Show HN: Nano.noq – Experimental key-container format

(github.com)
3 points Daffactor | 3 comments | 06 Dec 25 09:48 UTC | HN request time: 0.4s | source

Hi! This is an experimental learning project I've been working on.

NANO.NOQ is a very small binary container format for AES-GCM keys. The entire implementation is inside a single HTML file using WebCrypto (no backend, no external dependencies).

The .noq file format is simple: - header (“NOQ1”) - key length (2 bytes) - raw AES-256-GCM key - a 4-byte integrity slice (from SHA-256(key)) - 32 bytes of random padding

The project does NOT add new cryptography on top of AES-GCM. It's purely an experiment in designing a file format for storing keys separately from ciphertext without copy/paste.

There's also a mutation step for Base64URL ciphertext, but it is obfuscation only and not meant as a security layer.

I’m not a professional programmer — I built this with AI assistance as a way to learn about key storage formats, integrity fields, and browser-based crypto workflows.

Feedback, corrections, and criticism are very welcome.

1. mubou2 ◴[06 Dec 25 11:11 UTC] No.46172403[source]
1. What's the purpose of the "random padding"? Remember that an LLM is incapable of thinking logically, so it'll often do things that seem purposeful but aren't.

2. Consider using an actual checksum like CRC-32 rather than a truncated hash if your intent is to detect data corruption (see https://stackoverflow.com/a/72580031)

3. Obfuscation is a fool's errand; as you said, it provides no security, but therefore it also serves no purpose except to give a false sense of security, which is often more dangerous than none at all. Actual private key container formats (like PKCS#8 and #12) allow for encrypting the key with a passphrase, which is something you might consider instead.

4. "AES-GCM keys" are not a thing; they're just AES keys (which are just random bytes of a set length).

2. ◴[06 Dec 25 11:18 UTC] No.46172442[source]