Podkey is a browser extension that holds one encrypted key on your device and uses it
to sign Nostr events, carry your did:nostr identity, and log you in to
Solid pods. No accounts, no servers, no OAuth redirect.
getPublicKey, signEvent, and nip44.encrypt/decrypt on window.nostr, so every NIP-07 Nostr client works unchanged.
NIP-98 HTTP auth to Solid pods, keyed to your did:nostr. No OAuth redirect, no identity-provider account.
Your public key is your did:nostr identifier, portable across any NIP-07-aware app.
The private key is sealed at rest with AES-256-GCM under a scrypt passphrase. The raw key never touches disk.
Approve a site once; revoke any time. Untrusted sites raise a consent prompt that denies on close or timeout.
Encryption for NIP-17 / NIP-59 gift-wrapped DMs, checked against the official spec vectors. Keys stay in the worker.
Podkey sits at the join of two mature, independently-built ecosystems and consolidates them behind a single key.
NIP-07 signers are well-established. Podkey is fully NIP-07 compatible and builds on that work rather than reinventing it.
An emerging ecosystem of decentralised-identity tooling on Nostr keys. Podkey treats your pubkey as a first-class DID.
The W3C-aligned personal-data-pod standard. Podkey logs in over NIP-98 keyed to your did:nostr, with no IdP account.
The novel part is the consolidation: one locally-held, encrypted key that is at once your Nostr signer, your did:nostr identity, and your Solid login.
From source, or a packaged release:
git clone https://github.com/JavaScriptSolidServer/podkey.git
cd podkey
npm install
npm run build # bundles deps into the service worker
Then open chrome://extensions, enable Developer mode, click Load unpacked, and select the folder containing manifest.json. Pin the 🔑 icon, then generate or import a key and set an encryption passphrase.
Manifest V3 · bundles all code (no remotely-hosted scripts) · script-src 'self' CSP · AGPL-3.0.