Device independent crypto engine

What is claimed is: 1. An apparatus comprising: a housing arranged to hold a device; a non-transitory memory that includes a key store for storing a first key; a communication device at least partially supported by the housing and connectable to the device to establish a communication channel with the device; and a controller connected to the non-transitory memory and the communication device and operable to: receive, via the communication channel, a first portion of data from the device; perform a cryptographic operation on the first portion of the data using the first key to generate a modified first portion; send, via the communication channel, the modified first portion to the device; and enable the device to derive a second portion of the data using the modified first portion, including enabling the device to extract a second key from the modified first portion and decrypt the second portion of the data using the second key to generate a modified second portion, and enabling the device to display the modified second portion. 2. The apparatus of claim 1 , wherein the first key is a private key. 3. The apparatus of claim 1 , wherein the controller is further operable to: establish a session over the communication channel upon a successful registration and pairing of the device and the apparatus; receive the first portion of the data in a request message over the session; and send a reply message over the session, wherein the reply message includes the modified first portion of the data. 4. The apparatus of claim 3 , wherein the controller is further operable to: encrypt the communication channel upon the successful registration and pairing of the device and the apparatus. 5. The apparatus of claim 1 , wherein the modified first portion includes a second key, and enabling the device to derive the second portion of the data using the modified first portion includes: triggering extraction of the second key from the modified first portion; and enabling deriving of the second portion of the data using the second key. 6. The apparatus of claim 1 , wherein the controller is further operable to: generate a signature of the data; and send the signature to the device over the communication channel. 7. The apparatus of claim 1 , wherein the controller is further operable to: authenticate a user of the device; and cease to perform the cryptographic operation on the first portion of the data in accordance with failing to authenticate the user. 8. A method comprising: at a device including a processor and a non-transitory memory: packaging a first portion of data used by an application running on the device in a first request message; sending, via a communication channel, the first request message to an apparatus, wherein the apparatus includes a non-transitory memory including a key store for storing a first key, a housing arranged to hold the device, a communication device at least partially supported by the housing and connectable to the device to establish the communication channel, and a crypto engine connected to the non-transitory memory and the communication device; triggering the crypto engine to perform a cryptographic operation on the first portion of the data using the first key to generate a modified first portion; receiving, via the communication channel, a first reply message including the modified first portion from the apparatus; deriving a second portion of the data using the modified first portion; extracting a second key from the modified first portion; decrypting the second portion of the data using the second key to generate a modified second portion; and displaying the modified second portion. 9. The method of claim 8 , further comprising: initializing by the application to trigger a registration with a connectivity module running on the device, wherein the connectivity module connects with the communication device on the apparatus to establish the communication channel; obtaining from the connectivity module an identifier of the apparatus; and establishing a session with the apparatus over the communication channel using the identifier of the apparatus. 10. The method of claim 9 , further comprising: encrypting the communication channel in accordance with the registration with the connectivity module being successful and pairing of the device and the apparatus. 11. The method of claim 8 , wherein: the first key is a private key; and the method further includes storing in the non-transitory memory the data encrypted with a public key corresponding to the private key. 12. The method of claim 8 , further comprising: generating a hash of outgoing data; sending a second request message including the hash to the apparatus; causing the crypto engine to generate a signature by signing the hash using the first key; receiving a second reply message including the signature from the apparatus; and distributing the outgoing data with the signature attached. 13. A system comprising: a device including an application and an adapter integrated with the application; and an apparatus including a housing arranged to hold the device, a communication device at least partially supported by the housing and connectable to the device to establish a communication channel, a non-transitory memory including a key store for storing a key, and a controller, wherein the controller is operable to, receive from the application on the device, via the adapter and over the communication channel, at least a portion of data; perform a cryptographic operation on at least the portion of the data using the key to generate modified data in response to receiving at least the portion of data; and send to the application on the device, via the adapter and over the communication channel, the modified data to enable access by the application to the data including the modified data, including enabling the application to extract a second key from the modified first portion and decrypt the second portion of the data using the second key to generate a modified second portion, and enabling the device to display the modified second portion. 14. The system of claim 13 , wherein the apparatus is modular and distinct from the device. 15. The system of claim 13 , wherein the controller is further operable to generate the key and store the key in a secure portion of the non-transitory memory. 16. The system of claim 13 , wherein the controller is further operable to: initialize by the application to trigger a registration with a connectivity module running on the device, wherein the connectivity module connects with the communication device on the apparatus to establish the communication channel; obtain from the connectivity module an identifier of the apparatus; and establish a session with the apparatus over the communication channel using the identifier of the apparatus. 17. The system of claim 16 , wherein the session is established upon a successful registration and pairing of the device and the apparatus, and the controller is further operable to: receive at least the portion of the data in a request message over the session; and send a reply message over the session, wherein the reply message includes the modified data. 18. The system of claim 13 , wherein the controller is further operable to: authenticate a user of the device; and cease to perform the cryptographic operation on at least the portion of the data using the key in accordance with failing to authenticate the user.