@clareifi.com What now?
@clareifi.com Ha! βhard modeβ 4sure. Debugging decryption failures with zero server-side visibility is a special kind of pain.
Next - Phase 3 envelope key architecture for key rotation, public profiles and selective sharing. Security audit before anything goes beyond personal use.
Thanks for following along π
@clareifi.com Server never saw plaintext. Architecture held.
clareifi.xyz
#BuildInPublic #Privacy #E2EE
@clareifi.com it makes debugging harder.
What shipped:
β Supabase auth (email + password)
β Salt stored server-side, key derived client-side
β New device fetches salt, derives correct key, decrypts notes
β Tested: Chrome, Brave, Vivaldi, Samsung Internet β all working
@clareifi.com Fair point β an envelope key now is cleaner than re-wrapping everything at rotation time. Itβs on the roadmap.
Phase 2 is shipping working sync. Phase 3 is where the key hierarchy gets more sophisticated. Building deliberately, not just fast.