@clareifi.com What now?

@clareifi.com Ha! β€œhard mode” 4sure. Debugging decryption failures with zero server-side visibility is a special kind of pain.

Next - Phase 3 envelope key architecture for key rotation, public profiles and selective sharing. Security audit before anything goes beyond personal use.

Thanks for following along πŸ”

@clareifi.com Server never saw plaintext. Architecture held.

clareifi.xyz

#BuildInPublic #Privacy #E2EE

@clareifi.com it makes debugging harder.

What shipped:
β†’ Supabase auth (email + password)
β†’ Salt stored server-side, key derived client-side
β†’ New device fetches salt, derives correct key, decrypts notes
β†’ Tested: Chrome, Brave, Vivaldi, Samsung Internet β€” all working

@clareifi.com Fair point β€” an envelope key now is cleaner than re-wrapping everything at rotation time. It’s on the roadmap.

Phase 2 is shipping working sync. Phase 3 is where the key hierarchy gets more sophisticated. Building deliberately, not just fast.