scripz.io
A B O U T

What is scripz?

A scripz is a printed card that is a full cryptographic identity: a 12-word BIP39 mnemonic, a NIP-06-derived nostr keypair, and a Lightning wallet with NWC pairing — all carried by an artwork from a numbered drop.

Sealed cards stay sealed. The npub on the card resolves to a public profile, but the secrets are encrypted at rest until somebody scans the claim QR and unlocks them with the printed PIN. Subscribing is the act of breaking the seal and activating the identity.

W H A T ' S   I N   T H E   B O X ?
N O S T R
BIP39 mnemonic → NIP-06 derivation → nsec / npub. Profile (kind:0) and relay-list (kind:10002) are published at generation time.
L I G H T N I N G
LNbits wallet with NWC pairing URL. Use Alby Go or any NWC-aware client to send and receive.
N I P - 0 5
username@scripz.io — also doubles as the Lightning Address for receiving zaps.
A R T W O R K
One motif from the active drop, in a numbered, limited print run. A deterministic 8×8 sigil derived from the pubkey marks the card.
P A P E R   C A R D
57 mm fold-label, thermal-printed on warm paper stock. QR codes for claim URL, NWC link, and public profile.
T H R E A T   M O D E L   &   C R Y P T O
A E S - 2 5 6 - G C M
Secrets encrypted at rest with authenticated encryption. The server stores ciphertext only — no plaintext nsec, ever.
P I N   G A T E
An HMAC-SHA256-derived PIN gates decryption. Rate-limited to 5 attempts per 15 minutes per token + IP.
P B K D F 2
SHA-256, 600 000 iterations. Stretches the PIN into the AES key — making offline brute-force computationally expensive.
S E L F - D E S T R U C T
After unlocking you can wipe the encrypted blob from the server. The public profile (kind:0) stays on relays — only the secrets disappear.
F I R S T - C L A I M
The first unlock is timestamped. If your card shows "already accessed" on your first visit, somebody got there before you — rotate.
S E R V E R - G E N
Keys are server-generated at print time, so the operator has theoretical access during generation. For sovereign custody, generate your own. Claim-and-wipe is a best-effort measure, not a guarantee.
F O S S
Source on GitHub. Read the code; don't trust the landing page.