GrailVault Case · PSA Cold Storage + Mesh

⬡ GrailVault Case

● Spec v1.0

🃏

PSA · GrailVault

One slab. One vault. One chain.

A 3D-printed cold-storage case for PSA-graded Pokémon cards that embeds a Meshtastic mesh node and generates a 3-layer Solana wallet private key — so the crypto is physically locked to the card.

🔐

Cold Storage

3-layer key: PSA cert + node ID + HW RNG. Never fully digital.

📡

Mesh Tracking

BLE / LoRa Meshtastic node. Location, tamper alerts, last-seen.

🛡️

Tamper-Evident

Reed switch + frangible tabs. Open event logs and broadcasts.

🪪

Identity Layer

Laser-etched serial + NFC tap → vault record + PSA cert link.

System Architecture

🃏 PSA Slab
Cert # under sticker

📡 Mesh Node
Burned HW node ID

🎲 HW RNG
One-time token

↓

🔑 SHA-256(cert ‖ nodeID ‖ rng) → Ed25519 Seed → Solana Cold Wallet

↓

🌐 On-chain NFT / PDA
PokéDollar Vault · Provenance record · Mesh presence

How it works

Print or receive the GrailVault Case. The electronics bay holds the mesh node with a factory-burned unique node ID.

At vault-setup time, press the HW RNG button on the case. It generates a 32-bit random token and displays it on a small e-ink window (or prints it once, then shreds it).

Use the Key Gen tab (this app) to combine PSA cert + node ID + HW RNG token via SHA-256 into a Solana seed. The wallet address is your on-chain cold vault.

Seal the case. The PSA cert stays hidden under the card sticker. The node ID stays inside the MCU. The HW RNG token is stored offline-only (paper/metal). All three are needed to recover the key.

The embedded mesh node beacons your case's location and tamper status to any nearby Meshtastic gateway, linking your physical slab to on-chain presence.

Physical Specifications

Parameter	Value
Outer dims (LWH)	109 × 80 × 22 mm (sleeved PSA slab + 1 mm clearance)
Inner slab pocket	106 × 74 × 10 mm (0.2–0.4 mm tolerance each side)
Electronics bay	70 × 30 × 8 mm (behind slab, snap-in PCB tray)
Shell material	PETG (primary) or ABS with TPU bumper ring
Front lens	98 × 66 × 2 mm clear acrylic / polycarbonate press-fit
Corner pads	TPU 70A, 4× wedge 8 × 8 × 3 mm — EVA foam backup
O-ring channel	AS568-028 (optional dust/splash seal on clamshell seam)
Fasteners	4× M2 × 6 mm security Torx T6, recessed heads
Approx. weight	~85 g printed + electronics; ~15 g PCB/battery tray

CAD / 3D Print Parameters

Setting	Value
Layer height	0.15 mm (quality) — 0.20 mm acceptable
Infill	40% gyroid (shell halves); 80% grid (latch bosses)
Perimeters	4 (for wall strength around lens channel)
Orientation	Shell halves flat face-down; layer lines run around card perimeter
Supports	Tree supports for electronics bay lid; none needed for shell halves
Snap-fit clear.	0.10–0.15 mm on PETG; 0.18 mm on ABS
Mating clear.	0.20 mm on guide pins; 0.25 mm on PCB tray rails
Post-process	Light sand inner slab pocket to 400-grit; prime + paint outer optional
Lens press-fit	0 mm clearance (light interference fit); freeze lens before pressing

Bill of Materials — Physical

Part	Qty	Note
PETG filament	~60 g	1.75 mm, any brand; matte black recommended
Clear acrylic 2 mm	1 pc	98 × 66 mm laser-cut or scored
TPU corner pads	4	Print in TPU 70A or cut from 3 mm EVA foam
AS568-028 O-ring	1	Buna-N, optional
M2 × 6 Torx T6	4	Security head; countersunk
M2 heat inserts	4	3.2 mm OD × 4 mm; press in with soldering iron
Pogo pad strip	1 set	4-pin magnetic pogo for external power/prog (optional)
Logo plate	1	Swappable; print in accent color or engrave

Modularity Notes

Swappable electronics tray ▾

The PCB tray snaps into a standardized 70 × 30 × 8 mm bay. You can swap between a BLE-only module, a BLE + LoRa combo, or a future NFC-only passive module without reprinting the shell. The tray has 4 retention clips and a single micro-screw access hole in the back of the case.

Stacking geometry ▾

Top and bottom surfaces include 4 × 2 mm alignment pins (top) and mating sockets (bottom). Cases stack into display towers of up to 8 slabs with 1 mm clearance. The spine-facing edge is flat for bookshelf storage.

