Jason Tudisco
0058d9b421
Adds the canonical wallet-style backup form (12 or 24 BIP-39 English
words) to both implementations. Wire-compatible — bit-identical seed
derivation across Rust and Node.
Semantics:
• 24 words ↔ 32 bytes of entropy ↔ Ed25519 seed (bijection).
Phrase ↔ seed round-trips exactly.
• 12 words → 16 bytes of entropy → seed via
SHA-256("kez-bip39-12-v1" || entropy). Deterministic but one-way;
you can't recover a 12-word phrase from a seed.
The 12-word case is KEZ-specific (not interoperable with hardware-
wallet BIP-32 derivations). The 24-word case is. Both use the BIP-39
English wordlist so users can paper-back-up alongside other wallets.
We deliberately do NOT use BIP-39's PBKDF2 to_seed(passphrase) — that
produces a 64-byte seed for BIP-32 hierarchical derivation, which is
the wrong primitive for KEZ's single-identity-per-phrase model.
Rust (kez-core):
• New mod mnemonic with MnemonicWords, generate_mnemonic,
seed_from_mnemonic, mnemonic_from_seed_24.
• Ed25519Secret::{from_mnemonic, generate_with_mnemonic}.
• Dep: bip39 v2.0 with the `rand` feature for OS-RNG generation.
• 9 unit tests, all green.
Rust (kez-cli):
• `identity new --key-type ed25519` now also prints a 24-word phrase
(default), with --mnemonic-words 12 to use 12 instead.
• `identity mnemonic [--words 12|24]` — print a fresh phrase only.
• `identity from-mnemonic "<phrase>"` — derive the key from a phrase.
• `--mnemonic <phrase>` is now accepted everywhere `--ed25519-seed
<hex>` was (claim create/dns, sigchain add/revoke/show/export/
publish), mutually exclusive with --ed25519-seed and --nsec via
clap conflicts_with_all.
Node (@kez/core):
• New mnemonic.ts with the parallel API:
generateMnemonic, seedFromMnemonic, mnemonicFromSeed24,
ed25519FromMnemonic, generateEd25519WithMnemonic.
• Dep: @scure/bip39 v2.x (note: import path is
"@scure/bip39/wordlists/english.js" with the .js suffix in v2).
• 8 vitest cases mirroring the Rust tests, all green.
Node (@kez/cli):
• Same CLI surface added: identity new --mnemonic-words 12|24,
identity mnemonic --words 12|24, identity from-mnemonic "<phrase>".
• --mnemonic flag accepted alongside --nsec / --ed25519-seed in the
flag parser, with mutex enforcement; loadSigner dispatches it.
Verified cross-implementation interop:
• Same 24-word phrase → identical Ed25519 pubkey in Rust and Node.
• Same 12-word phrase → identical pubkey (proves the SHA-256
domain-tagged derivation matches byte-for-byte).
• A claim signed in Rust with --mnemonic verifies in Node (Status:
valid).
Tests: 114 Rust + 99 Node total, zero regressions.
TUTORIAL.md updated in both rust/ and nodejs/ with the new section in
"Pick your primary key" plus a callout that --mnemonic can substitute
for --ed25519-seed throughout the rest of the tutorial.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
KEZ — Node.js Implementation
TypeScript port of KEZ, structurally mirroring the
Rust implementation — three packages (core, channels,
cli) with the same CLI surface, the same proof formats, and the same
five channel plugins. Wire-compatible with the Rust version: a claim signed
in Rust verifies in Node and vice versa.
nodejs/
├── package.json npm workspaces root
├── tsconfig.base.json
├── packages/
│ ├── kez-core/ Types, signing, verification, JCS, all four encodings
│ ├── kez-channels/ One file per channel (github, dns, nostr, bluesky, activitypub)
│ └── kez-cli/ Thin CLI dispatching through the channel registry
└── README.md (this file)
New to KEZ? Read
TUTORIAL.md— a friendly step-by-step walkthrough that takes you from "I have a nostrnsec" to "I have a verified, published sigchain." It assumes nothing.This README is the reference; the tutorial is the on-ramp.
