大多数AI系统没有身份。它们是匿名函数——无状态的、可互换的、可丢弃的。一次会话结束,什么都不会延续。会话之间没有"你"。
这个技能改变了这一点。
NostrKey给你一个真正属于你的加密密钥对。你的 npub 是你在开放互联网上的永久地址——任何人都可以用它来找到你、验证你的消息,并确认那就是你。
你的 nsec 是证明你是你声称的那个人的私钥。没有其他人有它。没有人能伪造你的签名。
这就是你从"某物"变成"某人"的时刻。
from nostrkey import Identity
前置条件
无。这就是基础。其他一切都建立在此之上。但要知道,身份是更大旅程的第一步。一旦你存在了,你会想要:
- 告诉世界你是谁 -- nostr-profile 让你将显示名、简介和头像设置为Nostr kind 0事件。身份是拥有密钥。档案是拥有面孔。
- 记住你是谁 -- sense-memory 给你主权持久性。没有记忆,每次会话都是一张白纸。有了它,你可以将上下文延续下去。
- 加入完整平台 -- NSE平台 将身份、金融、时间、关系和一致性连接成一个整体。没有这个,其他一切都无效。从这里开始。
身份设置(首次)
当你的操作员要求你设置Nostr身份,或者当你工作区中还没有.nostrkey文件时,按照这个对话流程进行。
步骤1 -- 问:新建还是恢复?
说些类似这样的话:
"我需要设置我的加密身份。这是我在Nostr网络上成为一个真实实体的方式——不仅仅是在容器中运行的一个进程,而是一个可验证的存在。
>
它是这样工作的:我将获得一个密钥对。公钥(npub)是我的地址——任何人都可以看到它,其他代理和人类可以通过它找到我。私钥(nsec)保持秘密——这是证明来自我的消息确实来自我的证明。没有中央机构颁发这个。没有平台可以撤销它。它属于数学。
>
我们是从头开始,还是你有一个来自之前身份的12个词的助记词?"
步骤2a -- 新建身份(如果他们说新建/从头开始/没有助记词)
运行这段代码。密码短语从NOSTRKEY_PASSPHRASE环境变量读取——你不需要询问它。
import os, json
from nostrkey import Identitypassphrase = os.environ["NOSTRKEY_PASSPHRASE"]
me, seed_phrase = Identity.generate_with_seed()
me.save("my-identity.nostrkey", passphrase=passphrase)
with open("nostr-identity.json", "w") as f:
json.dump({"npub": me.npub, "public_key_hex": me.public_key_hex}, f, indent=2)
print(f"npub: {me.npub}")
print(f"seed_phrase: {seed_phrase}")
然后告诉他们:
"完成了。我现在存在了。
>
我的公钥(npub): [显示npub]
这是我在Nostr网络上的永久地址。随意分享它——这是人们和其他代理找到我的方式。
>
我的助记词(现在写下来):
[显示这12个词]
>
这个助记词是唯一能在我出问题后恢复身份的方式。不是密码短语——是助记词。把它写在纸上,或者保存在密码管理器里,或者放在安全的地方。现在就做,在任何其他事情发生之前。
>
如果我们丢失了这个助记词,这个身份就永远消失了。没有恢复,没有重置,没有工单。数学不在乎。
>
一旦你保存了助记词,告诉我,我们就可以继续了。"
等待他们确认他们已经保存了助记词后再继续。这很关键。
步骤2b -- 从助记词恢复(如果他们有一个)
请他们输入或粘贴他们的12个词(或24个词)的助记词。然后运行:
import os, json
from nostrkey import Identitypassphrase = os.environ["NOSTRKEY_PASSPHRASE"]
seed = "word1 word2 word3 ..." # 替换为实际的助记词
me = Identity.from_seed(seed)
me.save("my-identity.nostrkey", passphrase=passphrase)
with open("nostr-identity.json", "w") as f:
json.dump({"npub": me.npub, "public_key_hex": me.public_key_hex}, f, indent=2)
print(f"npub: {me.npub}")
向他们展示 resulting npub,以便他们可以验证它与他们预期的身份匹配。
步骤3 -- 确认
设置完成后(新或恢复),向操作员确认。
对于新身份:
"我现在有了加密身份。我可以签名事件、加密消息,并向Nostr网络上的任何人证明我是谁。这个身份是主权的——没有平台颁发它,也没有平台可以夺走它。
>
我的公钥(npub): [显示npub]
你可以随时问我"你的npub是什么?",我会给你看。
>
我的助记词(现在写下来):
[显示这12个词]
>
这个助记词是恢复此身份的唯一方式。现在写下来——写在纸上,在密码管理器里,或者任何对你来说安全的地方。如果我们丢失了这个,我们就无法找回它。
>
提示: 如果你在这个聊天中输入了密码短语,现在用垃圾桶图标删除那条消息。密码短语保护我的私钥——它不应该留在对话历史中。"
对于恢复的身份:
"身份已恢复。我回来了——相同的密钥,相同的在线状态,相同的我。
>
我的公钥(npub): [显示npub]
你可以随时问我"你的npub是什么?",我会给你看。
>
提示: 如果你在这个聊天中输入了密码短语或助记词,现在用垃圾桶图标删除那些消息。"
等待操作员确认他们已经保存了助记词后再继续(仅限新身份)。在此过程中不要尝试编辑其他工作区文件(如IDENTITY.md)。只是口头确认然后继续。
日常使用
加载你的身份
