What is Nostr?
Understanding the decentralized protocol that powers Redshift.
Nostr in a Nutshell
Nostr (Notes and Other Stuff Transmitted by Relays) is a simple, open protocol for creating censorship-resistant global networks. Think of it as a decentralized alternative to platforms like Twitter or Slack, but the underlying technology can be used for much more than social media.
At its core, Nostr is built on three simple concepts:
- Identities are key pairs - Your identity is a cryptographic key pair. No email, phone, or username required.
- Data is signed - Everything you publish is cryptographically signed, proving it came from you.
- Relays store and forward - Independent servers (relays) store and distribute data. You can use any relay, or run your own.
How Nostr Works
Keys = Identity
Your Nostr identity is a public/private key pair using the secp256k1 curve (the same as Bitcoin). Your public key (npub) is your identity that others can see. Your private key (nsec) proves you are the owner of that identity.
# Example Nostr keys
Public key (npub): npub1abc123...xyz
Private key (nsec): nsec1secret...key
# Never share your nsec!Events = Data
All data in Nostr is represented as "events" - JSON objects with a specific structure:
{
"id": "event_hash",
"pubkey": "your_public_key",
"created_at": 1234567890,
"kind": 1,
"tags": [["tag", "value"]],
"content": "Your data here",
"sig": "cryptographic_signature"
}Key fields:
- kind - The type of event (1 = text note, 0 = profile metadata, etc.)
- content - The actual data (can be encrypted)
- sig - Your cryptographic signature proving you created this
Relays = Storage
Relays are simple servers that receive, store, and forward events. They're like email servers, but for Nostr data. Key properties:
- Anyone can run a relay - No permission needed
- You choose your relays - Use public ones or self-host
- Redundancy - Publish to multiple relays so your data survives if one goes down
- No single point of failure - If a relay bans you, use another
How Redshift Uses Nostr
Redshift leverages Nostr's architecture for secret management:
| Nostr Concept | Redshift Usage |
|---|---|
| Key pair identity | Your Nostr keys authenticate you and encrypt your secrets |
| Signed events | Your project and secret data is signed, preventing tampering |
| Relays | Your encrypted secrets are stored across multiple relays |
| Event kinds | Redshift uses NIP-59 Gift Wrap (Kind 1059) for metadata-protected encrypted storage |
Security Model
Your secrets are encrypted before leaving your device. Relay operators can see that you have data, but cannot read its contents. Only someone with your private key can decrypt your secrets.
# What relay operators see (NIP-59 Gift Wrap):
{
"kind": 1059,
"pubkey": "random_throwaway_key",
"content": "encrypted_blob_they_cannot_read",
"tags": [["t", "redshift-secrets"]]
}NIPs: Nostr Implementation Possibilities
Nostr is extended through NIPs - specifications that define how different features work. Redshift uses several NIPs:
- NIP-01 - Basic protocol (events, signatures, relays)
- NIP-07 - Browser extension interface (Alby, nos2x)
- NIP-19 - Bech32 encoding (npub, nsec formats)
- NIP-44 - Versioned encryption (XChaCha20-Poly1305)
- NIP-46 - Remote signing (bunker connections)
- NIP-59 - Gift Wrap (metadata protection)
Why Nostr for Secrets?
Traditional secret managers require you to trust a company with your most sensitive data. Nostr flips this:
- You own your identity - No account to create or company to trust
- You own your data - Encrypted with your keys, stored on relays you choose
- No vendor lock-in - Standard protocol, can switch tools anytime
- Censorship resistant - No single entity can revoke your access
Learn More
- nostr.com - Official resources
- NIPs Repository - Protocol specifications
- nostr.how - Beginner's guide
Next Steps
Now that you understand Nostr, learn why Redshift vs. other secret managers or dive into authentication options.