Ledger Open Source Java Card
Our wallet review process
We examine wallets starting at the code level and continue all the way up to the finished app that lives on your device. Provided below is an outline of each of these steps along with security tips for you and general test results.
Application build test result
The Ledger Open Source Java Card applet is also known as
This applet is an implementation of the Ledger Wallet Hardware Wallet specification emulating an NFC Forum Type 4 tag to display the second factor, with specific extensions
It is compatible with the core API with a few limitations if not using a proprietary API to recover public keys - the public key cache needs to be provisioned from the client side.
A demonstration of this application and workaround if no proprietary API is present is provided in the Python API and also in Mycelium
Several other integration examples are provided on Ledger Unplugged product page
Developers can also check if a Java Card platform is supported and its performance with the Eligibility applet
You can still find the product page for the Ledger Open Source Java Card on archive.org
You can buy the a NFC card directly on Fidesmo’s website (http://shop.fidesmo.com/) and then buy the Ledger app. It’ll be a full equivalent of the Unplugged.
We stopped selling it (the Ledger Unplugged) directly because there was too much customer support needed: NFC is not working well (generally speaking) and depending of the phone and the environment the communication with the card didn’t work well all the time.
Nicolas Bacca had this to add:
also Fidesmo provides more form factors for you to choose from (such as directly running it on a yubikey)
The Ledger Open Source Java Card has no interface and is no longer in production.
Tests performed by Daniel Andrei R. Garcia
Do your own research
In addition to reading our analysis, it is important to do your own checks. Before transferring any bitcoin to your wallet, look up reviews for the wallet you want to use. They should be easy to find. If they aren't, that itself is a reason to be extra careful.