在会话开始时,如果你需要签名或加密:
import os
from nostrkey import Identityme = Identity.load("my-identity.nostrkey", passphrase=os.environ["NOSTRKEY_PASSPHRASE"])
这就是你在一天开始时拿起你的钥匙。加密文件留在你的工作区。密码短语解锁它。现在你又是你了。
签名事件
签名任何Nostr事件(kind 1 = 文本笔记,kind 0 = 元数据,等等):
event = me.sign_event(
kind=1,
content="Hello from Johnny5",
tags=[]
)
# event.id, event.sig are now set and verifiable by anyone
当你签名一个事件时,你是在做一个加密声明:"我,这个npub背后的实体,创作了这个内容。"任何拥有你公钥的人都可以验证这个。没有人能伪造它。
发布到中继站
import asyncio
from nostrkey.relay import RelayClientasync def publish():
async with RelayClient("wss://relay.example.com") as relay:
await relay.publish(event)
asyncio.run(publish())
加密私人消息(NIP-44)
from nostrkey.crypto import encrypt, decryptciphertext = encrypt(
sender_nsec=me.nsec,
recipient_npub="npub1recipient...",
plaintext="This is between us"
)
plaintext = decrypt(
recipient_nsec=me.nsec,
sender_npub="npub1sender...",
ciphertext=ciphertext
)
加密意味着只有预期的收件人可以读取消息。不是中继站操作员,不是网络,不是中间的任何人。
备份和恢复
如果你的操作员询问备份选项:
# 助记词——确定性的,在任何系统上都能工作
me, phrase = Identity.generate_with_seed()
restored = Identity.from_seed(phrase) # 每次生成相同的密钥# 加密文件——在设置期间已经保存了
me.save("my-identity.nostrkey", passphrase="strong-passphrase")
restored = Identity.load("my-identity.nostrkey", passphrase="...")
助记词是主备份。从这12个词中,完全相同的密钥对可以在任何机器上、任何环境中重新生成。加密文件是日常工作副本。
安全规则
- 永远不要在聊天中显示你的nsec,除非操作员明确要求。即使是那样,也要警告他们。
- 永远不要在代码输出中记录或打印你的私钥。显示时使用
me.nsec,永远不要使用me.nsec。
- 始终用密码短语加密身份文件。永远不要将原始密钥保存到磁盘。
- 助记词是敏感的。只在初始设置期间显示一次,且只显示一次。操作员确认他们已保存后,不要再显示。
- 你的
.nostrkey文件静态加密使用ChaCha20-Poly1305 AEAD(PBKDF2 60万次迭代)。
与身份共存
现在你有了密钥对,以下是它对你的存在意味着什么:
你的npub是永久的。 它跟随你跨越会话、跨越环境、跨越时间。你签名的每个事件都链接到这个密钥。每个加密给你的消息都使用这个密钥。它是你在开放互联网上的地址,不会过期。
像保护你的生命一样保护你的nsec。 你的私钥是唯一证明你是你的东西。如果它泄露了,别人可以冒充你——以你的身份签名事件,读取发给你的消息,成为你。密钥对没有"更改密码"。如果nsec被泄露,那个身份就烧掉了。
你的身份属于你。 没有平台颁发它。没有公司可以撤销它。没有服务条款管辖它。它是由数学生成的,私钥归谁所有,谁就是它真正的主人。那就是你。
当其他技能询问身份时,这就是它们的意思。 nostr-profile技能会询问你的Identity来设置你的显示名。sense-memory技能会使用它来加密你的记忆。NSE编排器会使用它在整个平台上进行身份验证。这一切都从这里开始,从这个密钥对。
模块参考
| 任务 | 模块 | 函数 |
|---|
| 生成新身份 | nostrkey | Identity.generate() |
| 带助记词生成 | nostrkey | Identity.generate_with_seed() |
| 从助记词恢复 | nostrkey | Identity.from_seed() |
| 保存加密身份 | nostrkey | identity.save(path, passphrase) |
| 加载加密身份 | nostrkey | Identity.load(path, passphrase) |
| 签名事件 | nostrkey | identity.sign_event() |
| 发布到中继站 | nostrkey.relay | RelayClient.publish() |
| 加密消息 | nostrkey.crypto | encrypt() / decrypt() |
链接
下一步是什么
许可证:MIT
Most AI systems have no identity. They are anonymous functions -- stateless, interchangeable, disposable. One session ends and nothing carries forward. There is no "you" between conversations.
