Amber is a nostr event signer for Android. It allows users to keep their nsec segregated in a single, dedicated app. The goal of Amber is to have your smartphone act as a NIP-46 signing device without any need for servers or additional hardware. "Private keys should be exposed to as few systems as possible as each system adds to the attack surface," as the rationale of said NIP states. In addition to native apps, Amber aims to support all current nostr web applications without requiring any extensions or web servers.

• Offline
• Use nip-46 or make an addendum in nip-46
• Improve the ui (currently its showing a text with the raw json of the event)
• Check if we can use Amber to sign the events of web applications
• Change the sign button to just copy the signature of the event
• Use content provider to sign events in background when you checked the remember my choice option on android
• Support for multiple accounts

Issues can be logged on: https://gitworkshop.dev/[email protected]/Amber

GitHub issues and pull requests here are also welcome. Translations can be provided via Crowdin

You can also send patches through Nostr using GitStr to this nostr address

By contributing to this repository, you agree to license your work under the MIT license. Any work contributed where you are not the original author must contain its license header with the original author(s) and source.

🔐 All releases are cryptographically signed with GPG for your security.

Before installing any APK from our releases, we strongly recommend verifying its authenticity to ensure it hasn't been tampered with.

📋 View Release Verification Guide

The verification process involves:

1. Importing our GPG public key
2. Verifying the release manifest signature
3. Checking file integrity with SHA256 hashes

GPG Key Details:

• Key ID: 44F0AAEB77F373747E3D5444885822EED3A26A6D
• Fingerprint: 44F0 AAEB 77F3 7374 7E3D 5444 8858 22EE D3A2 6A6D
• User ID: greenart7c3 <[email protected]>

Quick verification:

# Import the signing key
gpg --keyserver hkps://keys.openpgp.org --recv-keys 44F0AAEB77F373747E3D5444885822EED3A26A6D

# Verify a release (example for v1.0.0)
gpg --verify manifest-v1.0.0.txt.sig manifest-v1.0.0.txt

⚠️ Security Notice: Only download releases from this official GitHub repository. If GPG verification fails, do not install the APK and report it as a security issue.

To confirm that the Amber build is reproducible, follow these steps:

1. Run the following command to build the image with no cache and specified version:

docker build -t amber-repro --progress=plain --no-cache --build-arg VERSION=v4.0.2 --build-arg APK_TYPE=free-arm64-v8a .

2. After the image is built, run the container:

docker run --rm amber-repro

3. You should see the following message indicating success:

APKs match!

Check NIP 55 and NIP 46 for more information.