Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(ios) Playground: Bolt Card + Phoenix Wallet #665

Draft
wants to merge 4 commits into
base: master
Choose a base branch
from
Draft

(ios) Playground: Bolt Card + Phoenix Wallet #665

wants to merge 4 commits into from

Conversation

robbiehanson
Copy link
Contributor

@robbiehanson robbiehanson commented Jan 3, 2025
edited
Loading

The Bolt Card allows for bitcoin payments over the lightning network using a contactless payment card.

This PR:

  • allows users to link a bolt card to their phoenix wallet
  • they can then make contactless payments at supporting merchants using their card
  • the user can manage their card within the app:
    • freeze / unfreeze the card at anytime
    • set daily / monthly spending limits
  • the user can link multiple cards to their account (e.g. mom links a card for her daughter, and sets spending limits for that card)

This is a playground / draft PR, with the goal of developing and testing Bolt Card version 2 - a new version that replaces LNURL with modern lightning network communication.

There's a LOT to explain here, so I've broken it down into sections.

User Experience

It's super easy to link a card to your wallet. Just tap the "create new debit card" button, and then tap the card to the upper-half of the iPhone.

nfc_write_720p.mov

After that the user is free to manage their card however they want:

When they make a payment with the card, they will see a notification on their phone:

NTAG 424 DNA

The NFC card that's used is called NTAG 424 DNA

This type of card can be used for many different things. But it also has the attributes needed to perform card payments. In particular, it has AES encryption plus a built-in counter that gets incremented everytime the card is read.

Here's the cliff notes version of how it works:

When you program the card, you write:
  1. AES encryption keys:
key_1 = 96aa8e8e921e82eda6a8e881472791b7
key_2 = 1e92ba49427e8e3e937c202182f047f3
  1. NDEF template string:
foo:bar?picc_data=00000000000000000000000000000000&cmac=000
0000000000000
  1. NDEF template settings:
piccOffet = 18
piccKey = key_1
cmacOffset = 56
cmacKey = key_2
Then when the card is read, it will:
  1. Increment it's internal counter variable
  2. Generate picc data:
picc = AES.encrypt(
  key = key_1,
  data = "${UID}${counter}${random_bytes}"
).toHex()
  1. Generate cmac (message authentication code):
cmac = AES.cmac(
  key = key_2,
  data = "${header}${UID}${counter}${padding}"
).toHex()
  1. Output NDEF result according to template string:
result = foo:bar?picc_data=6fbd71185a71b2fd29a5aa7b7006a8a3&cmac=f135ae3682f25dd7
Then general idea is:
  • The string generated by the card gets sent to the wallet, along with an invoice
  • Since the wallet knows the keys on the card, it can:
    • Decrypt the data
    • And get the card's UID & counter value
    • Verify the CMAC
  • Based on all the information it has, it can decide whether or not to make the payment

Lnurl-Withdraw

The Bolt Card was initially released several years ago. Long before Bolt 12 was standardized and widely deployed. Thus it's completely understandable that they opted to use lnurl-withdraw.

However, the use of lnurl-withdraw means:

  • An HTTP server is required
  • The server receives the invoice, and is trusted to forward it to the wallet

There's not many problems with this design if you're operating a custodial wallet service. But if you're designing a non-custodial wallet, then there are lots of problems. Thus the desire for an updated version that takes advantage of modern lightning technologies.

(Similar to how BIP-353 is replacing lnurl-pay for lightning addresses.)

Host Card Emulation (like Apple Pay)

It is my understanding that we do NOT need any special permission from Apple to allow either reading NFC cards, or writing to them within our app.

This is in stark contrast to doing Host Card Emulation, where the phone itself acts as an NFC card, and sends data to a reader (i.e. like when using Apple Pay)

  • In 2022, the EU accused Apple of abusing its dominant position in the smartphone market by restricting access to NFC technology, which is crucial for contactless payments. This restriction was seen as a way to favor Apple Pay over competing mobile payment services.
  • In 2024 Apple settled the case. They offered commitments to address these concerns, including providing third-party developers in the European Economic Area (EEA) with access to use NFC for contactless payments and transactions.

However, you must obtain special permission from Apple to use this technology. Here's the details for obtaining permission in the European Economic Area. And here's the details for obtaining permission in the USA.

However, note that even if Apple decides to give you permission to use the technology, it can only be used in an "eligible territory", which Apple decides. And there are more people in the world living outside these "eligible territories" than inside.

Task List:

  • Library to write to NFC cards
  • UI for linking debit cards
  • UI for managing debit cards
  • Logic to handle incoming payment requests
  • Push notifications for payment requests
  • Sync cards to iCloud
  • Design & implementation of version 2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@robbiehanson