Welcome to Zorya.Theta.Privacy

Secret-Border-NIP-06-nkcli

The nkcli and secret-border projects use different programming languages.

  • nkcli is primarily written in Go, with 97.4% of its code in Go, and 2.6% in Makefile.
  • Secret Border is written entirely in Java, with 100% of its code in Java.

Secret Border, is described as a safe Nostr identity generator. It is a Java application that:

  • Generates a pair of keys randomly.
  • Can be used completely offline.
  • Uses a cryptographically strong pseudo-random number generator (CSPRNG).
  • Does not save your secret anywhere unless you request it.
  • Allows for backing up your secret in an encrypted file using AES256 with a password you specify.
  • Allows user to add entropy at the generate key process.
  • Can export a private key to an encrypted file and import an encrypted file with a private key.
  • Has basic key derivation from mnemonic seed phrase support (NIP06).

nkcli, is a Nostr key manager CLI tool. It is a Go application that:

  • Supports multiple key management.
  • Supports NIP-46 and NIP-06.
  • Allows for private key encryption for security.
  • Provides commands to generate, list, update, import, and remove keys, and to connect or disconnect from sessions.

Secret Border is a tool that aims to provide a safe way to create a personal identity on the Nostr protocol. It offers several security guarantees:

  • It can be used completely offline.
  • It uses a cryptographically strong pseudo-random number generator (CSPRNG).
  • It does not save your secret anywhere unless you request it.
  • It allows you to backup your secret in an encrypted file with a password that you specify.
  • The code is fully open source.
  • It uses AES256 to encrypt the backup file.
  • It allows users to add entropy during the key generation process.

Secret Border uses AES256 to encrypt the backup file. This is the cryptographic algorithm employed to secure the backed-up private key.

Secret Border is a tool designed to create Nostr identities safely and offers several security features. These features include:

  • Offline Functionality: The tool can be used completely offline. This reduces the risk of exposure to online threats during key generation.
  • CSPRNG: It uses a cryptographically strong pseudo-random number generator (CSPRNG) to generate keys. This ensures that the generated keys are unpredictable and secure.
  • No Secret Storage: Secret Border does not save your private key anywhere unless you explicitly choose to back it up. This prevents unintentional storage of your key.
  • Encrypted Backups: The tool allows you to back up your secret key in an encrypted file, using a password that you provide. This ensures that even if the backup file is accessed by someone else, the key remains secure.
  • AES256 Encryption: The backup file is encrypted using AES256, a strong encryption algorithm.
  • Open Source: The code for Secret Border is fully open source, allowing anyone to review it for security vulnerabilities and build confidence in the software’s safety.
  • Entropy Addition: Users can add entropy during the key generation process. This gives users some control over randomness in the generated keys and can improve security.

By all means, Secret Border’s security features focus on ensuring that the keys are generated safely, stored securely, and are difficult to compromise.

Secret Border employs several security measures for Nostr key generation. These measures are designed to ensure the safe creation and management of Nostr identities. Specifically, Secret Border:

  • Can be used completely offline. This prevents exposure to network-based attacks during the key generation process.
  • Utilises a cryptographically strong pseudo-random number generator (CSPRNG). This ensures that the generated keys are truly random and difficult to predict, enhancing their security.
  • Does not save your secret anywhere unless you request it. This means that the private key is not stored on the system unless the user explicitly chooses to back it up.
  • Allows for backing up the secret key in an encrypted file. This encrypted file can be secured using a password chosen by the user.
  • Employs AES256 encryption to protect the backup file. This is a robust encryption algorithm, offering strong protection for the private key.
  • Allows the user to add entropy during the key generation process. This provides an additional layer of security by incorporating user-provided randomness.

These measures collectively enhance the security of Nostr keys generated by Secret Border. The use of strong cryptography, offline capability, and user-controlled backups ensures a high level of protection for user identities.

Secret Border’s offline functionality significantly enhances user security and privacy by reducing exposure to potential online threats. Because the tool can be used completely offline, the key generation process is isolated from the internet, preventing malicious actors from intercepting or manipulating the process. This offline capability means that private keys are generated and can be stored in a secure environment without the risk of being exposed to online vulnerabilities.

  • Reduced Risk of Network-Based Attacks: By operating offline, Secret Border ensures that the user’s private keys are not vulnerable to network-based attacks, such as man-in-the-middle attacks or eavesdropping, that could occur if the key generation process were to connect to a network.

  • Enhanced Privacy: The offline nature of the tool also means that the key generation and backup processes can be performed without transmitting any data to external servers, further protecting user privacy. This ensures that the sensitive data remains entirely within the user’s control and on the user’s local machine.

  • Secure Local Key Generation: By using a cryptographically strong pseudo-random number generator (CSPRNG) to generate keys offline, Secret Border provides a way to create keys securely without depending on potentially vulnerable online services.

  • Controlled Backup: The ability to backup the keys to an encrypted file, using AES256 encryption, also ensures security of the private keys. The encrypted backup file allows the user to store the backup securely even on an online storage platform.

To recap

The Secret Border application is designed to be a safe and user-friendly tool for creating and managing Nostr identities. Here are its key features and functionalities:

  • Nostr Identity Generation: Secret Border is primarily a Nostr identity generator, designed to create a personal identity on the Nostr protocol.
  • Key Generation: It generates a pair of Nostr keys randomly. The key generation process uses a cryptographically strong pseudo-random number generator (CSPRNG), ensuring unpredictability and security.
  • Offline Use: The application can be used completely offline, reducing the risk of exposure to online threats during the key generation process.
  • No Default Secret Storage: Secret Border does not automatically save your private key anywhere, unless you explicitly request it, enhancing security.
  • Encrypted Backup: It allows users to backup their private keys in an encrypted file using a password specified by the user. This ensures that the backed-up key remains secure even if the file is accessed by an unauthorized party.
  • AES256 Encryption: The backup files are encrypted using AES256, which is a strong encryption algorithm.
  • Open Source: The code for Secret Border is fully open-source, which allows for public review, increasing user confidence in the tool’s security.
  • Entropy Addition: It allows users to add entropy during the key generation process, giving users some control over the randomness of the generated keys, potentially improving security.
  • Key Display: The application can display the generated keys.
  • Key Export/Import: Secret Border has the functionality to export the private key to an encrypted file and import an encrypted file containing a private key.
  • Mnemonic Seed Phrase Support: It offers basic key derivation from mnemonic seed phrase functionality, following the NIP-06 specification.
  • Java Based: The application is written entirely in Java.
  • Cross-Platform: It is designed to run on any system that has Java 17 installed, by running a Java Archive (JAR) file.

Give ’nk-cli’ A GO!

To install and run nkcli, users need to follow specific steps using the Go programming language’s tooling. Here’s a breakdown of the installation and execution process:

  • Installation:
    • nkcli is installed using the go install command, which is part of the Go programming language toolchain.
    • The command to install nkcli is: go install github.com/mdzz-club/nkcli@latest.
    • This command downloads and compiles the nkcli tool from its GitHub repository, placing the executable in the user’s Go bin directory.
    • Make sure you have Go installed, as nkcli is written primarily in Go (97.4%).
  • Running nkcli:
    • After installation, nkcli can be run from the command line or terminal.
    • The basic command to use nkcli is: $ nkcli followed by command options.
    • To view a list of available commands, use the command $ nkcli help or $ nkcli -h.
    • Available commands include:
      • generate, or g to generate a new key
      • list, or l to list keys
      • update, or u to update keys metadata and relay list
      • import, or i to import a key
      • remove to remove a key and connected sessions
      • connect, or c to create new connection via nostrconnect://
      • disconnect to disconnect and remove connection
      • help, or h to show a list of commands or help for a command
    • Global options can be used with nkcli, for example:
      • --db value or -d value which specifies a database file. The default database file is located at "/Users/boloto/.nkclidb".
      • --help, or -h to show help information.
      • --version, or -v to print the version.
    • nkcli uses a database file, which by default is located at "/Users/boloto/.nkclidb". This location can be configured using the --db or -d options.

Learning and inculcating use, of nkcli, users must first install it using go install github.com/mdzz-club/nkcli@latest, and then run it with the nkcli command in the terminal, followed by subcommands or options as needed.

The nip06-cli tool provides several command-line options for generating and restoring Nostr keys. Here are the key options and functionalities:

  • Options:

    • -v, --version: This option displays the version number of the nip06-cli tool.
    • -h, --help: This option displays the help documentation for the command.

  • Commands:

    • random: This command is used to generate a random mnemonic seed phrase.
    • restore: This command is used to restore an existing mnemonic seed phrase.
    • help [command]: This command is used to display help information for a specific command.

In addition to these, nip06-cli can also be run within a Docker container using the following format: docker run --rm -it jaonoctus/nip06-cli [options] [command].

The nip06-cli tool is designed to implement NIP-06, which is a Nostr Improvement Proposal related to basic key derivation from a mnemonic seed phrase. NIP-06 uses BIP39 to generate the mnemonic seed words and derive a binary seed from them, and it uses BIP32 to derive the path m/44'/1237'/<account>'/0/0.

