Apple Wallet NFC encryptionPublicKey

About

Asked 25/1, 2018 at 8:41 Answered 25/1, 2018 at 9:7

Solved ios nfc passbook applepay passkit

In Apple's documentation for the keys available for a Wallet pass, there's an option for a dictionary for NFC-related data. I understand that use of this key requires special permission from Apple. Regardless ...

message is straight forward -- it's the data passed to a NFC terminal (usually a unique identifier for the customer).

encryptionPublicKey, however, has me confused. Apple states it is the public encryption key used by the Value Added Services protocol. Use a Base64 encoded X.509 SubjectPublicKeyInfo structure containing a ECDH public key for group P256.

Can anyone explain what this second sentence means and/or what a developer would have to do to generate this? From what would one even generate the public/private keys?

Turbit answered 25/1, 2018 at 8:41 Comment(0)

You'll need the following to generate the public and private key. The private key is used by the merchant hardware when reading the pass and decoding the payload.

The compressed public key is what goes into your pass.json.

openssl ecparam -name prime256v1 -genkey -noout -out nfcKey.pem
openssl ec -in nfcKey.pem -pubout -out nfcPubkey.pem -conv_form compressed
cat nfcPubkey.pem

Outputs:

-----BEGIN PUBLIC KEY-----
MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgAC/Bu9nyAtG1DQe7t7jszLb+dZ1GbX
oR8G0rIXoak67NM=
-----END PUBLIC KEY---

You'll need Base64 key (without the newline) for the encryptionPublicKey field.

E.g. MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgAC/Bu9nyAtG1DQe7t7jszLb+dZ1GbXoR8G0rIXoak67NM=

Hyland answered 25/1, 2018 at 9:7 Comment(7)

And how would you decode the VAS Data returned by the terminal? It looks like we need another shared secret in addition to our public/private keys to decode data. – Eipper 22/2, 2018 at 15:27

I believe the data is sent from the pass to the terminal, ya? – Turbit 22/2, 2018 at 16:50

The public key is not sent to the terminal, it is used by Wallet in an algorithm to encrypt the payload. The encryption/decryption algorithm is subject to an Apple Pay NDA. You will need to talk directly to your local Apple Pay contact to get hold of it. – Hyland 23/2, 2018 at 3:57

If you are interested, we offer a decryption API that does not expose the algorithm. – Hyland 23/2, 2018 at 3:59

I am! do you have more information on your decryption API? – Eipper 23/2, 2018 at 8:23

@Hyland Thanks for informations, encryptionPublicKey is optionnal but when this field is not in my pass "nfc: { message:"data" }" the pass isn't NFC. Why ? I thought the data was transmitted in clear without this field, isn't it ? Thanks – Allhallows 30/3, 2019 at 13:32

Apple stopped updating the wallet documentation. The key became mandatory in iOS11. – Hyland 1/4, 2019 at 9:44

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags