NIP-K1 Protocol

Passkey login
for Nostr

Encrypt your nsec with a passkey. Log in to any Nostr client with your fingerprint. No seed phrases. No clipboard. No extensions. Works with password managers too.

View on GitHub Learn more

Clipboard exposure

Copy-pasting nsec between devices leaks your identity to every app that reads the clipboard.

🔒

No sync

Browser extensions don't follow you across devices. Hardware signers add complexity.

One mistake, forever

Leak your nsec once and your Nostr identity is compromised permanently. There's no rotation.

keytr fixes this. Your nsec gets encrypted with a passkey and published to Nostr relays. On any new device, authenticate with your fingerprint to decrypt. That's it. Inspired by the passkey vault approach pioneered by BitTasker.

How it works

Six steps from nsec chaos to passkey-protected login.

1

Generate or import

Create a new nsec or bring your existing one into any keytr-compatible client.

2

Register a passkey

Your device creates a WebAuthn credential bound to a gateway (e.g. keytr.org) or the client's own domain.

3

Encrypt

keytr tries the passkey's PRF extension first. If the authenticator doesn't support PRF (e.g. 1Password, Bitwarden), it falls back to Key-in-Handle (KiH) mode, embedding a random encryption key in the passkey itself. Either way, the key goes through HKDF-SHA256 to derive an AES-256 encryption key.

4

Publish to relays

The encrypted blob is published as a kind:31777 parameterized replaceable event to your Nostr relays.

5

Open any client

On a new device, open any keytr-compatible client and tap "Login with Passkey".

6

Authenticate & decrypt

Your passkey syncs via iCloud / Google / Windows — authenticate with your fingerprint or face to decrypt your nsec instantly.

Architecture

No servers to trust. No passwords to remember. Just math and hardware.

Your device
Passkey + biometric
PRF or KiH → HKDF
Key derivation (auto-detected)
AES-256-GCM
Encrypt nsec → 93-byte blob
Nostr relays
kind:31777 event
All cryptography happens client-side. Relays are dumb stores — they never see your nsec or encryption key.

Security

Designed to make the right thing easy and the wrong thing impossible.

Encryption scheme

  • Key source PRF extension or KiH random key → HKDF-SHA256
  • Two modes PRF (hardware-bound) or KiH (password manager compatible)
  • Cipher AES-256-GCM with 12-byte random IV
  • AAD Credential ID + mode-specific version byte (prevents substitution, downgrade & cross-mode attacks)

What attackers can't do

  • Phish the key Passkey is origin-bound to the rpId
  • Brute-force Random 256-bit key, not a password
  • Swap ciphertexts AAD binds blob to credential ID + mode
  • Compromise relays End-to-end encrypted, relay sees nothing

In PRF mode, the encryption key is hardware-bound and never leaves the authenticator. In KiH mode, a random 256-bit key is stored in the passkey's user.id field, protected by biometric/PIN. Either way, HKDF-SHA256 with a random salt produces a unique AES key per encryption. Even if the encrypted event is public on relays, it is useless without your passkey.

Two gateways, zero single points of failure

Your passkey-encrypted keys live on Nostr relays. The gateways just provide the WebAuthn rpId — and now there are two.

Cloudflare
keytr.org
Primary gateway operated by sovIT. Hosted on Cloudflare for global edge performance.
  • Hosting Cloudflare Pages
  • Operator sovIT
  • Status Active
Hostinger
nostkey.org
Alternative gateway hosted on Hostinger. Same protocol, different infrastructure. True decentralization.
  • Hosting Hostinger
  • Operator sovIT
  • Status Active
Why does this matter? WebAuthn passkeys are bound to the domain (rpId) they were created on. If keytr.org goes down or Cloudflare has an outage, passkeys registered against it can't authenticate. By registering passkeys against both gateways, you maintain access even if one provider fails. Each gateway produces a separate kind:31777 event on your relays.

Federated cross-client login

One passkey works across every Nostr client. No single domain controls the protocol.

WebAuthn binds passkey outputs to the domain (rpId) they were created on. To enable cross-client login, keytr uses a federated gateway model built on the W3C Related Origin Requests spec.

Any domain can become a passkey gateway by hosting a /.well-known/webauthn file listing authorized client origins. Register passkeys against multiple gateways, producing a separate kind:31777 event for each. keytr.org runs on Cloudflare, nostkey.org runs on Hostinger — different providers, different infrastructure, zero single points of failure.

keytr.org
Primary gateway on Cloudflare (sovIT)
nostkey.org
Alternative gateway on Hostinger (sovIT)
your-domain.com
Run your own — anyone can be a gateway
Cross-client WebAuthn 
import { setup, discover, publishKeytrEvent } from '@sovit.xyz/keytr'

// Setup: tries PRF, falls back to KiH for password managers
const { eventTemplate, nsecBytes, mode } = await setup({
  userName: 'alice', userDisplayName: 'Alice',
  rpId: "keytr.org"
})
// mode: 'prf' (hardware-bound) or 'kih' (1Password, Bitwarden, etc.)

// Sign & publish
const signed = finalizeEvent(eventTemplate, nsecBytes)
await publishKeytrEvent(signed, relays)

// Discoverable login — auto-detects mode, 1 biometric prompt
const { nsecBytes, pubkey } = await discover(relays)

Run your own gateway

Decentralize the protocol further. All you need is a domain and one file.

/.well-known/webauthn 
{
  "origins": [
    "https://your-gateway.example",
    "https://client-a.com",
    "https://client-b.com"
  ]
}

Clients listed in your origins can register passkeys under your domain's rpId. The browser verifies authorization automatically via the Related Origin Requests spec.

The event — NIP-K1

Encrypted keys are stored as kind:31777 parameterized replaceable events.

kind:31777 
{
  "kind": 31777,
  "content": "<base64 encrypted 93-byte blob>",
  "tags": [
    ["d", "<credential-id-base64url>"],
    ["rp", "keytr.org"],
    ["algo", "aes-256-gcm"],
    ["kdf", "hkdf-sha256"],
    ["v", "1"],
    ["transports", "internal", "hybrid"],
    ["client", "<client-name>"]
  ]
}

Multiple passkeys can be registered — each produces a separate event with a different d tag. The v tag indicates the mode: 1 for PRF, 3 for KiH. transports and client tags are optional. Lose one passkey, your others still work.

For client developers

Integrate keytr into your Nostr client in minutes.

Install 
npm install @sovit.xyz/keytr
Usage 
import { setup, discover, publishKeytrEvent } from '@sovit.xyz/keytr'

// Setup: PRF-first with KiH fallback for password managers
const { eventTemplate, nsecBytes, npub, mode }
  = await setup({ userName: 'alice', userDisplayName: 'Alice', rpId: 'keytr.org' })

// Sign & publish the kind:31777 event to relays

// Discoverable login: auto-detects PRF vs KiH, one biometric tap
const { nsecBytes, npub, pubkey } = await discover(relays)

To have your origin authorized for cross-client login, add your domain to the origins list via PR.

Start building with keytr

Open protocol. Open source. Open to everyone.

npm package Library on GitHub Site Source Read NIP-K1