Branding plates ▾

A 36 × 14 mm plate slot on the back accepts interchangeable logo inserts — PokéBall, set symbol, trainer ID, or custom text. Print in a contrasting color or use pre-cut sticker stock.

MCU + Radio

PCB Layout — GrailVault Node v1

MCU · nRF52840

ARM Cortex-M4 @ 64 MHz
BLE 5.0 + 802.15.4 Thread
512 KB Flash · 256 KB RAM
TRNG (hardware RNG)

Radio Option B · RFM95W

LoRa 915 MHz (US) / 868 (EU)
SPI to nRF52840
Add-on module if LoRa needed
Range: 2–5 km urban

Tamper · Reed + Accel

SPST reed switch on clamshell seam
LIS2DH12 I²C accelerometer
INT1 wakes MCU on motion
Tamper flag stored in flash

Power · CR2450

560 mAh coin cell
Boost reg to 3.3 V (if needed)
Battery level ADC
Target: 12–18 month runtime

NFC · NT3H2111

NXP ISO 15693 passive NFC tag
8 KB EEPROM for records
Tap to read: case ID + vault URL
No battery needed for NFC

Display · GDEW0102

1.02" e-ink 128 × 80 px
Shows: node ID + RNG token
SPI interface; retains image off
Optional — replace with QR sticker

BOM — Electronics

Component	Part	Est. Cost
MCU module	Seeed XIAO nRF52840 or custom PCB	~$8
LoRa module	HopeRF RFM95W (optional add-on)	~$6
Accelerometer	ST LIS2DH12 (SOIC-8)	~$1
Reed switch	SPST NC 5 mm, through-hole	~$0.20
NFC tag IC	NXP NT3H2111W0FT (SOIC-8)	~$1.50
NFC antenna	PCB trace coil or Molex 2129590100	~$0.50
e-ink display	Waveshare 1.02" GDEW0102 (optional)	~$10
Battery holder	Keystone 3002 CR2450 SMT	~$0.40
PCB (2-layer)	Custom 68 × 28 mm, JLCPCB ~5 pcs	~$5/5 pcs
Misc passives	Decoupling caps, resistors, LED	~$1
Total (BLE only)	per unit, DIY PCB	~$17
Total (BLE+LoRa)	per unit, DIY PCB	~$23

Tamper Detection Flow

①

Reed switch opens when the clamshell separates. MCU wakes from deep sleep via GPIO interrupt (sub-millisecond response).

②

MCU writes tamper flag + RTC timestamp to internal flash (256-byte tamper log, circular buffer).

③

Immediately changes BLE advertisement payload: tampered=1, ts=<unix>. Any nearby scanner picks this up within seconds.

④

Beacon rate increases from 0.5 Hz (sleep) to 5 Hz for 5 minutes post-tamper, then returns to low-duty cycle to conserve battery.

⑤

Frangible tab on the shell snaps on first open (visible physical evidence). Optional color-change insert misaligns when case is separated.

Power Budget

State	Current	% Time
Deep sleep (MCU)	2 µA	97.5%
BLE beacon (0.5 Hz)	~4 mA peak, avg ~0.08 mA	2%
Active / tamper burst	~6 mA	0.5%
Avg total	~0.12 mA	—
CR2450 capacity	560 mAh	→ ~194 days (6 mo)
CR2450 (low duty)	0.05 mA avg	→ ~466 days (15 mo)

3-Layer Cold Storage Key

①

PSA Cert Number

Printed on the physical PSA-graded slab, hidden under the security sticker. You must break the sticker or look at the card itself to reveal it.

Physical Slab

②

Mesh Node ID

A unique 32-bit ID burned into the MCU at manufacturing time. Never transmitted in plaintext. Readable only by opening the electronics bay.

Hardware MCU

③

Hardware RNG Token

A one-time 32-bit random number generated by the MCU's hardware TRNG at vault-setup time. Shown once on the e-ink display, then stored offline (paper/metal plate). Never re-generated.

TRNG One-Time

🔑 Key Generation Demo

① PSA Cert Number — from physical slab sticker

This is the PSA certification number printed on the slab label. Treat it as a secret once vaulted.

② Mesh Node ID — from case MCU (hex)

The unique hardware ID burned into the case's nRF52840 at manufacturing time.

③ HW RNG Token — one-time, from MCU TRNG

Generated once by the MCU's hardware TRNG at vault-setup time. Store offline permanently — this is your recovery token.

Combined Input

SHA-256 Seed (32 bytes)

Simulated Solana Address (Base58)

⚠️ DEMO ONLY. This tool demonstrates the key derivation concept using SHA-256 in the browser. No real Solana keypair is generated or stored. In production, key derivation runs on the case hardware itself (or an air-gapped device) and the result is never transmitted. The PSA cert, node ID, and RNG token are never entered online together.

