[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-4926":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":16,"stars7d":17,"stars30d":18,"stars90d":16,"forks30d":16,"starsTrendScore":15,"compositeScore":19,"rankGlobal":10,"rankLanguage":10,"license":20,"archived":21,"fork":21,"defaultBranch":22,"hasWiki":23,"hasPages":23,"topics":24,"createdAt":10,"pushedAt":10,"updatedAt":29,"readmeContent":30,"aiSummary":31,"trendingCount":16,"starSnapshotCount":16,"syncStatus":17,"lastSyncTime":32,"discoverSource":33},4926,"opennhp","OpenNHP\u002Fopennhp","OpenNHP","A lightweight, cryptography-powered, open-source toolkit built to enforce Zero Trust security for infrastructure, applications, and data in the AI-driven world.","http:\u002F\u002Fopennhp.org\u002F",null,"Go",13796,2490,829,1,0,2,13,72.3,"Apache License 2.0",false,"main",true,[25,26,27,28],"cybersecurity","zero-trust","zero-trust-network-access","zero-trust-security","2026-06-12 04:00:24","[![en](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Flang-en-green.svg)](https:\u002F\u002Fgithub.com\u002FOpenNHP\u002Fopennhp\u002Fblob\u002Fmaster\u002FREADME.md)\n[![zh-cn](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Flang-zh--cn-green.svg)](https:\u002F\u002Fgithub.com\u002FOpenNHP\u002Fopennhp\u002Fblob\u002Fmaster\u002FREADME.zh-cn.md)\n[![zh-tw](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Flang-zh--tw-green.svg)](https:\u002F\u002Fgithub.com\u002FOpenNHP\u002Fopennhp\u002Fblob\u002Fmaster\u002FREADME.zh-tw.md)\n[![de](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Flang-de-green.svg)](https:\u002F\u002Fgithub.com\u002FOpenNHP\u002Fopennhp\u002Fblob\u002Fmaster\u002FREADME.de.md)\n[![ja](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Flang-ja-green.svg)](https:\u002F\u002Fgithub.com\u002FOpenNHP\u002Fopennhp\u002Fblob\u002Fmaster\u002FREADME.ja.md)\n[![fr](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Flang-fr-green.svg)](https:\u002F\u002Fgithub.com\u002FOpenNHP\u002Fopennhp\u002Fblob\u002Fmaster\u002FREADME.fr.md)\n[![es](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Flang-es-green.svg)](https:\u002F\u002Fgithub.com\u002FOpenNHP\u002Fopennhp\u002Fblob\u002Fmaster\u002FREADME.es.md)\n\n![OpenNHP Logo](docs\u002Fimages\u002Flogo11.png)\n\n# OpenNHP: Open Source Zero Trust Security Toolkit\n\n[![Build](https:\u002F\u002Fgithub.com\u002FOpenNHP\u002Fopennhp\u002Factions\u002Fworkflows\u002Fubuntu-build.yml\u002Fbadge.svg)](https:\u002F\u002Fgithub.com\u002FOpenNHP\u002Fopennhp\u002Factions\u002Fworkflows\u002Fubuntu-build.yml)\n[![Release](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fv\u002Ftag\u002FOpenNHP\u002Fopennhp?label=release)](https:\u002F\u002Fgithub.com\u002FOpenNHP\u002Fopennhp\u002Ftags)\n![License](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Flicense-Apache%202.0-green)\n[![codecov](https:\u002F\u002Fcodecov.io\u002Fgh\u002FOpenNHP\u002Fopennhp\u002Fbranch\u002Fmain\u002Fgraph\u002Fbadge.svg)](https:\u002F\u002Fcodecov.io\u002Fgh\u002FOpenNHP\u002Fopennhp)\n[![Ask DeepWiki](https:\u002F\u002Fdeepwiki.com\u002Fbadge.svg)](https:\u002F\u002Fdeepwiki.com\u002FOpenNHP\u002Fopennhp)\n\n**OpenNHP** is a lightweight, cryptography-powered, open-source toolkit implementing Zero Trust security for infrastructure, applications, and data. It is the reference implementation of the [**Cloud Security Alliance (CSA)**](https:\u002F\u002Fcloudsecurityalliance.org\u002F) *[Network-infrastructure Hiding Protocol (NHP) specification](https:\u002F\u002Fcloudsecurityalliance.org\u002Fartifacts\u002Fstealth-mode-sdp-for-zero-trust-network-infrastructure)*, and features two core protocols:\n\n- **Network-infrastructure Hiding Protocol (NHP):** Conceals server ports, IP addresses, and domain names to protect applications and infrastructure from unauthorized access.