How to create Apple Wallet passes with NFC support

NFC readers and payment terminals

Apple Wallet NFC passes only work with NFC readers and payment terminals that support Apple VAS ("Value Added Services"). (Similar to "Google Smart Tap" for Google Wallet passes.)

Apple provides an official list to check if your NFC readers support Apple VAS: https://mfi.apple.com/account/reader-search

Apple Wallet certificate with NFC support

You also need an Apple Wallet certificate with NFC support. NFC certificates can only be obtained after prior approval by Apple. You can apply for NFC certificate approval here: https://developer.apple.com/contact/passkit/.

Until you receive approval from Apple, you can test your passes and NFC readers with our Passmeister test certificates.

Allowed Apple Wallet NFC applications

Apple officially recommends NFC passes for loyalty cards, membership cards and event tickets. During the approval process, Apple ensures that all your NFC readers are compatible and that your customer communication is diligent and complete.

Security-related functions such as unlocking doors or lockers are not supported. Check-in at a gym with reception staff is allowed with NFC, opening and closing the locker in the changing room is not.

Apple and Google Wallet passes with NFC support

NFC encryption

Apple Wallet NFC passes always require a key pair: the public key is stored in the Apple Wallet pass, the private key and your "Apple Pass Type ID" in the NFC reader.

Without Passmeister, it's getting complicated from here: A public/private key pair can be generated for example with openssl:

openssl ecparam -name prime256v1 -genkey -out private.pem
openssl ec -in private.pem -pubout -out public.pem

In the source code of the Apple Wallet pass (pass.json) the transmitted NFC data (up to 64 bytes) is stored as message and the public NFC key as encryptionPublicKey:

"nfc": {
    "message": "1234567890",
    "encryptionPublicKey": "MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgACJSSx\/wk8yJFezle8j14BEN5cso4ZvvyfJBLWLKX4Yro="
},

The required format of encryptionPublicKey is described as:

Use a Base64-encoded X.509 SubjectPublicKeyInfo structure that contains an ECDH public key for group P256.

Public ECDH keys (Elliptic-curve Diffie–Hellman) are defined with an x/y coordinate pair. Actually the compressed form (only the x-coordinate) is required for the Apple Wallet pass.

The compressed public key can be generated for example with openssl:

openssl ec -in private.pem -pubout -conv_form compressed

With Passmeister

With Passmeister, everything is easier: your public and private keys are automatically generated and integrated into the Apple Wallet pass. Passmeister offers ready-to-use configuration files for NFC readers.

The NFC symbol in "Settings / Certificates" indicates if your Apple Wallet certificate supports NFC. Just activate NFC in "Pass Settings / NFC" and select the Apple Wallet NFC key for the pass.

updated on: 15 June 2023

next

Google Wallet passes with NFC

Resources & News

Apple Wallet passes with NFC Google Wallet passes with NFC Image sizes for Apple Wallet passes Image sizes for Google Wallet passes Apple and Google Wallet links for customers Expired Apple Wallet certificates The difference between NFC and RFID NFC readers for Apple and Google Wallet passes Dot Origin VTAP Apple Wallet NFC Configuration Dot Origin VTAP Google Wallet NFC Configuration ID TECH PiP Apple Wallet NFC Configuration ID TECH PiP Google Wallet NFC Configuration Location-based notifications in Google Wallet

No need to install a new app.

Your customers already have it - Wallet apps are pre-installed on all iPhones and most Android devices.

The most beautiful passes.

Simply upload a logo and an image - Passmeister automatically designs the most beautiful layouts.

The easiest API.

By developers, for developers - including full OpenAPI Specification and Swagger UI to interact with the API.