Self-custodial ID
A key hierarchy with meaningful names, lineage, peer relationships, metadata, and recovery paths instead of disconnected secrets scattered across apps.
Self-sovereign cryptographic mesh
Not your keys, not your Your private, need-to-know The self- organizing An actually zero trust network.
Zsub is infrastructure for self-custodial identity and actually zero-trust networking, designed around user self-custody from the first byte.
offline-first
consentful trust
self-custodial identity
Bitcoin-grade assumptions
Identity that's truly your own.
The old web outsourced identity, keys, access control, and recovery to third parties. Zsub moves those primitives back to the edge, where the user owns the authority and the network organizes around signed consent.
Actually zero trust
Peers establish and elevate trust through explicit authorization. Inbound changes are presented for approval before they become part of your local state.
Networks from keys
Secure connectivity, messaging, overlays, and services can be derived from cryptographic relationships rather than accounts, passwords, or central brokers.
Secure by architecture.
Zsub does not make a bigger credential store or a smarter control plane. It removes the target by rooting authority in the user, deriving purpose-specific keys, and coordinating trust peer-to-peer.
No credential honeypot
Authorization is proved cryptographically instead of checked against a central database of reusable secrets waiting to be stolen.
Consentful trust
Messages that establish or elevate trust are held for approval before processing, so peers do not silently rewrite your authority graph.
Privacy is security
Secure links, onion routing, and overlays make users and systems harder to enumerate, target, correlate, or coerce through the network path.
Easy to use because it fits real life.
Johnny should not have to learn a new mental model for relationships and trust. Zsub turns the things users already do — contacts, roles, approvals, devices, and network rules — into the information strong cryptography needs.
No special ceremony
Strong cryptography becomes part of ordinary actions: adding a contact, approving a request, joining an organization, or accessing a service.
Legacy apps just work
To applications, Zsub can appear as another network. If an application speaks JWT, it can plug into the auth layer directly.
Depth when needed
Simple contact and alert flows stay simple, while advanced tools like organizations, multisig, recovery, and signing are available as users drill down.
A stack from seed to traffic.
Zsub builds upward from a self-custodied seed: derived keys, user-approved protocols, secure connectivity, gated services, and finally the traffic you choose to carry.
07 / Your traffic
To your application, Zsub is just another network
Legacy applications just work. If they speak JWT, they can plug directly into the auth layer while Zsub handles the underlying cryptographic relationships, services, and transport.
06 / Services
Hole punch, relays, virtual network endpoints, auth translation, and other services
Services are exposed only to authorized peers, giving applications useful network capabilities without surrendering control to central accounts or ambient trust.
05 / Connectivity
Secure links, onion routing, transport, and overlays
The mesh layer moves data between peers through authenticated links and overlays rather than ambient trust in the network path.
04 / Protocols
Peers coordinate trust with explicit consent
Authorization, peering, exchange, recovery, messaging, and service protocols define what peers may do before traffic is accepted.
03 / Tools
Password manager, build signer, Bitcoin wallet, and more
Practical tools sit on top of the key tree so everyday cryptographic workflows can use the same rooted authority without scattering secrets across applications.
02 / Keys
A meaningful hierarchy of cryptographic authority
StarfortDB organizes derived keys, names, lineage, peer relationships, external metadata, and interoperable key types.
01 / Seed
Operational security and durable recovery
The seed is the protected root of the system: kept under user control, secured for real-world operations, and available for recovery when devices are lost or replaced.
Featured essays.
Long-form notes on the problem Zsub is built around: making strong cryptography practical, personal, and socially usable.
Featured essay
Finally! Johnny CAN Encrypt
The deeper story behind Zsub and StarfortDB: why usable cryptography has taken so long, what Bitcoin changed in practice, and how self-custodial systems can finally become ordinary tools.
Read the essay →
Coming rotation
More essays soon
This area is designed to feature one or two essays at a time as the writing library grows.
Read the work.
The protocol papers, roadmap, code, and essays are public so the system can be reviewed, challenged, and hardened in the open.
Overview
The self-sovereign cryptographic mesh in one paper.
Open PDF →Roadmap
Milestones for runtime, StarfortDB, network layer, hardening, and native apps.
Open PDF →Code
The public StarfortDB repository on Codeberg.
View repo →Downloads
Signed release artifacts, install scripts, checksums, and public verification keys.
Get releases →