NostrKey Python SDK

Give your AI its own cryptographic identity

Why?

AI agents need identity. Not a shared API key — their own keypair, their own signature, their own verifiable presence on an open protocol.

Sign its own work — every post, response, or action is cryptographically signed and verifiable
Send and receive encrypted messages — private communication using NIP-44 encryption, no platform middleman
Persist memory across sessions — save encrypted identity files and reload them
Publish to the Nostr network — your bot is a first-class participant, not a wrapper around someone else's account
Delegate sensitive actions to a human — via NIP-46 bunker, your bot can request its human sponsor to co-sign high-stakes events

Install

pip install nostrkey

Requires Python 3.10 – 3.14. Dependencies: cryptography, websockets, bech32. No C compiler needed.

Quick Start

Create an Identity

from nostrkey import Identity

# Create a new AI identity
bot = Identity.generate()
print(f"npub: {bot.npub}")
print(f"nsec: {bot.nsec}")

# Sign a Nostr event
event = bot.sign_event(
    kind=1,
    content="Hello from an OpenClaw bot!",
    tags=[]
)

Publish to a Relay

import asyncio
from nostrkey.relay import RelayClient

async def publish():
    async with RelayClient("wss://relay.damus.io") as relay:
        await relay.publish(event)

asyncio.run(publish())

Save & Load Identity

# Save identity to file (encrypted)
bot.save("my-bot.nostrkey", passphrase="strong-passphrase")

# Load it back
bot = Identity.load("my-bot.nostrkey", passphrase="strong-passphrase")

NIP-44 Encryption

from nostrkey.crypto import encrypt, decrypt

# Encrypt a message to another npub
ciphertext = encrypt(
    sender_nsec=bot.nsec,
    recipient_npub="npub1abc...",
    plaintext="secret message"
)

# Decrypt a message
plaintext = decrypt(
    recipient_nsec=bot.nsec,
    sender_npub="npub1abc...",
    ciphertext=ciphertext
)

NIP-46 Bunker (Delegated Signing)

When your bot needs its human sponsor to co-sign:

from nostrkey.bunker import BunkerClient

async def delegated_sign():
    bunker = BunkerClient(bot.private_key_hex)
    await bunker.connect("bunker://npub1human...?relay=wss://relay.damus.io")

    # Request the human to sign an event
    signed = await bunker.sign_event(kind=1, content="Human-approved message")

Modules

nostrkey.identity

High-level identity management. Generate, import, sign, save, and load identities.

nostrkey.keys

Keypair generation, bech32 encoding (npub/nsec), and hex conversion.

nostrkey.events

Create, serialize, hash, and sign Nostr events (NIP-01).

nostrkey.crypto

NIP-44 versioned encryption and decryption for private data.

nostrkey.bunker

NIP-46 bunker client for delegated signing to a human sponsor.

nostrkey.relay

Async WebSocket relay client. Publish events, subscribe to filters.

NIPs Implemented

NIP	What
NIP-01	Basic protocol — events, signing, verification
NIP-04	Encrypted DMs (legacy, for compatibility)
NIP-19	Bech32 encoding — npub, nsec, note
NIP-44	Versioned encryption (ECDH + HKDF + ChaCha20)
NIP-46	Nostr Connect — bunker / delegated signing

OpenClaw Skill

NostrKey is available as an OpenClaw skill on ClawHub so AI agents can discover and use it automatically.

clawhub install nostrkey

The skill teaches OpenClaw agents how to generate identities, sign events, encrypt messages, and persist keys — all using the nostrkey pip package under the hood.

Part of the OpenClaw ecosystem. NostrKey is the identity pillar — the foundation that the other OpenClaw skills build on. Learn more about OpenClaw.

Links

Source on GitHub PyPI Package ClawHub Skill OpenClaw Docs