Amber
No description available
Install / Use
/learn @greenart7c3/AmberREADME
Amber: Nostr event signer for Android
Amber is a nostr event signer for Android. It allows users to keep their nsec segregated in a single, dedicated app. The goal of Amber is to have your smartphone act as a NIP-46 signing device without any need for servers or additional hardware. "Private keys should be exposed to as few systems as possible as each system adds to the attack surface," as the rationale of said NIP states. In addition to native apps, Amber aims to support all current nostr web applications without requiring any extensions or web servers.
<div align="center">
Current Features
- [x] Offline
- [x] Use nip-46 or make an addendum in nip-46
- [x] Improve the ui (currently its showing a text with the raw json of the event)
- [x] Check if we can use Amber to sign the events of web applications
- [x] Change the sign button to just copy the signature of the event
- [x] Use content provider to sign events in background when you checked the remember my choice option on android
- [x] Support for multiple accounts
Download and Install
<img src="./assets/zapstore.svg" alt="Get it on Zap Store" height="70"> <img src="./assets/obtainium.png" alt="Get it on Obtaininum" height="70"> <img src="https://github.com/machiav3lli/oandbackupx/raw/034b226cea5c1b30eb4f6a6f313e4dadcbb0ece4/badge_github.png" alt="Get it on GitHub" height="70"> <img src="https://fdroid.gitlab.io/artwork/badge/get-it-on.png" alt="Get it on F-Droid" height="70">
Contributing
Issues can be logged on: https://gitworkshop.dev/greenart7c3@greenart7c3.com/Amber
GitHub issues and pull requests here are also welcome. Translations can be provided via Crowdin
You can also send patches through Nostr using GitStr to this nostr address
By contributing to this repository, you agree to license your work under the MIT license. Any work contributed where you are not the original author must contain its license header with the original author(s) and source.
Security and Verification
🔐 All releases are cryptographically signed with GPG for your security.
Before installing any APK from our releases, we strongly recommend verifying its authenticity to ensure it hasn't been tampered with.
📋 View Release Verification Guide
The verification process involves:
- Importing our GPG public key
- Verifying the release manifest signature
- Checking file integrity with SHA256 hashes
GPG Key Details:
- Key ID:
44F0AAEB77F373747E3D5444885822EED3A26A6D - Fingerprint:
44F0 AAEB 77F3 7374 7E3D 5444 8858 22EE D3A2 6A6D - User ID:
greenart7c3 <greenart7c3@proton.me>
Quick verification:
# Import the signing key
gpg --keyserver hkps://keys.openpgp.org --recv-keys 44F0AAEB77F373747E3D5444885822EED3A26A6D
# Verify a release (example for v1.0.0)
gpg --verify manifest-v1.0.0.txt.sig manifest-v1.0.0.txt
⚠️ Security Notice: Only download releases from this official GitHub repository. If GPG verification fails, do not install the APK and report it as a security issue.
Verifying Reproducibility of Amber
To confirm that the Amber build is reproducible, follow these steps:
- Run the following command to build the image with no cache and specified version:
docker build -t amber-repro --progress=plain --no-cache --build-arg VERSION=v4.0.2 --build-arg APK_TYPE=free-arm64-v8a .
- After the image is built, run the container:
docker run --rm amber-repro
- You should see the following message indicating success:
APKs match!
Certificate fingerprint for AppVerifier
com.greenart7c3.nostrsigner
E8:AB:8C:69:33:3B:68:63:6D:D4:6C:E2:42:40:8C:79:55:3A:7F:D9:05:5D:05:4D:61:DA:AB:AB:AD:A5:3B:BF
fdroid
com.greenart7c3.nostrsigner
56:DC:63:19:96:A5:5C:22:84:79:04:48:C7:DC:9F:1D:D0:5D:F5:96:B2:CE:48:82:31:36:33:F5:60:2E:5F:E4
Usage
Check NIP 55 and NIP 46 for more information.
