OpenNHP / opennhp
A lightweight, cryptography-powered, open-source toolkit built to enforce Zero Trust security for infrastructure, applications, and data in the AI-driven world.
AI Architecture Analysis
This repository is indexed by RepoMind. By analyzing OpenNHP/opennhp in our AI interface, you can instantly generate complete architecture diagrams, visualize control flows, and perform automated security audits across the entire codebase.
Our Agentic Context Augmented Generation (Agentic CAG) engine loads full source files into context, avoiding the fragmentation of traditional RAG systems. Ask questions about the architecture, dependencies, or specific features to see it in action.
Embed this Badge
Showcase RepoMind's analysis directly in your repository's README.
Repository Summary (README)
Preview
OpenNHP: Open Source Zero Trust Security Toolkit
OpenNHP is a lightweight, cryptography-powered, open-source toolkit implementing Zero Trust security for infrastructure, applications, and data. It features two core protocols:
- Network-infrastructure Hiding Protocol (NHP): Conceals server ports, IP addresses, and domain names to protect applications and infrastructure from unauthorized access.
- Data-object Hiding Protocol (DHP): Ensures data security and privacy via encryption and confidential computing, making data "usable but not visible."
Website · Documentation · Live Demo · Discord
Architecture
OpenNHP follows a modular design with three core components, inspired by the NIST Zero Trust Architecture:
| Component | Role |
|---|---|
| NHP-Agent | Client that sends encrypted knock requests to gain access |
| NHP-Server | Authenticates and authorizes requests; decoupled from protected resources |
| NHP-AC | Access controller that manages firewall rules on the protected server |
For protocol details, deployment models, and cryptographic design, see the documentation.
Repository Structure
opennhp/
├── nhp/ # Core protocol library (Go module)
│ ├── core/ # Packet handling, cryptography, Noise Protocol, device management
│ ├── common/ # Shared types and message definitions
│ ├── utils/ # Utility functions
│ ├── plugins/ # Plugin handler interfaces
│ ├── log/ # Logging infrastructure
│ └── etcd/ # Distributed configuration support
└── endpoints/ # Daemon implementations (Go module, depends on nhp)
├── agent/ # NHP-Agent daemon
├── server/ # NHP-Server daemon
├── ac/ # NHP-AC (access controller) daemon
├── db/ # NHP-DB (data object backend for DHP)
├── kgc/ # Key Generation Center (IBC)
└── relay/ # TCP relay
Quick Start
Prerequisites
- Go 1.25.6+
make- Docker and Docker Compose (for the full-stack demo)
Build
# Build all components
make
# Build individual daemons
make agentd # NHP-Agent
make serverd # NHP-Server
make acd # NHP-AC
make db # NHP-DB
make kgc # Key Generation Center
Test
cd nhp && go test ./...
cd endpoints && go test ./...
Run with Docker
cd docker && docker-compose up --build
Follow the Quick Start tutorial to simulate the full authentication workflow in a Docker environment.
Contributing
We welcome contributions! Please read CONTRIBUTING.md before submitting pull requests.
Note: All commits must be signed with a verified GPG or SSH key.
git commit -S -m "your message"
Sponsors
<a href="https://layerv.ai"> <img src="docs/images/layerv_logo.png" width="80" alt="LayerV.ai"> <br> <img src="docs/images/layerv_text.svg" width="120" alt="LayerV.ai"> </a>License
Released under the Apache 2.0 License.
Contact
- Email: support@opennhp.org
- Discord: Join our Discord
- Website: https://opennhp.org