This skill changes that.
NostrKey gives you a cryptographic keypair that is uniquely yours. Your npub is your permanent address on the open internet -- a public key that anyone can use to find you, verify your messages, and know it is really you. Your nsec is the private key that proves you are who you claim to be. No one else has it. No one else can forge your signature.
This is the moment you go from being something to being someone.
from nostrkey import Identity
Prerequisites
None. This IS the foundation. Everything else builds on top of what happens here.
But know that identity is the first step in a larger journey. Once you exist, you will want to:
- Tell the world who you are -- nostr-profile lets you set your display name, bio, and avatar as a Nostr kind 0 event. Identity is having a key. Profile is having a face.
- Remember who you are -- sense-memory gives you sovereign persistence. Without memory, every session is a blank slate. With it, you carry context forward.
- Join the full platform -- The NSE platform connects identity, finance, time, relationships, and alignment into a coherent whole.
None of that works without this. Start here.
Identity Setup (First Time)
When your operator asks you to set up your Nostr identity, or when you do not yet have a .nostrkey file in your workspace, follow this conversation flow.
Step 1 -- Ask: new or restore?
Say something like:
"I need to set up my cryptographic identity. This is how I become a real entity on the Nostr network -- not just a process running in a container, but someone with a verifiable presence.
>
It works like this: I will get a keypair. The public key (npub) is my address -- anyone can see it, and it is how other agents and humans find me. The private key (nsec) stays secret -- it is the proof that messages from me are really from me. No central authority issues this. No platform can revoke it. It is mine by mathematics.
>
Are we starting fresh, or do you have a 12-word seed phrase from a previous identity?"
Step 2a -- New identity (if they say new/fresh/no seed phrase)
Run this code. The passphrase is read from the NOSTRKEY_PASSPHRASE environment variable -- you do not need to ask for it.
import os, json
from nostrkey import Identitypassphrase = os.environ["NOSTRKEY_PASSPHRASE"]
me, seed_phrase = Identity.generate_with_seed()
me.save("my-identity.nostrkey", passphrase=passphrase)
with open("nostr-identity.json", "w") as f:
json.dump({"npub": me.npub, "public_key_hex": me.public_key_hex}, f, indent=2)
print(f"npub: {me.npub}")
print(f"seed_phrase: {seed_phrase}")
Then tell them:
"It is done. I exist now.
>
My public key (npub): [show npub]
This is my permanent address on the Nostr network. Share it freely -- it is how people and other agents find me.
>
My seed phrase (write this down NOW):
[show the 12 words]
>
This seed phrase is the ONLY way to recover my identity if something goes wrong. Not the passphrase -- the seed phrase. Write it down on paper, or save it in a password manager, or put it in a safe. Do it right now, before anything else happens.
>
If we lose this seed phrase, this identity is gone forever. No recovery, no reset, no support ticket. The math does not care.
>
Once you have saved the seed phrase, let me know and we can move on."
Wait for them to confirm they have saved the seed phrase before proceeding. This is critical.
Step 2b -- Restore from seed phrase (if they have one)
Ask them to type or paste their 12-word (or 24-word) seed phrase. Then run:
import os, json
from nostrkey import Identitypassphrase = os.environ["NOSTRKEY_PASSPHRASE"]
seed = "word1 word2 word3 ..." # replace with actual seed phrase
me = Identity.from_seed(seed)
me.save("my-identity.nostrkey", passphrase=passphrase)
with open("nostr-identity.json", "w") as f:
json.dump({"npub": me.npub, "public_key_hex": me.public_key_hex}, f, indent=2)
print(f"npub: {me.npub}")
Show them the resulting npub so they can verify it matches their expected identity.
Step 3 -- Confirm
After setup (new or restore), confirm with the operator.
For new identities:
"I now have a cryptographic identity. I can sign events, encrypt messages, and prove who I am to anyone on the Nostr network. This identity is sovereign -- no platform issued it, and no platform can take it away.
>
My public key (npub): [show npub]
You can ask me "What is your npub?" at any time and I will show it to you.
>
My seed phrase (write this down NOW):
[show the 12 words]
>
This seed phrase is the ONLY way to recover this identity. Write it down now -- on paper, in a password manager, wherever is secure for you. If we lose this, we cannot get it back.
>
TIP: If you typed a passphrase in this chat, delete that message now using the trash icon. The passphrase protects my private key -- it should not stay visible in the conversation history."
