README.md
OpenNHP is a lightweight, cryptography-powered, open-source toolkit implementing Zero Trust security for infrastructure, applications, and data. It features two core protocols:
Website · Documentation · Live Demo · Discord
OpenNHP follows a modular design with three core components, inspired by the NIST Zero Trust Architecture:
| Component | Role |
|---|---|
| NHP-Agent | Client that sends encrypted knock requests to gain access |
| NHP-Server | Authenticates and authorizes requests; decoupled from protected resources |
| NHP-AC | Access controller that manages firewall rules on the protected server |
For protocol details, deployment models, and cryptographic design, see the documentation.
opennhp/
├── nhp/ # Core protocol library (Go module)
│ ├── core/ # Packet handling, cryptography, Noise Protocol, device management
│ ├── common/ # Shared types and message definitions
│ ├── utils/ # Utility functions
│ ├── plugins/ # Plugin handler interfaces
│ ├── log/ # Logging infrastructure
│ └── etcd/ # Distributed configuration support
└── endpoints/ # Daemon implementations (Go module, depends on nhp)
├── agent/ # NHP-Agent daemon
├── server/ # NHP-Server daemon
├── ac/ # NHP-AC (access controller) daemon
├── db/ # NHP-DB (data object backend for DHP)
├── kgc/ # Key Generation Center (IBC)
└── relay/ # TCP relay
make# Build all components
make
# Build individual daemons
make agentd # NHP-Agent
make serverd # NHP-Server
make acd # NHP-AC
make db # NHP-DB
make kgc # Key Generation Center
cd nhp && go test ./...
cd endpoints && go test ./...
cd docker && docker-compose up --build
Follow the Quick Start tutorial to simulate the full authentication workflow in a Docker environment.
We welcome contributions! Please read CONTRIBUTING.md before submitting pull requests.
Note: All commits must be signed with a verified GPG or SSH key.
git commit -S -m "your message"
Released under the Apache 2.0 License.