Holf: Nordheim Secure Vault Documentation

Welcome to Holf (formerly Skjaldborg)—your locally hosted, highly secure application for securely storing sensitive documents, passwords, notes, and cryptographic keys.

At a time when widespread Cloud storage creates massive security targets, Holf offers an explicitly offline-first, Zero-Knowledge architecture. We aim to empower our users with confidence, knowing their credentials remain entirely locally controlled, easily portable, and strongly encrypted against intrusion.

1. Installation

Holf utilizes ShadowAgent’s verified release protocols and secure build scripts to ensure a pristine software supply chain. We natively support Linux and macOS.

macOS

  • Download the cryptographically signed .dmg file provided in the releases page.
  • Open the .dmg and simply drag the Holf .app bundle into your Applications shortcut (the drag-to-install method is fully supported).
  • Note: Because Holf leverages strong sandboxing for security, files must generally be loaded from safe user directories. Ensure you grant Holf the permissions requested during the initial launch.

Linux

  • Download the signed .deb file.
  • We natively hash all packages via sha512sum and detach-sign via GPG. You can verify these assets to safely ensure untampered data before installing.
  • Install using apt or dpkg:
  sudo dpkg -i holf_latest_amd64.deb
  sudo apt-get install -f
  • The .deb automatically registers GTK desktop icons and executable wrappers for your convenience.

2. Setup and Configuration

When you launch Holf for the very first time on a machine without a prior configuration, the onboarding flow engages immediately:

  1. Establish a Master Password: Ensure it is strong and memorable. Holf uses Argon2id memory-hard key derivation specifically to thwart GPU-based brute-force attacks.
  2. Setup Two-Factor Authentication (TOTP): The setup wizard will display a QR Code. Scan this using a standards-compliant mobile authenticator app (such as Bitwarden, Google Authenticator, or Aegis) to generate your 6-digit TOTP.
  3. Vault Generation: Finally, you will establish a file storage limit. Users can enforce a custom vault capacity defined between 25 MB up to 1 TB, based exclusively on their needs, saving filesystem space.

3. Usage & Accessing Your Vault

Holf safely obfuscates information using AES-256-GCM. Unlocking your stored vault on subsequent visits strictly requires a two-step handshake:

  1. Provide the correct Master Password.
  2. Provide the active 6-digit TOTP token.
    If validation is unsuccessful, the underlying vault payload remains cryptographically locked and invisible to memory structures.

Portable .vault Format

Holf data is fully stored in a secure native binary file (nordheim.vault). This format ensures absolute, transparent cross-platform portability.

  • If you migrate computers, simply install Holf and move your nordheim.vault file!
  • > [!IMPORTANT]

Do not remove or alter the .vault extension when renaming your storage file or migrating disks. The explicit cryptographic parser requires this extension to enforce lock constraints properly.

4. Confidence & Support

Holf’s entire data model is built on Zero-Knowledge Architecture. All data is encrypted using keys derived locally from your Master Password before ever touching your disk. We absolutely do not—and mathematically cannot—have access to your data or read your payload.

Getting Help: With deep roots in the open-source community, we highly prioritize robust support. If you run into sandboxing blocks, path issues, or trouble recovering a nordheim.vault path, do not hesitate to reach out to Nordheim support. We stand firmly behind the sanctity of the codebase to offer a safe product that our users can rely on.