Skip to content

Releases: HumanjavaEnterprises/nostrkey.browser.plugin.src

v1.6.2 — Bug Fixes + 166 Tests

08 Apr 01:37
@vveerrgg vveerrgg
v1.6.2
2ddccfe

Choose a tag to compare

View all tags
v1.6.2 — Bug Fixes + 166 Tests Latest
Latest

Fixes

  • Vault "Unauthorized sender" — extension pages opened in tabs (vault, profiles, settings) are now correctly recognized as trusted senders
  • Safari profiles not showing — replaced window.open() with api.tabs.create() for cross-browser compatibility

Testing

  • 166 tests (154 unit + 12 E2E integration)
  • Every feature area covered: security, profiles, password/lock, keys, NIP-07, NIP-44, NIP-04, NIP-49, seed phrases, relays, vault, API keys, backup, permissions, settings, bunker, reset
  • E2E tests load the actual extension in Chrome and verify all pages + NIP-07 injection
  • npm test runs unit tests (259ms), npm run test:e2e runs Chrome integration tests

Downloads

  • nostrkey-chrome-v1.6.2.zip — Chrome / Brave / Edge
  • nostrkey-firefox-v1.6.2.zip — Firefox
Assets 4
Loading

v1.6.1 — Bug Fixes + Manage Profiles

07 Apr 19:16
@vveerrgg vveerrgg
v1.6.1
1581186

Choose a tag to compare

View all tags
v1.6.1 — Bug Fixes + Manage Profiles

What's New

  • Manage Profiles page — full-screen multi-select delete for cleaning up old profiles
  • Security hardening — unlock brute-force protection + permission rate limiting
  • Bug fixes — differentiated first-unlock vs re-lock messaging

Downloads

  • nostrkey-chrome-v1.6.1.zip — Chrome / Brave / Edge
  • nostrkey-firefox-v1.6.1.zip — Firefox

Store Status

  • Firefox: Signed and approved
  • Chrome: Uploaded, pending Privacy practices review
  • Safari: Xcode Cloud (separate process)
Loading

v1.6.0 — Security Hardening

20 Mar 00:26
@vveerrgg vveerrgg
v1.6.0
63c9796

Choose a tag to compare

View all tags
v1.6.0 — Security Hardening

What's New

Auto-Lock Improvements

  • New timeout options: 1 hour, 90 minutes, and 3 hours
  • Auto-lock timer now resets when you switch to a Nostr-enabled tab — no more surprise lockouts while actively browsing

Security Fixes (Red Team Audit)

  • Auto-lock bypass blocked — malicious pages can no longer poll getPublicKey() to prevent the timer from firing
  • Session key derivation — master password is no longer held in memory; replaced with an opaque CryptoKey via PBKDF2
  • Sender validation — sensitive operations (password changes, data reset, backup, settings) now reject messages from content script contexts
  • Lock clears keysnostrAccessWhileLocked defaults to false; locking actually clears decrypted keys from memory
  • Mutex serialization — lock/unlock can no longer race and leave inconsistent state
  • Auto-lock timeout validated — rejects invalid values (NaN, negative, arbitrary numbers)
  • No more key prefix logging — plaintext key prefixes removed from debug output

Chrome MV3 Reliability

  • Auto-lock timer now uses chrome.alarms API which survives service worker eviction

Sideload

Download the zip for your browser below and follow sideloading instructions.

Loading

v1.5.8

10 Mar 20:24
@vveerrgg vveerrgg
v1.5.8
cd6d69f

Choose a tag to compare

View all tags
v1.5.8

NostrKey v1.5.8

What's New

  • Encrypted vault backup & restore
  • Safari version display fix (browser API detection)
  • Now live on Firefox Add-ons
  • Updated landing page

Install from Store

Sideload (Chrome/Brave/Edge)

  1. Download nostrkey-chrome-v1.5.8.zip below
  2. Unzip it
  3. Go to chrome://extensions → enable Developer mode
  4. Click Load unpacked → select the unzipped folder
  5. Pin NostrKey from the extensions menu
Loading