Cryptography + Open Source
OpenNHP's security design draws inspiration from the most battle-tested security model in history.
The Bitcoin Inspiration
Bitcoin holds over $1 trillion in value—the most tempting target for every hacker on Earth. Yet after 15+ years of relentless attacks, it remains unbreached. Traditional security approaches would have failed long ago. What makes Bitcoin different?
Cryptography
Cryptography is the bedrock of cybersecurity—built on rigorous mathematical proofs, not assumptions. When security is rooted in mathematics, attackers face computationally impossible challenges, not clever workarounds.
Open Source
Open source enables global peer review—thousands of developers worldwide can audit every line of code for correctness and vulnerabilities. Security through transparency, not obscurity.
OpenNHP applies this proven formula: mathematically sound cryptography implemented in fully transparent open source.
Noise Protocol
Modern cryptographic framework for mutual authentication and forward secrecy
Community Audit
Rigorous peer review from global security researchers and developers
Apache 2.0
Permissive license for maximum adoption and enterprise confidence
OpenNHP Core
The official reference implementation of the Network-Infrastructure Hiding Protocol. Written in Go for memory safety, high performance, and cross-platform compatibility.
Components
nhp-agent
Client-side agent for initiating NHP connections
nhp-server
Control plane server for authentication
nhp-ac
Access controller for policy enforcement
Platform Support
StealthDNS
A Zero Trust DNS client powered by OpenNHP. Demonstrates the "invisible DNS resolution" pattern where protected domains return NXDOMAIN to unauthorized clients.
- ✓ Invisible DNS Resolution - domains hidden from unauthorized queries
- ✓ NHP-Powered Authentication before DNS lookup
- ✓ Transparent Local Resolver (127.0.0.1:53)
- ✓ Cross-platform: Windows, macOS, Linux, Android, iOS
How StealthDNS Works
Application performs DNS lookup for protected domain
StealthDNS performs NHP knock with identity context
NHP Controller validates and returns ephemeral address
Authorized: Valid DNS response
Unauthorized: NXDOMAIN
Platform Support
JavaScript Agent
Bring Zero Trust to the browser. The JS Agent enables web applications to perform NHP authentication directly from the client, enabling secure access to hidden services.
- ✓ Pure JavaScript implementation
- ✓ TypeScript types included
- ✓ Works in all modern browsers
- ✓ WebSocket and fetch integration
Quick Start
import { NHPAgent } from '@opennhp/js-agent';
// Initialize the agent
const agent = new NHPAgent({
server: 'nhp.example.com',
identity: userCredentials
});
// Perform NHP knock
const access = await agent.knock({
resource: 'api.hidden.example.com'
});
// Access granted - connect to service
const response = await fetch(access.endpoint);Contributing to OpenNHP
OpenNHP is an open-source project welcoming contributions from developers, security researchers, and documentation writers.
Report Issues
Found a bug or have a feature request? Open an issue on GitHub with detailed information.
Open an IssueSubmit Pull Requests
Review our contributing guidelines, fork the repo, and submit your improvements.
View PRsImprove Documentation
Help make OpenNHP more accessible by improving guides, tutorials, and API docs.
View DocsSecurity Research
Review the protocol, audit the implementation, and help identify vulnerabilities.
Security PolicyStart Building with OpenNHP
Deploy Zero Trust network security in your infrastructure today.