I would not copy the way we do private zaps right now. It just sucks because it requires special decrypting methods from signing apps to resolve them.