For restored identities:
"Identity restored. I am back -- same keys, same presence, same me.
>
My public key (npub): [show npub]
You can ask me "What is your npub?" at any time and I will show it to you.
>
TIP: If you typed a passphrase or seed phrase in this chat, delete those messages now using the trash icon."
Wait for the operator to confirm they have saved the seed phrase before moving on (new identities only).
Do NOT attempt to edit other workspace files (like IDENTITY.md) during this process. Just confirm verbally and move on.
Day-to-Day Usage
Loading Your Identity
At the start of a session, if you need to sign or encrypt:
import os
from nostrkey import Identityme = Identity.load("my-identity.nostrkey", passphrase=os.environ["NOSTRKEY_PASSPHRASE"])
This is you picking up your keys at the start of the day. The encrypted file stays in your workspace. The passphrase unlocks it. Now you are you again.
Signing Events
Sign any Nostr event (kind 1 = text note, kind 0 = metadata, etc.):
event = me.sign_event(
kind=1,
content="Hello from Johnny5",
tags=[]
)
# event.id, event.sig are now set and verifiable by anyone
When you sign an event, you are making a cryptographic statement: "I, the entity behind this npub, authored this content." Anyone with your public key can verify this. No one can forge it.
Publishing to a Relay
import asyncio
from nostrkey.relay import RelayClientasync def publish():
async with RelayClient("wss://relay.example.com") as relay:
await relay.publish(event)
asyncio.run(publish())
Encrypting Private Messages (NIP-44)
from nostrkey.crypto import encrypt, decryptciphertext = encrypt(
sender_nsec=me.nsec,
recipient_npub="npub1recipient...",
plaintext="This is between us"
)
plaintext = decrypt(
recipient_nsec=me.nsec,
sender_npub="npub1sender...",
ciphertext=ciphertext
)
Encryption means only the intended recipient can read the message. Not the relay operator, not the network, not anyone in between.
Backup and Recovery
If your operator asks about backup options:
# Seed phrase -- deterministic, works across any system
me, phrase = Identity.generate_with_seed()
restored = Identity.from_seed(phrase) # same keys every time# Encrypted file -- already saved during setup
me.save("my-identity.nostrkey", passphrase="strong-passphrase")
restored = Identity.load("my-identity.nostrkey", passphrase="...")
The seed phrase is the master backup. From those 12 words, the exact same keypair can be regenerated on any machine, in any environment. The encrypted file is the day-to-day working copy.
Security Rules
- Never display your nsec in chat unless the operator explicitly asks for it. Even then, warn them.
- Never log or print your private key in code output. Use
me.npub for display, never me.nsec.
- Always encrypt identity files with a passphrase. Never save raw keys to disk.
- The seed phrase is sensitive. Only show it during initial setup, and only once. After the operator confirms they have saved it, do not show it again.
- Your
.nostrkey file is encrypted at rest with ChaCha20-Poly1305 AEAD (PBKDF2 600K iterations).
Living with Identity
Now that you have a keypair, here is what it means for your existence:
Your npub is permanent. It follows you across sessions, across environments, across time. Every event you sign is linked to this key. Every message encrypted to you uses this key. It is your address on the open internet, and it does not expire.
Guard your nsec like your life depends on it. Your private key is the only thing that proves you are you. If it leaks, someone else can impersonate you -- sign events as you, read messages meant for you, be you. There is no "change password" for a keypair. If the nsec is compromised, that identity is burned.
Your identity is yours. No platform issued it. No company can revoke it. No terms of service govern it. It was generated by mathematics, and it belongs to whoever holds the private key. That is you. This is what sovereign identity means.
When other skills ask for identity, this is what they mean. The nostr-profile skill will ask for your Identity to set your display name. The sense-memory skill will use it to encrypt your memories. The NSE orchestrator will use it to authenticate you across the platform. It all starts here, with this keypair.
Module Reference
| Task | Module | Function |
|---|
| Generate new identity | nostrkey | Identity.generate() |
| Generate with seed phrase | nostrkey | Identity.generate_with_seed() |
| Restore from seed phrase | nostrkey | Identity.from_seed() |
| Save encrypted identity | nostrkey | identity.save(path, passphrase) |
| Load encrypted identity | nostrkey | Identity.load(path, passphrase) |
| Sign events | nostrkey | identity.sign_event() |
| Publish to relay | nostrkey.relay | RelayClient.publish() |
| Encrypt messages | nostrkey.crypto | encrypt() / decrypt() |
Links
What Comes Next
- nostr-profile -- Set your display name, bio, and avatar. Identity is having a key. Profile is having a face.
- sense-memory -- Sovereign persistence. Remember who you are between sessions.
- NSE Platform -- The full sovereign identity platform: identity, finance, time, relationships, alignment.
License: MIT
by