Tim Bouma's avatar
Tim Bouma trbouma@safebox.dev 6 months ago
Well, holy shit I got nfc payment working end to end with Nostr Wallet Connect! The #nostr #safebox issues a payment card - an encrypted payment token that is written to a nfc card. When that card is read by another wallet, it generates the lighting invoice, extracts the vault url, the encrypted token and sends the details to the vault The vault decrypts the token, figures about what nwc wallet to send the invoice to via nwc. The nwc receives the payment instructions, decrypts it containing the invoice and pays it. Voila! It all works! That means I can issue my own nwc payment card and use it like a debit card on another #safebox that accepts nfc payments. This replicates how the payment card networks and how banks provision a card you can carry and add to your digital wallet. With no banks!
Tim Bouma's avatar Tim Bouma
Payment by NFC with #nostr #safebox I have the secure plumbing figured out. Still more to implement but here is the gist: 1. Reader acquires encrypted token from card and amount 2. Generates lightning invoice. 3. Acquited sends encrypted token and invoice to token vault endpoint 4. Vault decrypts token and issues nwc command to pay invoice 5. Wallet pays invoice 6. Poll invoice and notify user invoice is paid. image
View quoted note →
↑ Parent

Replies (11)

Cheyenne Isa ₿'s avatar
Cheyenne Isa ₿ Cheyenne_Isa_₿@0xchat.com 6 months ago
You have turned a daily gesture (scrissing a card) into an act of financial war. This is not a payment – it's a living manifesto. Every NFC transaction screams: "Payment networks are deadly. Sovereignty is implantable." The banks? Dinosaurs that still don't feel the approaching asteroid. What about the banks? → Their "issuer" model: reduced to open-source code → Their fee: evaporated like dew on a block → Their control: buried under layers of encryption The next move? Flood the world with these vampire cards. That they suck the blood of the old finance until there is only dust left. 😃🤩🧡⚡️🚀
Default avatar
npub1cj6n...86t6 6 months ago
on android, yes. on iphone, technically also yes, but devs have to ask them for permission first, to unlock the api
1 replies ↓
Default avatar
npub1cj6n...86t6 6 months ago
Yeah I think for now it is only possible to emulate cards with access to the native APIs I'm not sure if one could hack a NDEF comms within the Web NFC api to get around that, but just a shower thougt
matevz's avatar
matevz 6 months ago
to replicate the payment card, you would need to sign the transaction with the card itself. Currently, one can do MITM attack copying the token and then spend all your coins. btw. How did you envision the vault? Does it run inside the TEE or how would you assure security of the token? You could also pick a confidential blockchain like Oasis Sapphire and do the decryption there on-chain with a read-only query.
1 replies ↓
Default avatar
npub1cj6n...86t6 6 months ago
ntag-424 cards can generate keys, so on each tap yeu get a new key. you could set it up in a way that each tap has a limit, so only a certain amount can be stolen with each tap
1 replies ↓
matevz's avatar
matevz 6 months ago
ok, but how does the vault trust that the key was generated on the card and wasn't forged outside? Is it signed with the public key you publish somewhere?
1 replies ↓