NIP-06 specifies how to derive cryptographic keys from mnemonic seed phrases. This process involves two key standards: BIP39 for generating the mnemonic seed words and a binary seed, and BIP32 for deriving the actual keys.

Here’s a breakdown of how NIP-06 derives keys:

  • Mnemonic Generation (BIP39):

    • BIP39 is used to generate a set of mnemonic seed words. These words are typically chosen from a predefined dictionary. The mnemonic is a human-readable representation of a randomly generated binary seed.
    • This binary seed is then used in subsequent steps.

  • Key Derivation (BIP32):

    • BIP32 is used to derive the path m/44'/1237'/<account>'/0/0. This is a hierarchical path, with each level having a specific meaning.
      • m indicates the master key.
      • 44' is the purpose field, which indicates a standard derivation scheme, in this case BIP-44.
      • 1237' is the coin type for Nostr, as specified in SLIP44.
      • <account> is the account number, which can be incremented to create multiple keys from the same seed.
      • 0/0 are the chain and address indexes, respectively.
    • A basic client can use an account of 0 to derive a single key.
    • More advanced use-cases can increment the <account> part of the path, allowing for the generation of practically infinite keys from the same mnemonic seed phrase. This is useful for users who wish to manage multiple Nostr identities or keys from a single mnemonic.

  • Test Vectors:

    • The specification also provides test vectors to check implementations. These vectors include example mnemonics and their corresponding private keys, public keys, and nsec and npub values.

Tools like nip06-cli, Secret Border, and nkcli support the NIP-06 specification for key derivation from mnemonics. These tools use these standards and methods to ensure that keys can be generated predictably and reliably from a mnemonic seed phrase.

The nkcli and secret-border tools use different programming languages for their development.

  • nkcli is primarily written in Go, with 97.4% of its code in that language. Additionally, 2.6% of the code is written in Makefile.
  • secret-border is written entirely in Java, with 100% of its codebase in that language.

Both tools are designed to run on systems with the respective programming language’s runtime environment installed. nkcli is designed to run on systems with Go installed, while secret-border requires Java 17.

Secret Border and nkcli are both tools designed to manage Nostr identities and keys, but they differ in their functionality, implementation, and features. Here’s a comparison of the two:

  • Primary Function:

    • Secret Border is primarily a safe Nostr identity generator. Its main purpose is to create and back up Nostr key pairs securely.
    • nkcli is a Nostr key manager CLI tool. It focuses on managing multiple Nostr keys and supports features such as NIP-46 and NIP-06.

  • Key Generation and Derivation:

    • Secret Border generates key pairs randomly using a cryptographically strong pseudo-random number generator (CSPRNG). It also allows users to add entropy during the key generation process and supports basic key derivation from mnemonic seed phrases following the NIP-06 specification.
    • nkcli also supports NIP-06 for key derivation. It is designed to manage keys and perform operations like listing, updating, importing and removing keys.

  • Offline Use:

    • Secret Border can be used completely offline. This is a key security feature that reduces the risk of exposure to online threats during key generation.
    • nkcli does not specifically state that it can be used offline.

  • Secret Storage:

    • Secret Border does not save your secret (private key) anywhere by default, unless you explicitly request it. It allows users to backup private keys in an encrypted file with a user-specified password and uses AES256 encryption.
    • nkcli allows users to encrypt private keys for security.

  • Key Management:

    • Secret Border is focused on key generation and secure backups.
    • nkcli is designed for multiple key management, supporting operations like listing, updating, importing, and removing keys, as well as handling connections via the nostrconnect:// protocol.

  • NIP Support:

    • Secret Border supports basic key derivation from mnemonic seed phrases following the NIP-06 specification.
    • nkcli supports both NIP-06 and NIP-46.

  • User Interface:

    • Secret Border is a Java application, which can be run by running a JAR file.
    • nkcli is a command-line interface (CLI) tool. It’s designed to be used in a terminal or command prompt.

  • Programming Languages:

    • Secret Border is written entirely in Java.
    • nkcli is primarily written in Go (97.4%), with some code in Makefile (2.6%).

  • Installation:

    • Secret Border requires Java 17 and can be run from a JAR file.
    • nkcli is installed using the go install command: go install github.com/mdzz-club/nkcli@latest.

  • Features:

    • Secret Border has features such as: generating a pair of keys randomly; showing the keys; not connecting externally; exporting the private key to an encrypted file; importing an encrypted file with a private key; and supporting basic key derivation from mnemonic seed phrase - NIP06.
    • nkcli has features such as: multiple key management; NIP-46 support; NIP-06 support; and encryption of private keys.