Requirements
- Node.js 22+ (for the built-in WebSocket the nostr channel uses)
- npm 9+ (for
workspaces)
Install & test
npm install # one-time
npm test # runs all packages' vitest suites
npm run typecheck # strict tsc --build across all packages
CLI
The CLI mirrors the Rust CLI exactly. Run it via the workspace script:
# Create a key
npm run cli -- identity new
# Sign a claim — pick either key type
npm run cli -- claim create github:jason --nsec nsec1... --format markdown --out github.kez.md
npm run cli -- claim create github:jason --ed25519-seed <64-char-hex> --format markdown --out github.kez.md
# Generate an ed25519 identity instead of nostr
npm run cli -- identity new --key-type ed25519
# Local sigchain (state at ~/.kez/sigchains/<safe-primary>.jsonl)
npm run cli -- sigchain add github:jason --nsec nsec1...
npm run cli -- sigchain revoke github:jason --nsec nsec1...
npm run cli -- sigchain show --nsec nsec1...
npm run cli -- sigchain export --nsec nsec1... --format jsonl
# Publish the sigchain to one or more destinations
npm run cli -- sigchain publish --nsec nsec1... \
--server http://localhost:7878 \
--web --out chain.jsonl \
--dns example.com \
--nostr wss://relay.damus.io
# Verify a local file
npm run cli -- verify file github.kez.md
# Verify any KEZ identifier over the network
npm run cli -- verify id github:jason
npm run cli -- verify id dns:jason.example.com
npm run cli -- verify id nostr:npub1...
npm run cli -- verify id bluesky:jason.bsky.social
npm run cli -- verify id ap:@jason@mastodon.social
npm run cli -- verify id mastodon:@jason@mastodon.social
Channels
| File | System | Implementation |
|---|---|---|
dns.ts |
dns: |
Node dns/promises resolver, abstracted behind TxtResolver for testing |
github.ts |
github: |
fetch against the public REST API, no auth |
nostr.ts |
nostr: |
Built-in WebSocket to default relays, abstracted behind NostrFetcher |
bluesky.ts |
bluesky: |
fetch against the public Bluesky AppView, no auth |
activitypub.ts |
ap:, mastodon: |
WebFinger + actor JSON, no auth |
Each channel implements:
interface Channel {
readonly system: string;
fetchAndVerify(identity: Identity): Promise<ChannelHit>;
}
…and is registered in Registry. Adding a new channel is one file + one
r.register(new MyChannel()) line in
defaultRegistry.
Library use
import { Identity } from "@kez/core";
import { defaultRegistry } from "@kez/channels";
const registry = await defaultRegistry();
const hit = await registry.verify(Identity.parse("github:jason"));
console.log(hit.status); // VerificationStatus
Crypto stack
- Schnorr signatures —
@noble/curves/secp256k1(BIP-340) - SHA-256 —
@noble/hashes/sha2 - bech32 (npub/nsec) —
@scure/base - JCS (RFC 8785) —
canonicalize - zstd —
fzstd(pure JS, no native deps) - base64url —
@scure/base - HTTP — Node 18+ built-in
fetch - WebSocket — Node 22+ built-in
WebSocket - DNS TXT — Node
dns/promises
No native dependencies. Runs on Node, Bun, and (mostly) Deno.
Cross-implementation interop
The whole point of having two implementations is to demonstrate that the
proof format is portable. The repo root has a crosstest.sh script that
generates artifacts in Rust and verifies them in Node, and vice versa. See
../README.md for the runner.
Tests
npm test # full suite
npx vitest run --project core # one workspace package
The test suite hits no network — HTTP channels use an injected fetch,
DNS uses a TxtResolver interface, nostr uses a NostrFetcher interface.
License
Dual-licensed under MIT or Apache-2.0.