Norsh
HomeNTPNCLAPI
HomeNTPNCLAPI
  1. Usage Guide
  • Norsh
    • Usage Guide
      • Identity in the Norsh Ecosystem
      • UCP Message Structure (Standard Request Format)
    • API
      • UCP Error Codes
      • Keys Identity
        • Generates a public and private key pair
      • Address
        • Register Address
        • Get Address
        • Enable TOTP
        • Disable TOTP
        • Enable Secret-Based Authentication
        • Disable Secret-Based Authentication
        • Revoke Address
      • Modules
        • Get Module
        • Create Notary
      • Statements
        • Get Statement
        • Create Notary Statement
      • BigLedger
        • Get BigLedger Statement
      • Tartarus
        • Get Tartarus Statement
      • Envelopes
        • Get Envelope
  • NTP - Norsh Technical Paper
    • NTP-1: Norsh Technical Paper Specification
    • NTP-2: Standards for Encoding, Time and Localization
    • NTP-3: Cryptography and Hash Specification
    • NTP-4: Interchangeable Data Standard
    • NTP-5: Temporal Time-Step Model
    • NTP-6: Modular Prime Fragmentation
    • NTP-7: The End of Mining - PoW
    • NTP-8: The Fallacy of Stake - PoS
    • NTP-9: The Myth of Absolute Non-Censorship
    • NTP-10: Structural Failures of Decentralization
    • NTP-11: Universal Blockchain Protocol (UBP)
    • NTP-12: Sharded Certificate Storage for the Norsh Ecosystem
  • NCL - Norsh Commons License
    • NCL-0: Norsh Commons License
    • NCL-1: Attribution Requirement
    • NCL-2: Restricted Commercialization
    • NCL-4: Commercialization with Agreement or Royalties
    • NCL-8: Educational Use Permission
    • NCL-16: Complementary Use and Integration Permission
    • NCL-32: Pre-Approval for Application Publication
    • NCL-64: Restricted or Authorized Derivatives
    • NCL-128: Contribution Terms
  • Compliance
    • Terms of Use
    • Privacy Policy
    • Norsh Brand and Trademark Usage Guidelines
    • AI Content Notice
    • Credits
    • Partners
    • Legal Templates
      • Policy on Public Disclosure of Legal Templates
      • NDA - Template
      • Service Agreement - Template
  • Resources
    • Norsh Brand Guidelines
    • Academy
      • Exam Program
  • Service Operations
    • Service Level Agreement (SLA)
    • Scheduled Maintenance Notice
    • Incident Reports
  • Schemas
    • Key & Address
      • Key.Generate
      • Address.Register
      • Address.Revoke
      • Address.TOTP.Enable
      • Address.TOTP.Disable
      • Address.Secret.Enable
      • Address.Secret.Disable
    • Modules
      • Module.Notary.Create
      • Module.Meter.Create
    • Ucp Response
    • Ucp PublicKey
    • Ucp Parameters
    • Ucp Header
    • Ucp Ghost
HomeNTPNCLAPI
HomeNTPNCLAPI
  1. Usage Guide

Identity in the Norsh Ecosystem

In the Norsh ecosystem, your identity is created and validated through a pair of cryptographic keys. There are no usernames, passwords, or conventional accounts. Instead, all authentication, ownership, and communication are tied to a public key and to a unique address derived from it.
This process involves two fundamental steps.

