index.html

<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <title>keytr - Passkey Login for Nostr</title>
  <meta name="description" content="Encrypt your Nostr private key with a passkey. Log in to any client with just your fingerprint or face.">
  <meta name="theme-color" content="#7b68ee">
  <meta property="og:title" content="keytr - Passkey Login for Nostr">
  <meta property="og:description" content="Encrypt your nsec with a passkey. Log in to any Nostr client with your fingerprint.">
  <meta property="og:type" content="website">
  <meta property="og:url" content="https://keytr.org">
  <link rel="stylesheet" href="style.css">
</head>
<body>

  <!-- Hero -->
  <header class="hero">
    <div class="hero-glow"></div>
    <div class="container">
      <nav>
        <div class="logo">key<span>tr</span></div>
        <a href="https://bittasker.com" class="inspired-by">Inspired by BitTasker</a>
        <div class="nav-links">
          <a href="#how-it-works">How It Works</a>
          <a href="#security">Security</a>
          <a href="#developers">Developers</a>
          <a href="https://github.com/sovITxyz/keytr.org" class="nav-cta">GitHub</a>
        </div>
      </nav>
      <div class="hero-content">
        <div class="badge">NIP-K1 Protocol</div>
        <h1>Passkey login<br>for <span class="gradient-text">Nostr</span></h1>
        <p class="hero-sub">Encrypt your nsec with a passkey. Log in to any Nostr client with your fingerprint. No seed phrases. No clipboard. No extensions. Works with password managers too.</p>
        <div class="hero-actions">
          <a href="https://github.com/sovITxyz/keytr.org" class="btn btn-primary">View on GitHub</a>
          <a href="#how-it-works" class="btn btn-ghost">Learn more</a>
        </div>
      </div>
    </div>
  </header>

  <!-- Problem -->
  <section class="problem">
    <div class="container">
      <div class="problem-grid">
        <div class="problem-card">
          <div class="problem-icon">&#x26A0;</div>
          <h3>Clipboard exposure</h3>
          <p>Copy-pasting nsec between devices leaks your identity to every app that reads the clipboard.</p>
        </div>
        <div class="problem-card">
          <div class="problem-icon">&#x1F512;</div>
          <h3>No sync</h3>
          <p>Browser extensions don't follow you across devices. Hardware signers add complexity.</p>
        </div>
        <div class="problem-card">
          <div class="problem-icon">&#x2620;</div>
          <h3>One mistake, forever</h3>
          <p>Leak your nsec once and your Nostr identity is compromised permanently. There's no rotation.</p>
        </div>
      </div>
      <div class="solution-banner">
        <strong>keytr fixes this.</strong> Your nsec gets encrypted with a passkey and published to Nostr relays. On any new device, authenticate with your fingerprint to decrypt. That's it. Inspired by the passkey vault approach pioneered by <a href="https://bittasker.com">BitTasker</a>.
      </div>
    </div>
  </section>

  <!-- How It Works -->
  <section id="how-it-works" class="how-it-works">
    <div class="container">
      <div class="section-header">
        <h2>How it works</h2>
        <p>Six steps from nsec chaos to passkey-protected login.</p>
      </div>

      <div class="flow">
        <div class="flow-line"></div>
        <div class="flow-step">
          <div class="step-number">1</div>
          <div class="step-content">
            <h4>Generate or import</h4>
            <p>Create a new nsec or bring your existing one into any keytr-compatible client.</p>
          </div>
        </div>
        <div class="flow-step">
          <div class="step-number">2</div>
          <div class="step-content">
            <h4>Register a passkey</h4>
            <p>Your device creates a WebAuthn credential bound to a gateway (e.g. <code>keytr.org</code>) or the client's own domain.</p>
          </div>
        </div>
        <div class="flow-step">
          <div class="step-number">3</div>
          <div class="step-content">
            <h4>Encrypt</h4>
            <p>keytr tries the passkey's PRF extension first. If the authenticator doesn't support PRF (e.g. Firefox Android, older security keys), it falls back to <strong>Key-in-Handle (KiH)</strong> mode, embedding a random encryption key in the passkey itself. Either way, the key goes through HKDF-SHA256 to derive an AES-256 encryption key.</p>
          </div>
        </div>
        <div class="flow-step">
          <div class="step-number">4</div>
          <div class="step-content">
            <h4>Publish to relays</h4>
            <p>The encrypted blob is published as a <code>kind:31777</code> parameterized replaceable event to your Nostr relays.</p>
          </div>
        </div>
        <div class="flow-step">
          <div class="step-number">5</div>
          <div class="step-content">
            <h4>Open any client</h4>
            <p>On a new device, open any keytr-compatible client and tap <strong>"Login with Passkey"</strong>.</p>
          </div>
        </div>
        <div class="flow-step">
          <div class="step-number">6</div>
          <div class="step-content">
            <h4>Authenticate &amp; decrypt</h4>
            <p>Your passkey syncs via iCloud / Google / Windows &mdash; authenticate with your fingerprint or face to decrypt your nsec instantly.</p>
          </div>
        </div>
      </div>
    </div>
  </section>

