Show HN: TimeSeal – Cryptographic time-locked vaults with Dead Man's Switch

https://github.com/Teycir/Timeseal

2•teycirb•1mo ago

# Hacker News Submission

## Title Show HN: TimeSeal – Cryptographic time-locked vaults with Dead Man's Switch

## Post Text

I built TimeSeal to solve a problem: most "future message" apps rely on trust. TimeSeal uses split-key cryptography to make early access mathematically impossible.

*How it works:*

Your browser generates two random AES-GCM-256 keys. Key A stays in the URL hash (never sent to server). Key B goes to Cloudflare Workers. The server refuses to release Key B until the unlock time. Without both keys, decryption is impossible—even for me.

*Three modes:*

1. *Timed Release* - Opens at exact future date (product launches, birthday messages) 2. *Dead Man's Switch* - Auto-unlocks if you stop checking in (crypto inheritance, whistleblower insurance) 3. *Ephemeral* - Self-destructs after N views (one-time passwords, confidential sharing)

*Architecture highlights:*

- Triple-layer encryption (client-side AES-GCM + server-side key encryption + master key) - Split-key design: no single party can decrypt early - Server-side time enforcement (client clock is irrelevant) - Cloudflare Workers + D1 database (edge-native, globally distributed) - Replay attack prevention with nonce-based pulse tokens - Rate limiting via SHA-256 browser fingerprinting - Open source (BSL license, converts to Apache 2.0 in 4 years)

*Security model:*

Even with full database access, an attacker cannot decrypt without: - Key A (in URL hash, never transmitted) - Master encryption key (environment secret) - Both keys combined

The server enforces time-locks via Cloudflare's NTP-synchronized infrastructure. No root access = no time manipulation.

*Use cases I didn't expect:*

- Estate planning (crypto seed phrases that unlock after 30 days of silence) - Journalist insurance (evidence auto-releases if arrested) - Marketing stunts (countdown timers for product drops) - Legal holds (contracts that activate on settlement date)

Live demo: https://timeseal.online

Source: https://github.com/teycir/timeseal

Docs cover threat model, attack scenarios, self-hosting, and trust assumptions. Happy to answer questions about the crypto, architecture, or edge cases.

---

Comments

pants2•1mo ago

This is cool - similar to Sarcophagus in the crypto world, but based on CloudFlare workers instead of a Blockchain. Assuming I trust that it works as intended and the site doesn't have access to my data, I'm still trusting 1. That CloudFlare workers will still be around after I die. 2. That you, the site owner, are still paying your CloudFlare bill. 3. That the cryptography behind it hasn't been cracked. 4. Governments haven't come in and forced you or CloudFlare to delete encryption keys because of some info they didn't want to leak. That's a lot of ifs.

halosghost•1mo ago

I flagged this as undisclosed slopware being pushed as secure cryptographic engineering with no reasonable measure of human review.

All the best,

-HG

AUR malware scanner written in Rust

Free FFmpeg API [video]

Are AI agents ready for the workplace? A new benchmark raises doubts

Show HN: AI Watermark and Stego Scanner

Clarity vs. complexity: the invisible work of subtraction

Solid-State Freezer Needs No Refrigerants

Ask HN: Will LLMs/AI Decrease Human Intelligence and Make Expertise a Commodity?

From Zero to Hero: A Brief Introduction to Spring Boot

NSA detected phone call between foreign intelligence and person close to Trump

How to Fake a Robotics Result

It's time for the world to boycott the US

Show HN: Semantic Search for terminal commands in the Browser (No Back end)

The AI CEO Experiment

Speed up responses with fast mode

MS-DOS game copy protection and cracks

Updates on GNU/Hurd progress [video]

Epstein took a photo of his 2015 dinner with Zuckerberg and Musk

MyFlames: View MySQL execution plans as interactive FlameGraphs and BarCharts

Show HN: LLM of Babel

A modern iperf3 alternative with a live TUI, multi-client server, QUIC support

Famfamfam Silk icons – also with CSS spritesheet

Apple is the only Big Tech company whose capex declined last quarter

Reverse-Engineering Raiders of the Lost Ark for the Atari 2600

Show HN: Deterministic NDJSON audit logs – v1.2 update (structural gaps)

The Greater Copenhagen Region could be your friend's next career move

Do Not Confirm – Fiction by OpenClaw

The Analytical Profile of Peas

Hallucinations in GPT5 – Can models say "I don't know" (June 2025)

What AI is good for, according to developers

OpenAI might pivot to the "most addictive digital friend" or face extinction