Yep, you can read the tag. Layered security my friend.
Encrypted tag, needs to be read by the acquiring server that signs any requested that are forwarded. The wallet service is accessed via a NWC secret (encrypted on card) that can be rotated at will. The wallet nsec is not exposed. Only the NWC service has the full security context to do anything on behalf of the user. The encrypted tag , if spoofed, can only be submitted by a 'trusted' server - an npub on a white-list otherwise the call won't be honored. Can easily graft on real-time fraud detection at the NWC server, if I want. Just another layer.
Still implementing all the pieces, but a layered approach.
Tim Bouma
npub1q6…nx7d5
2025-06-10 14:02:41
in reply to nevent1q…7a5q
Author Public Key
npub1q6mcr8tlr3l4gus3sfnw6772s7zae6hqncmw5wj27ejud5wcxf7q0nx7d5Published at
2025-06-10 14:02:41Event JSON
{
"id": "10728ba9ac994408aeb8c78bf2c9f45a92cf0de9c639fb0e635b353b37eb3005",
"pubkey": "06b7819d7f1c7f5472118266ed7bca8785dceae09e36ea3a4af665c6d1d8327c",
"created_at": 1749564161,
"kind": 1,
"tags": [
[
"e",
"147d17dcb4daa9c0605005d3baed47d33a419edd719bc41df0ec9aadf2065a94",
"",
"root"
],
[
"e",
"9e0e551ea6f6d2e22ddcfbb2af8a02c8787716d12e360b59a741ce810bc5ad05"
],
[
"e",
"56eeb902f5323ea290f2943e37ac4e5151c5eff41128326a612f91c4790b9cc4",
"",
"reply"
],
[
"p",
"06b7819d7f1c7f5472118266ed7bca8785dceae09e36ea3a4af665c6d1d8327c"
],
[
"p",
"52b4a076bcbbbdc3a1aefa3735816cf74993b1b8db202b01c883c58be7fad8bd"
]
],
"content": "Yep, you can read the tag. Layered security my friend. \n\nEncrypted tag, needs to be read by the acquiring server that signs any requested that are forwarded. The wallet service is accessed via a NWC secret (encrypted on card) that can be rotated at will. The wallet nsec is not exposed. Only the NWC service has the full security context to do anything on behalf of the user. The encrypted tag , if spoofed, can only be submitted by a 'trusted' server - an npub on a white-list otherwise the call won't be honored. Can easily graft on real-time fraud detection at the NWC server, if I want. Just another layer. \n\n Still implementing all the pieces, but a layered approach.",
"sig": "d6106f9341025a324710a418e5b6047bb77826f91fdd32ef1ac667014b167e0061a5f4046e2b4f5c5340f37e04b52ba1363c5bace30d2150fe42b99a84606930"
}