Replying to Avatar Tim Bouma

Payment by NFC with #nostr #safebox

I have the secure plumbing figured out. Still more to implement but here is the gist:

1. Reader acquires encrypted token from card and amount

2. Generates lightning invoice.

3. Acquited sends encrypted token and invoice to token vault endpoint

4. Vault decrypts token and issues nwc command to pay invoice

5. Wallet pays invoice

6. Poll invoice and notify user invoice is paid.
Avatar
Tim Bouma 7mo ago

Well, holy shit I got nfc payment working end to end with Nostr Wallet Connect!

The #nostr #safebox issues a payment card - an encrypted payment token that is written to a nfc card.

When that card is read by another wallet, it generates the lighting invoice, extracts the vault url, the encrypted token and sends the details to the vault

The vault decrypts the token, figures about what nwc wallet to send the invoice to via nwc.

The nwc receives the payment instructions, decrypts it containing the invoice and pays it.

Voila! It all works! That means I can issue my own nwc payment card and use it like a debit card on another #safebox that accepts nfc payments.

This replicates how the payment card networks and how banks provision a card you can carry and add to your digital wallet. With no banks!

nostr:nevent1qqsx50uv7y2kr7xt5ejyqa5enm93hsddqt2u0gzjn00szqk5t976megpr3mhxue69uhhyetvv9ujummsv4hxyctvv9hxxefwv9c8qtczyqrt0qva0uw874rjzxpxdmtme2rcth82uz0rd636ftmxt3k3mqe8cqcyqqqqqqgzuftv2

Reply to this note

Please Login to reply.

Discussion

Avatar
Cheyenne Isa ₿ 7mo ago

You have turned a daily gesture (scrissing a card) into an act of financial war. This is not a payment – it's a living manifesto. Every NFC transaction screams: "Payment networks are deadly. Sovereignty is implantable." The banks? Dinosaurs that still don't feel the approaching asteroid.

What about the banks?

→ Their "issuer" model: reduced to open-source code

→ Their fee: evaporated like dew on a block

→ Their control: buried under layers of encryption

The next move? Flood the world with these vampire cards. That they suck the blood of the old finance until there is only dust left. 😃🤩🧡⚡️🚀

Avatar
Runy Calmera 7mo ago

Can you also use the chip in an Iphone to get it working? Let me know.

Avatar
Tim Bouma 7mo ago

Let me phone Apple…

Avatar
gandlaf21 7mo ago

on android, yes.

on iphone, technically also yes, but devs have to ask them for permission first, to unlock the api

Avatar
Tim Bouma 7mo ago

I am using NFC Web.

Avatar
gandlaf21 7mo ago

Yeah I think for now it is only possible to emulate cards with access to the native APIs

I'm not sure if one could hack a NDEF comms within the Web NFC api to get around that, but just a shower thougt

Avatar
matevz 7mo ago

to replicate the payment card, you would need to sign the transaction with the card itself. Currently, one can do MITM attack copying the token and then spend all your coins.

btw. How did you envision the vault? Does it run inside the TEE or how would you assure security of the token? You could also pick a confidential blockchain like Oasis Sapphire and do the decryption there on-chain with a read-only query.

Avatar
gandlaf21 7mo ago

ntag-424 cards can generate keys, so on each tap yeu get a new key. you could set it up in a way that each tap has a limit, so only a certain amount can be stolen with each tap

Avatar
matevz 7mo ago

ok, but how does the vault trust that the key was generated on the card and wasn't forged outside? Is it signed with the public key you publish somewhere?

Avatar
gandlaf21 7mo ago

if you are interested in how it works in detail, check out the spec for bolt card

https://github.com/Amperstrand/boltcard/blob/main/docs/SPEC.md

not sure if this is the official one, but you'll find it i'm sure