  <!-- Architecture Diagram -->
  <section class="architecture">
    <div class="container">
      <div class="section-header">
        <h2>Architecture</h2>
        <p>No servers to trust. No passwords to remember. Just math and hardware.</p>
      </div>
      <div class="arch-diagram">
        <div class="arch-row">
          <div class="arch-node arch-device">
            <div class="arch-label">Your device</div>
            <div class="arch-detail">Passkey + biometric</div>
          </div>
          <div class="arch-arrow">&rarr;</div>
          <div class="arch-node arch-prf">
            <div class="arch-label">PRF or KiH &rarr; HKDF</div>
            <div class="arch-detail">Key derivation (auto-detected)</div>
          </div>
          <div class="arch-arrow">&rarr;</div>
          <div class="arch-node arch-crypto">
            <div class="arch-label">AES-256-GCM</div>
            <div class="arch-detail">Encrypt nsec &rarr; 93-byte blob</div>
          </div>
          <div class="arch-arrow">&rarr;</div>
          <div class="arch-node arch-relay">
            <div class="arch-label">Nostr relays</div>
            <div class="arch-detail">kind:31777 event</div>
          </div>
        </div>
        <div class="arch-note">All cryptography happens client-side. Relays are dumb stores &mdash; they never see your nsec or encryption key.</div>
      </div>
    </div>
  </section>

  <!-- Security -->
  <section id="security" class="security">
    <div class="container">
      <div class="section-header">
        <h2>Security</h2>
        <p>Designed to make the right thing easy and the wrong thing impossible.</p>
      </div>
      <div class="crypto-grid">
        <div class="crypto-card">
          <h3>Encryption scheme</h3>
          <ul>
            <li><strong>Key source</strong> <span>PRF extension or KiH random key &rarr; HKDF-SHA256</span></li>
            <li><strong>Two modes</strong> <span>PRF (hardware-bound) or KiH (universal fallback)</span></li>
            <li><strong>Cipher</strong> <span>AES-256-GCM with 12-byte random IV</span></li>
            <li><strong>AAD</strong> <span>Credential ID + mode-specific version byte (prevents substitution, downgrade &amp; cross-mode attacks)</span></li>
          </ul>
        </div>
        <div class="crypto-card">
          <h3>What attackers can't do</h3>
          <ul>
            <li><strong>Phish the key</strong> <span>Passkey is origin-bound to the rpId</span></li>
            <li><strong>Brute-force</strong> <span>Random 256-bit key, not a password</span></li>
            <li><strong>Swap ciphertexts</strong> <span>AAD binds blob to credential ID + mode</span></li>
            <li><strong>Compromise relays</strong> <span>End-to-end encrypted, relay sees nothing</span></li>
          </ul>
        </div>
      </div>
      <p class="crypto-note">In PRF mode, the encryption key is hardware-bound and never leaves the authenticator. In KiH mode, a random 256-bit key is stored in the passkey's user.id field, protected by biometric/PIN. Either way, HKDF-SHA256 with a random salt produces a unique AES key per encryption. Even if the encrypted event is public on relays, it is useless without your passkey.</p>
    </div>
  </section>

  <!-- Decentralized Gateways -->
  <section id="decentralized" class="decentralized">
    <div class="container">
      <div class="section-header">
        <h2>Two gateways, zero single points of failure</h2>
        <p>Your passkey-encrypted keys live on Nostr relays. The gateways just provide the WebAuthn rpId &mdash; and now there are two.</p>
      </div>

      <div class="gateway-comparison">
        <div class="gw-card gw-highlight">
          <div class="gw-badge gw-cloudflare">Cloudflare</div>
          <div class="gw-domain">keytr.org</div>
          <div class="gw-desc">Primary gateway operated by sovIT. Hosted on Cloudflare for global edge performance.</div>
          <ul class="gw-details">
            <li><strong>Hosting</strong> <span>Cloudflare Pages</span></li>
            <li><strong>Operator</strong> <span>sovIT</span></li>
            <li><strong>Status</strong> <span>Active</span></li>
          </ul>
        </div>
        <div class="gw-card">
          <a href="https://nostkey.org" class="gw-link">
            <div class="gw-badge gw-hostinger">Hostinger</div>
            <div class="gw-domain">nostkey.org</div>
            <div class="gw-desc">Alternative gateway hosted on Hostinger. Same protocol, different infrastructure. True decentralization.</div>
            <ul class="gw-details">
              <li><strong>Hosting</strong> <span>Hostinger</span></li>
              <li><strong>Operator</strong> <span>sovIT</span></li>
              <li><strong>Status</strong> <span>Active</span></li>
            </ul>
          </a>
        </div>
      </div>

