NostrKey browser extension — cross-browser Nostr key management, encrypted vault, and identity layer. The core codebase that also powers the iOS and Android apps.
NostrKey is the hand that holds the baseball card. It manages your private keys, signs events, encrypts data, and connects you to your NostrKeep relay and npub.bio identity. Free, open source (MIT), forked from ursuscamp/nostore.
v1.6.2 — Chrome (uploaded, pending privacy review), Firefox (signed), Safari (archiving). Manage Profiles page, security hardening, bug fixes.
- Vanilla JS (Alpine.js was removed)
- esbuild bundler
- Tailwind CSS
- nostr-crypto-utils for protocol operations
- Chrome Manifest V3
npm install
npm run build # Safari: Tailwind + esbuild
npm run build:chrome # Chrome → distros/chrome/
npm run build:all # Both targets
npm run build:all:prod # Both, minified
npm run watch # Watch mode (JS, Safari)
npm run watch-tailwind # Watch mode (CSS)Important: After changing extension source code, run npm run build and commit the updated distros/safari/ along with your source changes. Xcode Cloud needs distros/safari/ in the repo.
npm run build:chromechrome://extensions/→ Developer mode → Load unpacked →distros/chrome/
NIP-01, NIP-04 (deprecated), NIP-07, NIP-19, NIP-44, NIP-46, NIP-49, NIP-78
- NIP-07
window.nostrsigning - NIP-46 nsecBunker (remote signing)
- NIP-44 encryption (ChaCha20-Poly1305)
- Encrypted .md vault + API key vault (NIP-78)
- Multi-profile with per-site permissions
- Master password with auto-lock
- Cross-device sync via storage.sync
- WCAG AA accessibility
src/ # Extension source (JS, CSS, HTML)
dev/apple/ # Xcode project (Safari/iOS wrapper)
dev/qa/ # QA automation (screenshot capture/resize)
distros/safari/ # Safari build output (TRACKED in git for Xcode Cloud)
distros/chrome/ # Chrome build output (gitignored)
distros/firefox/ # Firefox build output (gitignored)
docs/ # Website (nostrkey.com), privacy, terms
docs/python.html # Python SDK docs page (nostrkey.com/python)
docs/test.html # Extension test page (nostrkey.com/test)
docs_project_info/ # Project docs (testing, submission, vision)
ci_scripts/ # Xcode Cloud CI scripts
build.js # esbuild config
tailwind.config.js # Tailwind config
ci_scripts/ci_post_clone.shexists as backup butdistros/safari/is tracked in git, so Xcode Cloud builds work without running it.- Builds auto-trigger on push to
main. - Archives both iOS and macOS targets.
# Archive for macOS
xcodebuild archive -project dev/apple/NostrKey.xcodeproj \
-scheme "NostrKey (macOS)" -configuration Release \
-archivePath dev/qa/archives/NostrKey-macOS.xcarchive
# Archive for iOS
xcodebuild archive -project dev/apple/NostrKey.xcodeproj \
-scheme "NostrKey (iOS)" -configuration Release \
-destination "generic/platform=iOS" \
-archivePath dev/qa/archives/NostrKey-iOS.xcarchive
# Upload via Xcode Organizer → Distribute App → App Store ConnectBundle IDs (must match across platforms for unified listing):
- App:
com.nostrkey - Extension:
com.nostrkey.Extension - Team:
H48PW6TC25
macOS Entitlements (Guideline 2.4.5(i)):
com.apple.security.app-sandbox— requiredcom.apple.security.network.client— outgoing WebSocket connections- Do NOT add
network.server— Apple rejects it (NostrKey is client-only)
Extension uses background service worker + sidepanel UI. Mobile apps (iOS/Android) wrap this in dual-WebView architecture with native bridges (IOSBridge.swift / AndroidBridge.kt).
- Vanilla JS, no frameworks
- kebab-case file names
- Chrome Web Store zips go in
distros/folder - Xcode project lives at
dev/apple/NostrKey.xcodeproj - WCAG AA contrast, aria-labels, reduced-motion support
Plausible (privacy-friendly, cookieless) on all public docs pages. Script: pa-IB1d6aIMpkIZgRxSc6Med.js.
nostrkey.app.OC-python.src— Python SDK for AI entities (pip install nostrkey)nostrkey.app.ios.src— iOS app (WKWebView wrapper)nostrkey.app.android.src— Android app (WebView wrapper)nostrkey.bizdocs.src— business strategy docsnpub-bio-landingpage— npub.bio (uses NostrKey for NIP-07 connect)nostrkeep.srvr.relay.src— NostrKeep relay (NostrKey points keys here)