The Sovereign Protocol – Architecture of an Unconfiscatable Digital Identity

We live in an era of digital feudalism. On platforms like X (formerly Twitter), Instagram or LinkedIn, you are merely a tenant. Your account, your reach, and your reputation are a "rental agreement" that can be terminated at any moment with a simple database command.

A true owner accepts no uncovered liabilities. That's why we move from platforms (centralized) to protocols (decentralized).

In Nostr, your identity is not an entry on a Silicon Valley corporation's server, but a mathematical proof. Your private key (nsec) is the equivalent of a gold bar in the vault. Whoever holds the key, is the identity.

This guide describes the pragmatic path that is the only sensible one for most security-minded users: Key is generated in the signer and stays there. The client only gets the npub — and signatures.

Part I: The Preparation (The Clean Room)

Do not create your identity in an environment you don't trust. If you're running GrapheneOS: perfect. If not: lock it down as much as possible.

The Tools

• Smartphone: Android (ideally GrapheneOS). Airplane mode must be possible.
• Signer: Amber (generates and stores the key).
  Optional: There is also an "offline" variant of Amber (in the releases as amber-offline-...), if you want to keep the signer as silent as possible.
• Client: Primal (or Amethyst) — but only via External Signer.

Part II: The Genesis (Key Generation Directly in Amber)

We don't let some random website generate the key. We generate it where it belongs: in the signer.

1. Enable airplane mode. Optional: also disable Wi-Fi/Bluetooth.
2. Open Amber and select "Create new account" / "Create new".
3. Amber generates a new keypair (private key + public key).
4. Secure Amber immediately: PIN/biometrics, system lock active.

GrapheneOS Extra: Disable Network Permission for Amber

If you're running GrapheneOS, you can harden Amber further: revoke the Network permission from Amber. This cuts off Amber's network access — keeping it a pure signer.

• Settings → Apps → Amber → Permissions → Network → OFF
• If you ever want to use Amber for network-based features, you'll need to re-enable Network. For pure signing in combination with a client, "Network OFF" is a very clean setup.

Part III: The Interface (Primal)

Now we install the client — the window to the world. We use Primal for its speed and user experience (Amethyst is a valid alternative).

The Critical Moment

On first launch, Primal asks for a login. Millions of users type their nsec here. You don't.

• Choose "Log in with External Signer" (or the key icon).
• Primal calls Amber as External Signer.
• Amber asks: "Primal requests your public key. Allow?"
• Confirm this.

What just happened? Primal only received your public key (npub). Primal does not know the secret.

When you post:

1. Primal composes the text.
2. Primal sends the signing request to Amber.
3. You confirm in Amber.
4. Amber signs and returns only the signature.
5. Primal broadcasts the signed post to the network.

Part IV: The Backup (Steel, Not Paper)

Digital data corrupts. Paper burns. A true Alien Investor secures for eternity.

• The code: Your private key (nsec) is your backup.
• The medium: Stamp it into stainless steel (V2A/V4A) or store it extremely securely offline.
• The storage: One copy in the safe, another at a geographically separate location.

Alien Verdict: Welcome to Sovereignty

You have just created a digital identity that:

• Was born in the signer (not in some random client).
• Is stored in segregation (the client does not know the secret).
• Can be physically secured (steel outlasts fire).

That is the difference between "having an account" and "owning an identity". You are no longer a user. You are a sovereign node in the network.

"Trust no one. Verify everything."