      <div class="decentralized-note">
        <strong>Why does this matter?</strong> WebAuthn passkeys are bound to the domain (rpId) they were created on. If keytr.org goes down or Cloudflare has an outage, passkeys registered against it can't authenticate. By registering passkeys against <em>both</em> gateways, you maintain access even if one provider fails. Each gateway produces a separate <code>kind:31777</code> event on your relays.
      </div>
    </div>
  </section>

  <!-- Federation -->
  <section class="federation">
    <div class="container">
      <div class="section-header">
        <h2>Federated cross-client login</h2>
        <p>One passkey works across every Nostr client. No single domain controls the protocol.</p>
      </div>

      <div class="fed-explanation">
        <p>WebAuthn binds passkey outputs to the domain (<code>rpId</code>) they were created on. To enable cross-client login, keytr uses a <strong>federated gateway model</strong> built on the W3C <a href="https://w3c.github.io/webauthn/#sctn-related-origins">Related Origin Requests</a> spec.</p>
        <p>Any domain can become a passkey gateway by hosting a <code>/.well-known/webauthn</code> file listing authorized client origins. Register passkeys against <strong>multiple gateways</strong>, producing a separate <code>kind:31777</code> event for each. <code>keytr.org</code> runs on Cloudflare, <a href="https://nostkey.org">nostkey.org</a> runs on Hostinger &mdash; different providers, different infrastructure, zero single points of failure.</p>
      </div>

      <div class="fed-grid">
        <div class="fed-card">
          <div class="fed-domain">keytr.org</div>
          <div class="fed-desc">Primary gateway on Cloudflare (sovIT)</div>
        </div>
        <div class="fed-card">
          <a href="https://nostkey.org" class="fed-link">
            <div class="fed-domain">nostkey.org</div>
            <div class="fed-desc">Alternative gateway on Hostinger (sovIT)</div>
          </a>
        </div>
        <div class="fed-card">
          <div class="fed-domain">your-domain.com</div>
          <div class="fed-desc">Run your own &mdash; anyone can be a gateway</div>
        </div>
      </div>

      <div class="code-section">
        <div class="code-header">
          <span class="code-dot"></span>
          <span class="code-dot"></span>
          <span class="code-dot"></span>
          <span class="code-title">Cross-client WebAuthn</span>
        </div>
        <pre><code><span class="k">import</span> { setup, discover, publishKeytrEvent } <span class="k">from</span> <span class="s">'@sovit.xyz/keytr'</span>

<span class="c">// Setup: tries PRF, falls back to KiH for password managers</span>
<span class="k">const</span> { eventTemplate, nsecBytes, mode } = <span class="k">await</span> setup({
  userName: <span class="s">'alice'</span>, userDisplayName: <span class="s">'Alice'</span>,
  rpId: <span class="s">"keytr.org"</span>
})
<span class="c">// mode: 'prf' (hardware-bound) or 'kih' (universal fallback)</span>

<span class="c">// Sign &amp; publish</span>
<span class="k">const</span> signed = finalizeEvent(eventTemplate, nsecBytes)
<span class="k">await</span> publishKeytrEvent(signed, relays)

<span class="c">// Discoverable login — auto-detects mode, 1 biometric prompt</span>
<span class="k">const</span> { nsecBytes, pubkey } = <span class="k">await</span> discover(relays)</code></pre>
      </div>
    </div>
  </section>

  <!-- Run Your Own Gateway -->
  <section class="gateway">
    <div class="container">
      <div class="section-header">
        <h2>Run your own gateway</h2>
        <p>Decentralize the protocol further. All you need is a domain and one file.</p>
      </div>
      <div class="code-section">
        <div class="code-header">
          <span class="code-dot"></span>
          <span class="code-dot"></span>
          <span class="code-dot"></span>
          <span class="code-title">/.well-known/webauthn</span>
        </div>
        <pre><code>{
  <span class="s">"origins"</span>: [
    <span class="s">"https://your-gateway.example"</span>,
    <span class="s">"https://client-a.com"</span>,
    <span class="s">"https://client-b.com"</span>
  ]
}</code></pre>
      </div>
      <p class="gateway-note">Clients listed in your <code>origins</code> can register passkeys under your domain's rpId. The browser verifies authorization automatically via the <a href="https://w3c.github.io/webauthn/#sctn-related-origins">Related Origin Requests</a> spec.</p>
    </div>
  </section>

