Scratched my own itch. Needed to share passwords without them sitting in chat logs forever. Client-side AES-256-GCM, PBKDF2 key derivation. Server just holds encrypted blobs until expiry.
Questions welcome.
gnabgib•2mo ago
There's nothing self-destructing about your server dropping data, after a decision on (unencrypted) meta data (timeout, number of views).
privsen•2mo ago
Yeah fair.. self-destructing is overselling it. Server drops the blob after timeout/view count.
Server sees expiry, view count, salt, iv. Content is encrypted, metadata isn't. Can't avoid this with server-managed TTL - alternative is client-only expiry but then you're trusting the recipient's browser.
Main point is credentials don't live forever in chat history. Smaller window, not magic.
privsen•2mo ago
Questions welcome.
gnabgib•2mo ago
privsen•2mo ago
Server sees expiry, view count, salt, iv. Content is encrypted, metadata isn't. Can't avoid this with server-managed TTL - alternative is client-only expiry but then you're trusting the recipient's browser.
Main point is credentials don't live forever in chat history. Smaller window, not magic.