Topic: Deleted (Read 952 times)

Method you describe is possible if both NFC tag and Electrum support BIP38, which encrypt private key with user chosen passphrase/password.

But in that case you must take care of the key and don’t forget it. If these keys are lost, it's pretty difficult to recover the funds.

I am curious on how you going to link the NFC tag to a wallet when you want to sweep the Private Key?  I have been looking for a safe method to transfer a Private key from a paper wallet to say... Electrum wallet to sweep my Paper wallets. (It should encrypt the Private key before it is transfered to Electrum and once it hits the Private key field, you should be able to decrypt it, before you apply it)

This way, no Malware would be able to grab the Private key ..because the actual Private key are only visible for a few seconds after you decrypted it. 

NFC credit cards have a very short range, so the card needs to be very close to the reader. I am not sure how close a card needs to be or if a reader with a sensitive reader mechanism could be used to allow for payments to be made from a longer range, or if a payment could be made if the card is in someone’s pocket or wallet. If any of the above is true, there is an enhanced risk of the loss of funds over using a traditional hardware wallet.

You both might want to read up on the Tagem RF/NFC cards.  Essentially, you have an app on your phone and each time you make an outbound transaction, the App and the chip talk to each-other (the App gets the necessary information to sign a transaction).  In essence, you have to hold the chip to the NFC enabled phone to make a payment.  No chip, no payment.  I've no doubt there's something "extra" contained within the chip that the app reads to verify the details haven't been skimmed from another card (such as their "two key" feature).

Tagem even outlines their security features on this page: https://shop.tangem.com/pages/faq-security-and-technical-details (and you don't tap your car on anyone else's card readers, so no skimming can occur)

As to BalletCrypto's "placing a priv key sticker..." in your flip comment, there are two components (the scratch off and the hidden QR code) that are joined via BalletCrypto's own App.  No app, no funds.

Spend ~$30 and prove me wrong.

No actually, I don't mean placing a private key sticker like the Ballet cards, I mean with a real NFC tag for storing private keys and a SIM that can make raw transactions and sign them. To be honest I'm not even sure what else SIMs can do besides making telephone calls.

Then any card reader would read the signed transaction off of the card and broadcast it. No hassling wth private keys and transactions yourself is necessary, in fact the private keys are completely hidden, the same way a hardware wallet hides them. Only knowledge of the address and amount would be necessary.

I guess it would work something like this:

1 - operator punches an address into the card reader or supplies the address and amount on it in some easier way like QR code
2 - you swipe the card on the card reader
3 - card reader supplies the card with the address and amount
4 - without moving private keys away, card uses the address and amount to create and sign a transaction
5 - card sends card reader the signed transaction to broadcast to the nearest SPV node.

Basically, it works like a credit card except instead of calling a bank it relays transactions to the reader.

A disadvantage is that anyone with the card can initiate a spend so perhaps a PIN code, as you mentioned, can be used to encrypt the master private key similar to a hardware wallet, with a limited number of attempts.


I don't think standard wireless or Bluetooth parts are needed to make this work. But I admit I'm not sure if credit cards even contain NFC tags inside them.

If the private key ever leaves the device, it is a bad idea. As I mentioned above, anyone in close proximity to the card would have access to the private key (possibly encrypted to a pass phrase).
The only way it might be a good idea, is if the card were to receive an input(s) to spend, address and amount to spend to and a transaction number (so it knows which address to send change to). The user would need to somehow provide a pin for it to actually sign the transaction. The card would respond with a signed transaction as per the instructions. This would make it similar to a traditional hardware wallet, however the wireless component would make it inferior because an attacker would not need to touch the card to spend unspent outputs.

So you want something that is a hybrid of the Tangem and the Ballet Crypto cards - one with an RF NFC chip, the other with the priv key (in two parts) "etched" (okay, printed) on the steel card.