  <!-- NIP-K1 Event -->
  <section class="event-spec">
    <div class="container">
      <div class="section-header">
        <h2>The event &mdash; NIP-K1</h2>
        <p>Encrypted keys are stored as <code>kind:31777</code> parameterized replaceable events.</p>
      </div>
      <div class="code-section">
        <div class="code-header">
          <span class="code-dot"></span>
          <span class="code-dot"></span>
          <span class="code-dot"></span>
          <span class="code-title">kind:31777</span>
        </div>
        <pre><code>{
  <span class="s">"kind"</span>: <span class="n">31777</span>,
  <span class="s">"content"</span>: <span class="s">"&lt;base64 encrypted 93-byte blob&gt;"</span>,
  <span class="s">"tags"</span>: [
    [<span class="s">"d"</span>, <span class="s">"&lt;credential-id-base64url&gt;"</span>],
    [<span class="s">"rp"</span>, <span class="s">"keytr.org"</span>],
    [<span class="s">"algo"</span>, <span class="s">"aes-256-gcm"</span>],
    [<span class="s">"kdf"</span>, <span class="s">"hkdf-sha256"</span>],
    [<span class="s">"v"</span>, <span class="s">"1"</span>],
    [<span class="s">"transports"</span>, <span class="s">"internal"</span>, <span class="s">"hybrid"</span>],
    [<span class="s">"client"</span>, <span class="s">"&lt;client-name&gt;"</span>]
  ]
}</code></pre>
      </div>
      <p class="event-note">Multiple passkeys can be registered &mdash; each produces a separate event with a different <code>d</code> tag. The <code>v</code> tag indicates the mode: <code>1</code> for PRF, <code>3</code> for KiH. <code>transports</code> and <code>client</code> tags are optional. Lose one passkey, your others still work.</p>
    </div>
  </section>

  <!-- Developers -->
  <section id="developers" class="developers">
    <div class="container">
      <div class="section-header">
        <h2>For client developers</h2>
        <p>Integrate keytr into your Nostr client in minutes.</p>
      </div>
      <div class="dev-content">
        <div class="code-section">
          <div class="code-header">
            <span class="code-dot"></span>
            <span class="code-dot"></span>
            <span class="code-dot"></span>
            <span class="code-title">Install</span>
          </div>
          <pre><code>npm install @sovit.xyz/keytr</code></pre>
        </div>
        <div class="code-section">
          <div class="code-header">
            <span class="code-dot"></span>
            <span class="code-dot"></span>
            <span class="code-dot"></span>
            <span class="code-title">Usage</span>
          </div>
          <pre><code><span class="k">import</span> { setup, discover, publishKeytrEvent } <span class="k">from</span> <span class="s">'@sovit.xyz/keytr'</span>

<span class="c">// Setup: PRF-first with automatic KiH fallback</span>
<span class="k">const</span> { eventTemplate, nsecBytes, npub, mode }
  = <span class="k">await</span> setup({ userName: <span class="s">'alice'</span>, userDisplayName: <span class="s">'Alice'</span>, rpId: <span class="s">'keytr.org'</span> })

<span class="c">// Sign &amp; publish the kind:31777 event to relays</span>

<span class="c">// Discoverable login: auto-detects PRF vs KiH, one biometric tap</span>
<span class="k">const</span> { nsecBytes, npub, pubkey } = <span class="k">await</span> discover(relays)</code></pre>
        </div>
        <p class="dev-note">To have your origin authorized for cross-client login, add your domain to the <a href="https://github.com/sovITxyz/keytr.org">origins list</a> via PR.</p>
      </div>
    </div>
  </section>

  <!-- CTA -->
  <section class="cta">
    <div class="container">
      <div class="cta-content">
        <h2>Start building with keytr</h2>
        <p>Open protocol. Open source. Open to everyone.</p>
        <div class="cta-actions">
          <a href="https://www.npmjs.com/package/@sovit.xyz/keytr" class="btn btn-primary btn-lg">npm package</a>
          <a href="https://github.com/sovITxyz/keytr" class="btn btn-ghost btn-lg">Library on GitHub</a>
          <a href="https://github.com/sovITxyz/keytr.org" class="btn btn-ghost btn-lg">Site Source</a>
          <a href="https://github.com/sovITxyz/keytr/blob/main/nip/nip-k1.md" class="btn btn-ghost btn-lg">Read NIP-K1</a>
        </div>
      </div>
    </div>
  </section>

  <!-- Footer -->
  <footer>
    <div class="container">
      <div class="footer-content">
        <div class="footer-logo">key<span>tr</span></div>
        <p><a href="https://github.com/sovITxyz/keytr/blob/main/LICENSE">AGPL-3.0</a> &middot; Built by <a href="https://sovit.xyz">sovIT</a></p>
      </div>
    </div>
  </footer>

</body>
</html>