Build a $10 Offline Password Manager Using an NFC Smartcard.

by Self_Custodian in Circuits > Mobile

62 Views, 0 Favorites, 0 Comments

Build a $10 Offline Password Manager Using an NFC Smartcard.

5918113739167173579.jpg
5918113739167173581.jpg

Password managers are everywhere, but most of them rely on the cloud, subscriptions, or complex software you don’t fully control.

In this instructable, you’ll learn how to build your own offline password manager for about $10, using an NFC smartcard.

Your passwords are stored directly inside the smartcard’s secure element, not on your computer. Access to the data is protected by a PIN code, and the card is designed to resist complex physical attacks. When the card is removed, your passwords are immediately inaccessible.

Thanks to the dual-interface NFC smartcard, you can use the same pocket-sized password manager with:

  1. A desktop computer (via a USB smartcard reader)
  2. A smartphone (via NFC)

This project is perfect if you’re looking for a simple, offline, and transparent alternative to cloud-based password managers — and a hands-on introduction to smartcards, hardware security, and DIY electronics.

Supplies

5918113739167173580.jpg

To build this $10 smartcard-based password manager, you’ll only need a few basic items:

NFC Smartcard (Secure Element):

  1. A compatible dual-interface NFC smartcard such as:
  2. J3R180
  3. J3R200
  4. These cards include a secure element, PIN protection, and NFC support.

Computer:

  1. Any Windows, macOS, or Linux computer with Java support
  2. Used to flash and manage the smartcard
  3. No special hardware required

Smartcard Reader:

  1. A USB smartcard reader compatible with ISO 7816 cards
  2. Used to communicate with the smartcard from your computer

Optional (but nice to have):

  1. NFC-enabled smartphone — to access your passwords directly from your phone
  2. Card holder or sleeve — to protect your smartcard in your pocket


That’s it!

No soldering, no complex electronics, and no expensive tools — just a smartcard and a reader.

Overview

This project follows a simple two-step setup, plus a final usage step:

  1. Compile the Java Card applet → generates a .cap file
  2. Load the applet onto the smartcard → installs it securely
  3. Use the password manager → on desktop or mobile

Once installed, the applet lives inside the smartcard’s secure element and can be accessed whenever the card is present.

Compile the Javacard Applet

In this step, you’ll build the smartcard application and generate a .cap file — the format required to install software on JavaCards aka smartcards.

💡 Optional shortcut:

If you don’t want to build the applet yourself, you can download the pre-compiled applet directly here. And directly go to the Step 3. This .cap file works the same way as a self-compiled applet and can be loaded onto your smartcard immediately.


🔹 What you’re doing:

  1. Downloading the open-source applet code;
  2. Setting up a Java Card build environment;
  3. Compiling the applet into a .cap file.

Don’t worry — no Java expertise is required. The process is mostly about setting up the tools and running a few command lines.


1️⃣ Install Java (JDK)

You’ll need a Java Development Kit to compile the applet.

  1. Recommended versions:
  2. JDK 8
  3. JDK 17

Make sure java and javac are available in your terminal.


2️⃣ Clone the Applet Repository

Start by cloning the open-source Seedkeeper applet repository:

git clone --single-branch --branch master https://github.com/Toporin/Seedkeeper-Applet/

This repository contains the Java Card code that turns your smartcard into a password manager.


3️⃣ Install Gradle

Gradle is used to automate the build process.

On Debian / Ubuntu-based systems:

sdk install gradle 9.2.1

Additional resources: https://gradle.org/install/


4️⃣ Add the Oracle Javacard SDK

The Java Card SDK provides the libraries required to compile smartcard applications.

Optional: if you project folders already contains a "SDK folder", remove it:

rmdir sdks

And flush the cache:

git rm -r --cached sdks

Then clone it as a submodule inside the project:

git submodule add https://github.com/martinpaljak/oracle_javacard_sdks sdks

And add the path to the gradle.properties file:

nano gradle.properties
com.fidesmo.gradle.javacard.home=./sdks/jcdk3.0.5u3

This keeps everything self-contained and avoids system-wide installations.


5️⃣ Build the Applet

From the project directory, simply run:

./gradlew convertJavacard


✅ If everything goes well, Gradle will generate a .cap file — this is the file you will install onto the smartcard in the next step.

Load the Applet Onto the Smartcard

Now that you have a .cap file, it’s time to install it onto your NFC smartcard.

🔹 What you’re doing

  1. Connecting to the smartcard
  2. Installing the applet using GlobalPlatform tools
  3. (Optionally) locking the card for security


1️⃣ Connect Your Smartcard Reader

Plug in your USB smartcard reader and insert the card. In most cases, drivers are detected automatically.

On Linux, you may need the PC/SC service:

sudo apt install pcscd


2️⃣ Install GlobalPlatformPro

GlobalPlatform cards are managed using GlobalPlatform tools.

Download GlobalPlatformPro (gp.jar or gp.exe), which allows you to:

  1. Detect cards
  2. Install applets
  3. Remove applets
  4. Lock the card
wget https://github.com/martinpaljak/GlobalPlatformPro/releases/download/v25.12.01/gp.jar

Always download the latest release from the official repository.


3️⃣ Verify Card Detection

Check that your card is correctly detected:

java -jar gp.jar -info

If the card responds, you’re ready to install the applet.


4️⃣ Install the Applet

Install the compiled .cap file:

java -jar gp.jar -install Seedkeeper.cap

The applet is now stored inside the card’s secure element.


5️⃣ (Optional but Recommended) Lock the Card

To prevent unauthorized changes, you can lock the card:

java -jar gp.jar -lock

🔒 This step increases security by disabling further applet installations.


6️⃣ Uninstalling (If Needed)

If you ever need to remove the applet:

java -jar gp.jar -uninstall Seedkeeper.cap


✅ If everything goes well, you now have a fully functional password manager on a secure NFC smartcard.

Use the Password Manager

Seedkeeper - Dual screen - iPhone - NFC toast and PIN code - Illustrated.png
Seedkeeper - 4 screens - Mockup Iphone.png
Seedkeeper - Desktop application.png

Once the applet is installed, your smartcard is ready to use. Your pocket password manager can be used on desktop (with the smartcard reader) or on mobile (with NFC).


On Desktop

Use the open-source Satochip-Utils application to:

  1. Setup a PIN code
  2. Manage your crendentials
  3. Generate strong passwords
  4. Save sensitive notes
  5. Backup one Seedkeeper smartcard to another

You can download the setup file:

  1. For Windows
  2. For Linux
  3. For Mac (ARM)
  4. For Mac (x86)
  5. More downloads on Github


On Mobile

Use the open-source Seedkeeper mobile application to:

  1. Setup a PIN code
  2. Manage your crendentials
  3. Generate strong passwords
  4. Save sensitive notes
  5. Backup one Seedkeeper smartcard to another

You can download the app:

  1. For iOS
  2. For Android

Simply scan the card, enter your PIN, and access your stored secrets.


Step-by-step guide

A useful step-by-step tutorials can be found here.

Conclusion

Seedkeeper - Illustration.png

✅ Final Result

You now have:

  1. An offline password manager
  2. Stored inside a secure NFC smartcard
  3. Accessible on desktop and mobile
  4. With no cloud dependency

You are now in control of your digital identity. No servers, no tracking, no middlemen — just you, your card, and your secrets.


💾 Your data belongs to you, not to a corporation. Open-source everything! Open-source for the win!