web/boltcard
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Update SPEC.md

Browse source
This commit is contained in:
Peter Rounce 2022-09-01 07:46:36 +01:00 committed by GitHub
parent d8dafb1d2e
commit 6ebd94762b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

11
docs/SPEC.md
View file

@ -1,13 +1,16 @@
# Bolt card specification
The bolt card system is built on the open standards listed below.
The bolt card system is built on the technologies listed below.
- [LUD-03: withdrawRequest base spec.](https://github.com/fiatjaf/lnurl-rfc/blob/luds/03.md)
- [LUD-17: Protocol schemes and raw (non bech32-encoded) URLs.](https://github.com/fiatjaf/lnurl-rfc/blob/luds/17.md)
- NFC Data Exchange Format (NDEF)
- Replay protection
- NXP Secure Unique NFC Message (SUN) technology as implemented in the NXP NTAG 424 DNA card
## Bolt card and POS interaction
the point-of-sale (POS) will read an NDEF message from the card, for example
the point-of-sale (POS) will read a NDEF message from the card, which changes with each use, for example
```
lnurlw://card.yourdomain.com?p=A2EF40F6D46F1BB36E6EBF0114D4A464&c=F509EEA788E37E32
```
@ -15,9 +18,9 @@ the POS will then call your bolt card service here
```
https://card.yourdomain.com?p=A2EF40F6D46F1BB36E6EBF0114D4A464&c=F509EEA788E37E32
```
your bolt card service should verify the payment request as below and continue the LNURLw protocol
your bolt card service should verify the payment request as below and continue the standard LNURLw protocol as defined in LUD-03
## Server side verification
## Server side verification of the payment request
- for the `p` value and the `SDM Meta Read Access Key` value, decrypt the UID and counter with AES
- for the `c` value and the `SDM File Read Access Key` value, check with AES-CMAC