\n- **Data-content Hiding Protocol (DHP):** Ensures data security and privacy via encryption and confidential computing, making data *\"usable but not visible.\"*\n\n**[Website](https:\u002F\u002Fopennhp.org) · [Vision](https:\u002F\u002Fopennhp.org\u002Fvision\u002F) · [Live Demo](https:\u002F\u002Fopennhp.org\u002Fdemo\u002F) · [Documentation](https:\u002F\u002Fdocs.opennhp.org) · [Discord](https:\u002F\u002Fdiscord.gg\u002FCpyVmspx5x)**\n\n---\n\n## Why OpenNHP\n\nThe modern internet is a [dark forest](https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FDark_forest_hypothesis). Attackers — increasingly backed by LLMs that scan, fingerprint, and exploit at machine speed via [Autonomous Vulnerability Exploitation](https:\u002F\u002Farxiv.org\u002Fabs\u002F2404.08144) — treat every reachable service as a target. [Gartner projects](https:\u002F\u002Fwww.gartner.com\u002Fen\u002Fnewsroom\u002Fpress-releases\u002F2024-08-28-gartner-forecasts-global-information-security-spending-to-grow-15-percent-in-2025) AI-driven cyberattacks will rise rapidly. Traditional defenses authenticate users *after* the network lets them in, leaving exposed ports, IPs, and domains as a permanent attack surface.\n\n> **In the AI era, VISIBILITY = VULNERABILITY.**\n\nOpenNHP inverts that model: **invisible until trusted.** Every port, IP, and hostname sits behind a default-deny gate. Access is granted only after a cryptographically signed knock is authenticated and authorized out-of-band. Attackers can't exploit what they can't discover.\n\n### The third-generation network hiding protocol\n\nNHP is the next step in a line of \"hide the service first\" designs:\n\n| Generation | Protocol | Limitations |\n|---|---|---|\n| 1 | Port Knocking | Plaintext, replay-prone |\n| 2 | Single Packet Authorization (SPA) | Shared secrets, one-way, typically hides ports only, typically C\u002FC++ |\n| **3** | **NHP** | Modern crypto, bi-directional with status, hides domain + IP + ports, stateless and horizontally scalable, memory-safe Go |\n\nNHP slots in alongside existing IAM, DNS, FIDO, and Zero Trust policy engines rather than replacing them — it extends your stack instead of forking it.\n\n---\n\n## Architecture\n\nOpenNHP follows a modular design with three core components, inspired by the [NIST Zero Trust Architecture](https:\u002F\u002Fwww.nist.gov\u002Fpublications\u002Fzero-trust-architecture):\n\n![OpenNHP architecture](docs\u002Fimages\u002FOpenNHP_Arch.gif)\n\n| Core Component | Role |\n|-----------|------|\n| **NHP-Agent** | Client that sends encrypted knock requests to gain access |\n| **NHP-Server** | Authenticates and authorizes requests; runs separately and is architecturally decoupled from the protected host |\n| **NHP-AC** | Access controller that manages firewall rules on the protected server |\n\n| Addon Component | Role |\n|-----------|------|\n| **NHP-Relay** | HTTP-to-UDP bridge enabling browser-based agents to send NHP knocks via HTTPS |\n| **NHP-KGC** | Key Generation Center for Identity-Based Cryptography (IBC) |\n\n### Protocol flow\n\n1. Agent sends an encrypted knock (`NHP_KNK`) to the Server.\n2. Server validates the knock and sends an operation request (`NHP_AOP`) to the AC.