Step 1 – Generate Your Key Pair#

Use the API: keys.generate
You will receive:
A private key, optionally encrypted if you provide a password.
A public key, used to derive your address and register your identity.
A Base64-encoded X.509 certificate, renewed annually at 00:00 UTC on January 1st.
The private key is a unique cryptographic secret that gives you full control over your digital identity and assets. It should never be shared or exposed. Anyone with access to your private key can act on your behalf and control your assets.
If you provide a password during key generation, the private key will be encrypted using recommended standards (see [NTP-3]) before being returned.
DANGER
If it were possible, we would have a flashing neon sign with sirens and everything else to get your attention here.
The private key is your only proof of control.
Norsh does not store or manage any keys. Responsibility is entirely on the user or the application managing the keys.
If you lose your private key, your identity cannot be recovered.
If it is exposed, your identity, assets, and permissions are irreversibly compromised.
Never share it, never transmit it, and never expose your private key or use it in unknown applications or third-party systems.
It is impossible to migrate data, balances, or access from one private key to another. Blockchain principles ensure immutability, enforced by cryptographic keys and transaction signatures.
There is no fallback, no password reset, and no admin override. Norsh, like any individual, company, or global authority, even with the use of all the world’s financial or computational resources, does not have any technical or legal means to recover, reverse, or modify a lost or compromised private key.
The system is immutable. If you lose your key, you lose access. If you disclose or expose your key, the risk is inevitable.
No one will ever give you gifts, money, credits, trips, or anything else in exchange for your private key. If you receive any promise like this, it is a scam.
Security begins at the key.
For secure, Norsh-compliant key generation and signature creation, you can also use the official open-source libraries:
Node.js: @norsh/norsh-keygen (GitHub)
Java: norsh-keygen-java
Python: norsh-keygen-python
C#: norsh-keygen-csharp
These libraries implement the same standards as the “Generate Public and Private Key Pair” API, but operate locally and offline.

Recommended Best Practices#

Store your private key offline, preferably on a hardware wallet or encrypted USB stick.
Never store it in cloud services, emails, or plain text files on your computer.
Make secure backups and keep them in different safe locations.

Step 2 – Register and Obtain Your Address#

Use the API: address.register
Send your public key using the UCP protocol.
You will receive:
A 96-character SHA3-384 address (the unique identifier for your identity)
The current status of your certificate and identity (e.g., "ENABLED")
A dictionary of X.509 certificates (issued yearly), available via URLs like:
http://pki.norsh.com/issued/04c/90d/<address>-2025.pem
These certificates are generated and published automatically upon registration and are part of the public key infrastructure (PKI) of the Norsh ecosystem.
They enable public trust, auditability, and automated validations in enterprise-grade systems and smart elements.
The registration is also recorded on-chain in the Norsh Big Ledger, ensuring cryptographic immutability, transparency, and enabling:
Periodic certificate generation
Public auditing of identity claims
Validation of ownership across systems
This address is your:
Wallet ID
Owner ID
Element Controller
Sender and Recipient in all transactions
Once registered, the address is used in all interactions with Norsh.

Enabling Stronger Authentication (Optional)#

For increased protection, Norsh supports optional authentication factors in addition to the cryptographic key pair.
These mechanisms are configured and managed using the following APIs:
TOTP (Time-based One-Time Password):
Enable: keys.totp.enable
Disable: keys.totp.disable
Secret-based authentication (static shared secret):
Enable: keys.secret.enable
Disable: keys.secret.disable
Important:
When TOTP or Secret-based authentication is enabled, every API request that performs a protected operation must include the respective values (ghost.totp and/or ghost.secret) in the payload.
Norsh does not use session-based authentication or persistent login tokens, each request must be individually authorized by providing the required factors.
The TOTP code may be manually entered by a user from an authenticator app (e.g., Google Authenticator) or automatically generated and supplied by client software.
There is no concept of session management or "logged-in" state: every operation is stateless and must be independently verified with the required keys and authentication factors.
Multiple factors can be enabled simultaneously.
If both TOTP and a static secret are enabled, protected operations will require both ghost.totp and ghost.secret.
Disabling one factor does not affect the other.

Ongoing Usage#

From this point forward:
The public key and the derived address are used in all systems.
The private key is used to sign any request or transaction that requires proof of authority.
Every API operation that performs a sensitive or secure action expects the request to be signed using the private key, and verifiable using the public key through the UCP signature field.
This guarantees that only the rightful holder of the key can perform operations under that identity.
All keys are generated using:
Algorithm: ECDSA
Curve: secp384r1
Address format: SHA3-384 hash of the raw bytes of the public key
The public key must be encoded in Base64 DER format, as defined in the UCP protocol and [NTP-3].

Final Notes#

This cryptographic identity model is the foundation of all security, ownership, and trust within the Norsh ecosystem.
Its correct implementation and secure management are non-negotiable.
Modified at 2025-10-13 17:19:45
Next
UCP Message Structure (Standard Request Format)
Built with