---

---

Do you suppose the end user wants to know stuff like "priv key", or rather, they just want something that works?  (Do any end users ask their Banks for clarification of how their ATM/debit/credit cards work?? - I suppose not)

---

---

Hit up @MoparMiningLLC is you want either, or, check this thread out: Tangem bulk order - extras up for grab/sale

Imagine though, if some company like Tangem can make a card with an NFC tag in it, then it's definitely possible that we can make cards with the NFC phrase storing a seed phrase or a master private key. And then, the seed phrase could be etched at the back of the card in case offline recovery is needed, particularly on desktops, which do not have NFC adapters in them. Keep in mind that the card is a secret and thus is supposed to be stored in a secure place.

It doesn't end there though - Along with the NFC tag, there could be a SIM card (not the kind issued by carriers) inside that contains the logic of signing transactions made in it, derivation of addresses from the xprv and more. Then someone could invent devices that you swipe these cards on, and all  they have to do is broadcast the transaction to some hard-coded SPV nodes - Instructing the card to perform the transaction signing at the same time obviously.

Then we'd have our own version of credit cards but completely offline (the card itself won't have networking functionality, only the card reader), fully unbanked and can be used at offline and POS shopping. It doesn't even require mobile phones to relay the payments, thus eliminating the need for apps.

Yeah, "proprietary firmware" is not a feature but rather a red flag in this case.

(also they should have proof-read their "How Tangem works" graphic, typos in marketing material do not build confidence)

Both firmware and software (Tangem Tap, Tangem Development Kit, etc.) are propriety. Additionally, there's no documentation, FAQ or guide so i'd wait for proper review.

Are you familiar with Tangem?  https://tangem.com/

Hello,
I have found this

CryptoVault allows you to securely backup your recovery phrase / mnemonic seed offline by using NFC tags and industry standard cryptography and encryption.The seed is encrypted using a custom passphrase (we never store these values) and the encrypted information can be written to NFC tags using AES 256-bit encryption.CryptoVault allows you to derive multiple accounts from the same mnemonic seed using custom derivation paths and start receiving crypto easily.You can export each account as JSON and import to *compatible wallets without the need of exposing your main seed phrase.

Hey guys, I wanted to ask if this project is of any interest to you.

I would like to offer a bitcoin paperwallet as a product, where you can't tell from the outside that it's a paperwallet. Which you can then only read as NFC. Password encrypted with a standard NFC writing app using a standard phone so nobody will say we are the ones manipulating anything.  It can be a simle NFC card with a custom design or NFC Tag.

So that you can't tell from the outside that it's a paper wallet. Maybe disguised as a gym card. It could also be customizable or a metal card. Depending on the wish of the customer.

Is just pretty shabby if you do it by pen as it can smudge and yes obviously that it is a wallet too
Apparently there is already programming - this is not hackable / bruteforceable?

Are there anyones who are interested in getting a first prototype and then using them giving us feedback if this is a cool idea?

I am stoked about any feedback.

Greetings

Could you not just store a BIP38 encrypted private key on your NFC then, much like you would on a paper wallet? And for an added bonus paranoia put a password on top of that on the NFC chip data?

Also, the OP did actually mention storing the tag in a "blocker sleeve", by which I assume they meant one of those RFID signal blocking sleeves designed to prevent the tag from being read without physical access to remove it from said sleeve.

If you encrypt the private key with a password, then anyone who gets close enough will have access to the encrypted private key. Anyone with the encrypted private key could go to a second location with powerful equipment, and attempt to figure out the password -- being that humans are bad at generating 'random' passwords, it would not be unreasonable to say that the password would eventually be figured out.

Sounds like he planned to encrypt the key with a password as well which would help prevent unauthorized access in that manner. Although, you would have to remember the password or you would lose access to the funds. You also have to worry about the security of the device you are using to write to the NFC tags. If you are using an offline machine, this shouldn't be an issue. The added benefit of using NFC tags is that you wouldn't need to worry about your printer caching a copy of the printed paper wallet which some do.

With a paper wallet with a piece of black paper taped over the private key, you will need to physically touch the paper wallet in order to access the private key. With a NFC tag, you will only need to be in close proximity to the NFC tag, so putting it in a safe may not protect your money depending on available technology.

.