\n3. AC opens the firewall and replies (`NHP_ART`) to the Server.\n4. Server returns an acknowledgment (`NHP_ACK`) with access info to the Agent.\n5. Agent reaches the protected resource through the AC.\n\n### Cryptography\n\nOpenNHP ships with two interchangeable cipher suites:\n\n- **`CIPHER_SCHEME_CURVE`** — Curve25519 + AES-256-GCM + BLAKE2s\n- **`CIPHER_SCHEME_GMSM`** — SM2 + SM4-GCM + SM3\n\nBoth are driven by the [Noise Protocol Framework](https:\u002F\u002Fnoiseprotocol.org\u002F). An Identity-Based Cryptography (IBC) mode is available via the Key Generation Center (KGC).\n\n> For protocol details, deployment models, and cryptographic design, see the [documentation](https:\u002F\u002Fdocs.opennhp.org).\n\n---\n\n## Repository Structure\n\n```\nopennhp\u002F\n├── nhp\u002F              # Core protocol library (Go module)\n│   ├── core\u002F         # Packet handling, cryptography, Noise Protocol, device management\n│   ├── common\u002F       # Shared types and message definitions\n│   ├── utils\u002F        # Utility functions\n│   ├── plugins\u002F      # Plugin handler interfaces\n│   ├── log\u002F          # Logging infrastructure\n│   └── etcd\u002F         # Distributed configuration support\n└── endpoints\u002F        # Daemon implementations (Go module, depends on nhp)\n    ├── agent\u002F        # NHP-Agent daemon\n    ├── server\u002F       # NHP-Server daemon\n    ├── ac\u002F           # NHP-AC (access controller) daemon\n    ├── db\u002F           # NHP-DB (Data Broker for DHP)\n    ├── kgc\u002F          # NHP-KGC (Key Generation Center)\n    └── relay\u002F        # NHP-Relay daemon\n```\n\n---\n\n## Quick Start\n\n### Prerequisites\n\n- Go 1.25.6+\n- `make`\n- Docker and Docker Compose (for the full-stack demo)\n\n### Build\n\n```bash\n# Build all components\nmake\n\n# Build individual daemons\nmake agentd    # NHP-Agent\nmake serverd   # NHP-Server\nmake acd       # NHP-AC\nmake db        # NHP-DB\nmake relayd    # NHP-Relay\nmake kgc       # NHP-KGC\n\n```\n\n### Test\n\n```bash\ncd nhp && go test .\u002F...\ncd endpoints && go test .\u002F...\n```\n\n### Run with Docker\n\n```bash\ncd docker && docker-compose up --build\n```\n\nFollow the [Quick Start tutorial](https:\u002F\u002Fdocs.opennhp.org\u002Fnhp_quick_start\u002F) to simulate the full authentication workflow in a Docker environment.\n\n---\n\n## Contributing\n\nWe welcome contributions! Please read [CONTRIBUTING.md](CONTRIBUTING.md) before submitting pull requests.\n\n**Note:** All commits must be signed with a verified GPG or SSH key.\n\n```bash\ngit commit -S -m \"your message\"\n```\n\n---\n\n## Security\n\nFound a vulnerability? Please follow the responsible-disclosure process in [SECURITY.md](SECURITY.md) rather than opening a public issue.\n\n---\n\n## Sponsors\n\n\u003Ca href=\"https:\u002F\u002Flayerv.ai\">\n  \u003Cimg src=\"docs\u002Fimages\u002Flayerv_logo.png\" height=\"40\" alt=\"LayerV.ai logo\">\n\u003C\u002Fa>\n\n---\n\n## License\n\nReleased under the [Apache 2.0 License](LICENSE).\n\n## Contact\n\n- Email: [support@opennhp.org](mailto:support@opennhp.org)\n- Discord: [Join our Discord](https:\u002F\u002Fdiscord.gg\u002FCpyVmspx5x)\n- Website: [https:\u002F\u002Fopennhp.org](https:\u002F\u002Fopennhp.org)\n","OpenNHP 是一个轻量级、基于密码学的开源工具包，旨在为基础设施、应用程序和数据实施零信任安全。其核心功能包括网络基础设施隐藏协议（NHP）和数据内容隐藏协议（DHP），前者通过隐藏服务器端口、IP 地址和域名来保护应用和基础设施免受未经授权的访问，后者则通过加密和机密计算确保数据的安全性和隐私性，使数据“可用但不可见”。该项目适用于需要在AI驱动的世界中加强网络安全防护的各种场景，如企业内部网络、云服务以及对数据敏感的应用程序。采用Go语言编写，并遵循Apache License 2.0许可协议。","2026-06-11 03:01:32","top_language"]