Thanks to visit codestin.com
Credit goes to github.com

Skip to content
/ opennhp Public

A lightweight, cryptography-powered, open-source toolkit built to enforce Zero Trust security for infrastructure, applications, and data in the AI-driven world.

opennhp.org/

License

Apache-2.0 license
13.8k stars 2.5k forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

OpenNHP/opennhp

BranchesTags

Repository files navigation

en zh-cn de ja fr es

OpenNHP Logo

OpenNHP: Open Source Zero Trust Security Toolkit

Build Status Version License codecov Ask DeepWiki

OpenNHP is a lightweight, cryptography-powered, open-source toolkit implementing Zero Trust security for infrastructure, applications, and data. It features two core protocols:

  • Network-infrastructure Hiding Protocol (NHP): Conceals server ports, IP addresses, and domain names to protect applications and infrastructure from unauthorized access.
  • Data-object Hiding Protocol (DHP): Ensures data security and privacy via encryption and confidential computing, making data "usable but not visible."

Website · Documentation · Live Demo · Discord

Architecture

OpenNHP follows a modular design with three core components, inspired by the NIST Zero Trust Architecture:

OpenNHP architecture

Component Role
NHP-Agent Client that sends encrypted knock requests to gain access
NHP-Server Authenticates and authorizes requests; decoupled from protected resources
NHP-AC Access controller that manages firewall rules on the protected server

For protocol details, deployment models, and cryptographic design, see the documentation.

Repository Structure

opennhp/
├── nhp/              # Core protocol library (Go module)
│   ├── core/         # Packet handling, cryptography, Noise Protocol, device management
│   ├── common/       # Shared types and message definitions
│   ├── utils/        # Utility functions
│   ├── plugins/      # Plugin handler interfaces
│   ├── log/          # Logging infrastructure
│   └── etcd/         # Distributed configuration support
└── endpoints/        # Daemon implementations (Go module, depends on nhp)
    ├── agent/        # NHP-Agent daemon
    ├── server/        # NHP-Server daemon
    ├── ac/           # NHP-AC (access controller) daemon
    ├── db/           # NHP-DB (data object backend for DHP)
    ├── kgc/          # Key Generation Center (IBC)
    └── relay/        # TCP relay

Quick Start

Prerequisites

  • Go 1.25.6+
  • make
  • Docker and Docker Compose (for the full-stack demo)

Build

# Build all components
make

# Build individual daemons
make agentd    # NHP-Agent
make serverd   # NHP-Server
make acd       # NHP-AC
make db        # NHP-DB
make kgc       # Key Generation Center

Test

cd nhp && go test ./...
cd endpoints && go test ./...

Run with Docker

cd docker && docker-compose up --build

Follow the Quick Start tutorial to simulate the full authentication workflow in a Docker environment.

Contributing

We welcome contributions! Please read CONTRIBUTING.md before submitting pull requests.

Note: All commits must be signed with a verified GPG or SSH key.

git commit -S -m "your message"

Sponsors

LayerV.ai
LayerV.ai

License

Released under the Apache 2.0 License.

Contact

About

A lightweight, cryptography-powered, open-source toolkit built to enforce Zero Trust security for infrastructure, applications, and data in the AI-driven world.

opennhp.org/

Topics

cybersecurity zero-trust zero-trust-network-access zero-trust-security

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

13.8k stars

Watchers

832 watching

Forks

2.5k forks
Report repository

Releases

5 tags

Packages

No packages published

Contributors 40

+ 26 contributors

Languages