Security Model

Attack scenario	Protection
Steal the card slab	Missing node ID (still in case) + HW RNG token (offline). 2 of 3 missing → no key.
Steal the case	Missing PSA cert # (still on physical slab) + HW RNG token (offline). 2 of 3 missing.
Find the offline RNG token	Missing PSA cert # + node ID. Neither piece alone is sufficient.
Open the case (tamper)	Reed switch fires tamper flag immediately. Beacon alerts owner. Physical frangible tab broken visibly.
Copy the NFC / QR	NFC stores only the vault URL + case serial. Contains no key material.
Replay beacon	BLE payload is signed with MCU private key at runtime. Spoofed beacons fail signature check.
Delimiter ambiguity	Demo uses `\|\|` separator (PSA certs and hex IDs never contain `\|\|`). Production firmware uses length-prefixed byte concatenation to eliminate any boundary ambiguity.

Network Topology

Meshtastic Configuration

Channel GrailVault (encrypted, PSK)

Modem preset LONG_FAST (LoRa) / BLE_MESH (BLE)

Transmit power +14 dBm (BLE) / +20 dBm (LoRa)

Beacon interval 2 s (normal) → 0.2 s (tamper burst)

Sleep interval 2 s on, 4 s sleep (33% duty cycle)

Node role CLIENT_MUTE (relay off to save power)

Payload fields node_id, tampered, battery_pct, rssi, ts

Encryption AES-128 (Meshtastic PSK), MCU-signed payload

Gateway Setup

Home / shop gateway: Raspberry Pi 4 + RAK2287 LoRaWAN + Meshtastic firmware running as always-on listener. Collects all nearby GrailVault beacons.

Gateway pushes to a backend (vault API or MQTT broker) — last-seen timestamp, tamper status, battery level, RSSI.

Mobile fallback: Meshtastic app on iOS/Android acts as a portable gateway when you carry your phone. Any case within BLE range is picked up and pushed to cloud.

Convention / event mode: Multiple attendees running the app form a dense mesh — your case is seen by many relay nodes simultaneously. Ideal for TCG events and shows.

Alert Types

Event	Trigger	Action
TAMPER	Reed switch opens	Beacon flag + burst rate + flash log
MOTION	Accel threshold exceeded	Log + optional push alert
BATTERY_LOW	<15% ADC	Beacon field + push notification
OFFLINE	No beacon seen >1 hr	Gateway alerts owner (cloud-side)
LOCATION_CHANGE	RSSI gateway fingerprint changed	Push alert with last-seen gateway ID

Data Model

{
  "case_id":    "GV-000123",            // laser-etched serial
  "node_id":    "A3F72C1B",             // MCU-burned (never transmitted plain)
  "psa_cert":   "●●●●●●●●",            // NOT stored here — physical only
  "card_id":    "poke-charizard-1st-10", // vault reference
  "owner_id":   "solana-wallet-addr",   // PokéDollar Vault account
  "tampered":   false,
  "tamper_log": [],
  "battery_pct": 87,
  "last_seen":  "2026-04-09T13:47:00Z",
  "last_rssi":  -68,
  "gateway_id": "home-pi-gateway-01",
  "location_fingerprint": "home-vault"
}

Product Tiers

Shell Only

Hobbyist Case

$49

Printed PETG shell + clear lens
TPU corner pads + O-ring
Laser-etched serial + QR sticker
NFC passive tag (no battery)
No electronics — bring your own module

POPULAR

Electronics Kit

Pocket Vault Tracker

$149

Full printed shell + lens + pads
nRF52840 BLE mesh node (assembled PCB)
Reed switch + LIS2DH12 accelerometer
CR2450 battery (18-month runtime)
NFC tag + e-ink node ID display
Meshtastic firmware pre-flashed
Laser-etched serial + QR

Full Bundle

Complete Pocket Vault

$249

Everything in Tracker tier
BLE + LoRa RFM95W combo module
Home gateway config guide
Vault-setup walkthrough (key gen)
Engraved titanium RNG token card
Priority support + 1-year warranty

Enterprise

10-Case Pack

$1,999

10× Complete Pocket Vault cases
Custom branding plates (your logo)
Bulk node ID provisioning
API access for fleet tracking
Custom channel PSK for your mesh

Custom orders & licensing: Need a different form factor, custom firmware, or enterprise deployment? Email [email protected] with your specs.

Open-source: CAD files (STEP + STL) and firmware (Zephyr RTOS / Meshtastic fork) will be released on GitHub under MIT license after the initial production run.

🃏⬡📡

Physical pocket vault + on-chain/mesh presence

Cold storage for a single slab. Because a Charizard BGS 10 deserves better than a shoebox.