6 +83,18 @@ impl TapSigner {
         change(&mut *card, new_cvc, cvc).await?;
         Ok(())
     }
+
+    pub async fn nfc(&self) -> Result<String, CkTapError> {
+        let mut card = self.0.lock().await;
+        let url = card.nfc().await?;
+        Ok(url)
+    }
+
+    pub async fn xpub(&self, master: bool, cvc: String) -> Result<Xpub, XpubError> {
+        let mut card = self.0.lock().await;
+        let xpub = card.xpub(master, &cvc).await?;
+        Ok(Xpub { inner: xpub })
+    }
 }
 
 pub async fn init(

diff --git a/cktap-swift/Tests/CKTapTests/CKTapTests.swift b/cktap-swift/Tests/CKTapTests/CKTapTests.swift
@@ -29,4 +29,33 @@ final class CKTapTests: XCTestCase {
       XCTAssertEqual(status.ver, "1.0.3")
     }
   }
+  func testNfcUrl() async throws {
+    let cardEmulator = CardEmulator()
+    let card = try await toCktap(transport: cardEmulator)
+    switch card {
+    case .satsCard(let satsCard):
+      let url: String = try await satsCard.nfc()
+      print("SatsCard url: \(url)")
+    case .tapSigner(let tapSigner):
+      let url: String = try await tapSigner.nfc()
+      print("TapSigner url: \(url)")
+    case .satsChip(let satsChip):
+      let url: String = try await satsChip.nfc()
+      print("SatsChip url: \(url)")
+    }
+  }
+  func testXpub() async throws {
+    let cardEmulator = CardEmulator()
+    let card = try await toCktap(transport: cardEmulator)
+    switch card {
+    case .satsCard(_):
+      print("SatsCard does not support he xpub command.")
+    case .tapSigner(let tapSigner):
+      let xpub: String = try await tapSigner.xpub(master: true, cvc: "123456").toString()
+      print("TapSigner master xpub: \(xpub)")
+    case .satsChip(let satsChip):
+      let xpub: String = try await satsChip.xpub(master: false, cvc: "123456").toString()
+      print("SatsChip xpub: \(xpub)")
+    }
+  }
 }
diff --git a/cli/src/main.rs b/cli/src/main.rs
@@ -9,7 +9,7 @@ use rust_cktap::emulator;
 use rust_cktap::error::{DumpError, StatusError, UnsealError};
 #[cfg(not(feature = "emulator"))]
 use rust_cktap::pcsc;
-use rust_cktap::shared::{Authentication, Read, Wait};
+use rust_cktap::shared::{Authentication, Nfc, Read, Wait};
 use rust_cktap::tap_signer::TapSignerShared;
 use rust_cktap::{
     CkTapCard, CkTapError, Psbt, PsbtParseError, SignPsbtError, rand_chaincode, shared::Certificate,
@@ -74,6 +74,8 @@ enum SatsCardCommand {
     },
     /// Call wait command until no auth delay
     Wait,
+    /// Get the card's nfc URL
+    Nfc,
 }
 
 /// TapSigner CLI
@@ -106,10 +108,18 @@ enum TapSignerCommand {
     Backup,
     /// Change the PIN (CVC) used for card authentication to a new user provided one
     Change { new_cvc: String },
-    /// Sign a digest
-    Sign { to_sign: String },
+    /// Sign a PSBT
+    Sign { psbt: String },
     /// Call wait command until no auth delay
     Wait,
+    /// Get the card's nfc URL
+    Nfc,
+    /// Read the xpub (requires CVC)
+    Xpub {
+        /// Give master (`m`) XPUB, otherwise derived XPUB
+        #[clap(short, long)]
+        master: bool,
+    },
 }
 
 /// TapSigner CLI
@@ -140,10 +150,18 @@ enum SatsChipCommand {
     },
     /// Change the PIN (CVC) used for card authentication to a new user provided one
     Change { new_cvc: String },
-    /// Sign a digest
-    Sign { to_sign: String },
+    /// Sign a PSBT
+    Sign { psbt: String },
     /// Call wait command until no auth delay
     Wait,
+    /// Get the card's nfc URL
+    Nfc,
+    /// Read the xpub (requires CVC)
+    Xpub {
+        /// Give master (`m`) XPUB, otherwise derived XPUB
+        #[clap(short, long)]
+        master: bool,
+    },
 }
 
 #[tokio::main]
@@ -192,6 +210,7 @@ async fn main() -> Result<(), CliError> {
                     dbg!(response);
                 }
                 SatsCardCommand::Wait => wait(sc).await,
+                SatsCardCommand::Nfc => nfc(sc).await,
             }
         }
         CkTapCard::TapSigner(ts) => {
@@ -222,14 +241,14 @@ async fn main() -> Result<(), CliError> {
                     let response = &ts.change(&new_cvc, &cvc()).await;
                     println!("{response:?}");
                 }
-                TapSignerCommand::Sign { to_sign } => {
-                    let digest: [u8; 32] =
-                        rust_cktap::Hash::hash(to_sign.as_bytes()).to_byte_array();
-
-                    let response = &ts.sign(digest, vec![], &cvc()).await;
-                    println!("{response:?}");
+                TapSignerCommand::Sign { psbt } => {
+                    let psbt = Psbt::from_str(&psbt)?;
+                    let signed_psbt = ts.sign_psbt(psbt, &cvc()).await?;
+                    println!("signed_psbt: {signed_psbt}");
                 }
                 TapSignerCommand::Wait => wait(ts).await,
+                TapSignerCommand::Nfc => nfc(ts).await,
+                TapSignerCommand::Xpub { master } => xpub(ts, master).await,
             }
         }
         CkTapCard::SatsChip(sc) => {
@@ -253,14 +272,14 @@ async fn main() -> Result<(), CliError> {
                     let response = &sc.change(&new_cvc, &cvc()).await;
                     println!("{response:?}");
                 }
-                SatsChipCommand::Sign { to_sign } => {
-                    let digest: [u8; 32] =
-                        rust_cktap::Hash::hash(to_sign.as_bytes()).to_byte_array();
-
-                    let response = &sc.sign(digest, vec![], &cvc()).await;
-                    println!("{response:?}");
+                SatsChipCommand::Sign { psbt } => {
+                    let psbt = Psbt::from_str(&psbt)?;
+                    let signed_psbt = sc.sign_psbt(psbt, &cvc()).await?;
+                    println!("signed_psbt: {signed_psbt}");
                 }
                 SatsChipCommand::Wait => wait(sc).await,
+                SatsChipCommand::Nfc => nfc(sc).await,
+                SatsChipCommand::Xpub { master } => xpub(sc, master).await,
             }
         }
     }
@@ -319,3 +338,21 @@ where
     }
     println!("No auth delay.");
 }
+
+async fn nfc<C>(card: &mut C)
+where
+    C: Nfc + Send,
+{
+    let nfc = card.nfc().await.expect("nfc failed");
+    println!("{nfc}");
+}
+
+async fn xpub<C>(card: &mut C, master: bool)
+where
+    C: TapSignerShared + Send,
+{
+    dbg!(master);
+    let xpub = card.xpub(master, &cvc()).await.expect("xpub failed");
+    dbg!(&xpub);
+    println!("{xpub}");
+}
diff --git a/lib/src/apdu.rs b/lib/src/apdu.rs
@@ -468,7 +468,7 @@ impl CommandApdu for NfcCommand {
 #[derive(Deserialize, Clone, Debug, PartialEq, Eq)]
 pub struct NfcResponse {
     /// command result
-    url: String,
+    pub url: String,
 }
 
 impl ResponseApdu for NfcResponse {}