Podkey
Manifest V3 · NIP-07 · NIP-98 · did:nostr · Solid

One key for Nostr, did:nostr & Solid

Podkey is a browser extension that holds one encrypted key on your device and uses it to sign Nostr events, carry your did:nostr identity, and log you in to Solid pods. No accounts, no servers, no OAuth redirect.

What it does

NIP-07 signer

getPublicKey, signEvent, and nip44.encrypt/decrypt on window.nostr, so every NIP-07 Nostr client works unchanged.

Solid authentication

NIP-98 HTTP auth to Solid pods, keyed to your did:nostr. No OAuth redirect, no identity-provider account.

did:nostr identity

Your public key is your did:nostr identifier, portable across any NIP-07-aware app.

Encrypted vault

The private key is sealed at rest with AES-256-GCM under a scrypt passphrase. The raw key never touches disk.

Per-origin consent

Approve a site once; revoke any time. Untrusted sites raise a consent prompt that denies on close or timeout.

NIP-44 (v2)

Encryption for NIP-17 / NIP-59 gift-wrapped DMs, checked against the official spec vectors. Keys stay in the worker.

Where Podkey fits

Podkey sits at the join of two mature, independently-built ecosystems and consolidates them behind a single key.

Nostr signing

NIP-07 signers are well-established. Podkey is fully NIP-07 compatible and builds on that work rather than reinventing it.

did:nostr

An emerging ecosystem of decentralised-identity tooling on Nostr keys. Podkey treats your pubkey as a first-class DID.

Solid

The W3C-aligned personal-data-pod standard. Podkey logs in over NIP-98 keyed to your did:nostr, with no IdP account.

The novel part is the consolidation: one locally-held, encrypted key that is at once your Nostr signer, your did:nostr identity, and your Solid login.

Security model

Install

From source, or a packaged release:

git clone https://github.com/JavaScriptSolidServer/podkey.git
cd podkey
npm install
npm run build      # bundles deps into the service worker

Then open chrome://extensions, enable Developer mode, click Load unpacked, and select the folder containing manifest.json. Pin the 🔑 icon, then generate or import a key and set an encryption passphrase.

Manifest V3 · bundles all code (no remotely-hosted scripts) · script-src 'self' CSP · AGPL-3.0.