Need Help with Secure NFC Access Control System Implementation

Hi everyone,

Me again :)

I'm working on an access control system project and would appreciate some assistance or advice. My goal is to use NFC cards (ISO 14443A) and smartphones (in card emulation mode) as access keys. Specifically, I want to ensure the security of the system beyond just reading the UUID of the card. I aim to read encrypted data from the card instead.

I should mention that I'm quite new to NFC technology and don't have extensive knowledge of NFC standards, NDEF messages, and related concepts. My main questions:

1. How can I enhance the security of my NFC access control system?
   I want to read encrypted data from the NFC cards rather than just the UUID. What are the best practices for encrypting and securely storing data on NFC cards?

2. How can I record an encrypted message on an NFC card?
   Are there any specific methods or tools that I should use to write encrypted data to the card? How can I ensure that this data can be read securely by the system?

3. How can I achieve this using the RFAL library?
   I'm planning to use the RFAL library for this project, but the documentation is lacking. Can anyone provide guidance or examples on how to implement secure data reading and writing with this library? Also, why isn't the RFAL library available on GitHub, so that we can fork and port to another platforms?

4. Where should I start?
   Any recommendations on resources, tutorials, or documentation that could help me get started with implementing secure NFC communication and access control?

5. Bluetooth out-of-band bondingIs it possible BT OOB pairing or bonding with RFAL? How?

Since I'm new to this field, any additional background information or beginner-friendly resources would be greatly appreciated.

Thank you in advance for your help!

Best regards,