Secret Border is focused on securely generating and backing up Nostr identities, with a strong emphasis on offline use and secure encryption. nkcli, on the other hand, is a more comprehensive key management tool, that offers greater functionality for managing multiple keys, and supports features including NIP-46.

Key generation security is a critical aspect of managing cryptographic identities, and several tools discussed in the sources, such as Secret Border, nkcli, and nip06-cli, implement security measures to protect the user during key generation.

Here’s a breakdown of key generation security features and considerations:

  • Offline Capability: Secret Border can be used completely offline, which is a significant security advantage. By operating offline, the key generation process is isolated from the internet, mitigating risks like network-based attacks and eavesdropping. This ensures that private keys are created and stored in a secure environment, without exposure to online vulnerabilities.
  • Cryptographically Strong Pseudo-Random Number Generators (CSPRNG): Both Secret Border and nkcli use a CSPRNG to generate keys, ensuring that the keys are random and unpredictable. This is essential to prevent the generation of predictable or weak keys.
  • No Default Secret Storage: Secret Border does not save private keys anywhere by default, enhancing security by ensuring that the keys are not automatically stored on the system unless specifically requested by the user. This prevents unauthorised access in the event of a security breach.
  • Encrypted Backups: Secret Border allows users to back up their private keys to an encrypted file, which can be secured with a user-specified password. It also uses AES256 encryption, a robust algorithm, to protect the backup file. Similarly, nkcli allows encryption of private keys for security.
  • Entropy Addition: Secret Border allows users to add entropy during key generation. This gives the user some influence over the randomness of the generated keys, potentially making them more difficult to predict.
  • Mnemonic Seed Phrases: nip06-cli, along with Secret Border and nkcli, support the NIP-06 specification for key derivation from mnemonic seed phrases. The standard uses BIP39 to generate mnemonic seed words and a binary seed, and BIP32 to derive the actual keys from that seed. These processes are useful to ensure predictable and reliable key derivation from a mnemonic seed phrase.
  • Open Source Code: Secret Border is fully open source, which means that the code is publicly accessible and can be reviewed. This promotes transparency and allows for scrutiny of the tool’s security features.
  • Key Management: nkcli is a key manager CLI tool, which supports multiple key management, NIP-46, and NIP-06. These tools are developed to manage and protect multiple keys.

Key generation security is addressed through a combination of offline functionality, strong cryptography, and user control over backups and randomness, with tools like Secret Border, nkcli, and nip06-cli implementing various layers of protection. The use of open source code is another way of ensuring the security and transparency of key generation tools.

NIP-46 is a Nostr Improvement Proposal that relates to delegated key management, allowing a user to authorize another application or device to act on their behalf without revealing their private key. Here’s a discussion of NIP-46 support in the context of the provided sources:

  • nkcli Support for NIP-46: The nkcli tool is a Nostr key manager that explicitly states it supports NIP-46. This means that nkcli can be used to manage keys and also facilitate delegated authorization for other applications or devices. This is a key feature of nkcli, distinguishing it from tools like Secret Border, which does not have this capability.
  • Key Management and Delegation: By supporting NIP-46, nkcli allows users to create connections with other applications. This is achieved via a nostrconnect:// protocol, allowing the user to grant specific permissions to these connected apps without exposing the underlying private key. nkcli can also disconnect and remove these connections.
  • Contrast with Secret Border: While Secret Border is focused on generating keys securely and backing them up, it does not offer NIP-46 support. Its primary function is the safe creation of a Nostr identity and backing it up securely, and it does not manage connections or delegated authorizations.
  • NIP-46 Functionality: The nkcli tool uses commands like connect to create new connections via nostrconnect:// and disconnect to remove connections, indicating that it manages the full lifecycle of a NIP-46 delegated key authorization.
  • Purpose of NIP-46: The purpose of NIP-46 is to enable a more flexible and secure way of interacting with the Nostr network by allowing users to grant limited access to their accounts, thereby mitigating the risk of exposing private keys directly to less trusted applications.
  • nkcli as a Key Manager: The primary purpose of nkcli is to function as a key manager, and its NIP-46 support is directly related to this function. The command structure of the tool is focused on managing keys and related sessions or connections.

NIP-46 support is a key feature of nkcli that enables it to manage delegated key authorizations, while Secret Border focuses solely on secure key generation and backup without supporting such delegation.

Code Available At

‘NIP-06’ Secret Border ’nk-cli’ Nostr NIP-06