Cross-browser Nostr key management, encrypted document vault, and identity layer. Forked from ursuscamp/nostore (archived Feb 2025).
Website: nostrkey.com · Current release: v1.5.2
NostrKey and Humanjava Enterprises Inc. do not have a cryptocurrency, token, or coin. Nor will there be one. If anyone suggests or sells a cryptocurrency associated with this project, they are acting fraudulently. Report scams.
- NIP-07 signing —
window.nostrAPI for any Nostr web app (Chrome + Safari) - NIP-46 nsecBunker — remote signing, your private key never touches the browser
- NIP-44 encryption — modern ChaCha20-Poly1305 (replaces deprecated NIP-04)
- Zero-knowledge .md vault — encrypted documents stored on Nostr relays, unreadable by relay operators
- API key vault — encrypted secret storage
- Cross-device sync — profiles, vault, and settings sync via Google account (Chrome) or iCloud (Safari 16+)
- Master password — keys encrypted at rest with configurable auto-lock
- P2P document sharing — send encrypted files to chat rooms with temporary access (planned)
- Login with Nostr — NIP-42 authentication for web apps (planned)
┌──────────────────────┐ ┌──────────────┐
│ NostrKey Extension │─────▶│ nsecBunker │
│ (Chrome/Safari/PWA) │◀─────│ (signing) │
│ │ └──────────────┘
│ • Sign events │
│ • Encrypt/decrypt │ ┌──────────────┐
│ • .md vault │─────▶│ Nostr Relays │
│ • API key vault │◀─────│ (encrypted │
│ • Share to room │ │ blobs only) │
└──────────────────────┘ └──────────────┘
Documents are encrypted client-side before publishing. Relays store ciphertext. Only your key can decrypt.
See docs_project_info/PROJECT-VISION.md for the full roadmap.
- NIP-07
window.nostr(getPublicKey, signEvent) - NIP-04 encrypt/decrypt (deprecated, kept for compat)
- NIP-19 bech32 key encoding
- Multi-profile management
- Per-site permissions (allow/deny/ask)
- Event history + audit log
- Safari extension (iOS + macOS)
- Chrome extension (Manifest V3)
- NIP-44 encryption (ChaCha20-Poly1305)
- NIP-46 nsecBunker client (remote signing)
- Encrypted .md vault (NIP-78)
- API key vault (encrypted, relay-synced)
- Master password (keys encrypted at rest, auto-lock)
- Profile read-only view with npub/nsec display
- QR code generation for npub (with Copy as PNG)
- Modern permission page styling
- Options pages open in same tab (no tab clutter)
- Close buttons on all options pages
- Standalone security settings page (master password + auto-lock)
- Configurable auto-lock timeout (5/15/30/60 min or never)
- Alpine.js removed — all UI is vanilla JS (smaller bundles, no framework dep)
- WCAG AA accessibility (contrast, focus, ARIA, reduced motion, semantic HTML)
- Vault detection & restore after extension reload (three-tier: flag check → deep scan → manual)
- Chrome MV3 message passing fix (all handlers use sendResponse callback pattern)
- Cross-device sync via storage.sync (Google/iCloud, chunked, priority-based budget)
- NIP-49 encrypted key export/import (ncryptsec)
- nsec/npub import & validation (JSON file or paste, keypair verification)
- Encrypted cloud backup (iCloud/Google Drive snapshots with periodic reminders)
- Firefox extension (manifest + sidebar_action or popup fallback)
- P2P room sharing (NIP-59 gift wrap)
- PWA at nostrkey.app
- Login with Nostr auth flow
- EN/FR/ES localization
- Bottom sheet permission UI (overlay instead of new tab)
- App Group + Keychain sharing for iOS native app integration
- Enhanced Vault integration with file attachments
- API key auto-fill for supported services
- Multiple relay sets per profile
| NIP | Feature | Status |
|---|---|---|
| NIP-01 | Basic protocol | ✅ |
| NIP-04 | Encrypted DMs v1 | ✅ (deprecated) |
| NIP-07 | Browser extension | ✅ |
| NIP-19 | Bech32 encoding | ✅ |
| NIP-42 | Client auth | 🔧 Planned |
| NIP-44 | Encrypted messaging v2 | ✅ |
| NIP-46 | Nostr Connect (bunker) | ✅ |
| NIP-49 | Encrypted key export | ✅ |
| NIP-59 | Gift wrap | 🔧 Planned |
| NIP-78 | App-specific data | ✅ |
NostrKey is also available as native mobile apps that wrap this extension's UI:
| Platform | Repo | Install |
|---|---|---|
| Android | nostrkey.app.android.src | APK sideload / Google Play (coming soon) |
| iOS | nostrkey.app.ios.src | Sideload via Xcode / TestFlight (coming soon) |
- Download the latest zip from Releases
- Chrome: Unzip →
chrome://extensions/→ Developer mode → Load unpacked → select the folder - Safari: Build from source (see below)
Submission in progress — pending review.
Coming soon — submission in progress. See docs_project_info/APPLE-APP-STORE-SUBMISSION.md for details.
- Node.js 20+
- npm
- Xcode (for Safari builds only)
git clone https://github.com/HumanjavaEnterprises/nostrkey.browser.plugin.src.git
cd nostrkey.browser.plugin.src
npm installnpm run build # Safari: Tailwind CSS + esbuild
npm run build:chrome # Chrome: dev build → distros/chrome/
npm run build:all # Both targets (Chrome + Safari)
npm run build:all:prod # Both targets, minified
npm run watch # Watch mode (JS, Safari only)
npm run watch-tailwind # Watch mode (CSS)npm run build:chrome- Open
chrome://extensions/, enable Developer mode - Click Load unpacked → select the
distros/chrome/folder - After rebuilding, click the reload arrow on the extension card
See docs_project_info/CHROME-DEV.md for full details.
- Open
apple/NostrKey.xcodeprojin Xcode - Run
npm run watchin terminal - Build & Run in Xcode
- Enable unsigned extensions: Safari → Settings → Advanced → Show Develop menu
- Develop → Allow Unsigned Extensions → enable NostrKey
This extension does not collect any user data or transmit any data over a network connection except to Nostr relays you explicitly configure. All private key data is encrypted and stored locally. When using nsecBunker mode, no private key material is stored in the extension at all.
- ursuscamp — Original Nostore extension
- fiatjaf — nostr-tools, nos2x, and Nostr itself
- nostr-crypto-utils — Crypto foundation
- nostrkey.app.android.src — NostrKey Android app
- nostrkey.app.ios.src — NostrKey iOS app
MIT — see LICENSE