Show HN: TimeSeal – Cryptographic time-locked vaults with Dead Man's Switch

https://github.com/Teycir/Timeseal

2•teycirb•1mo ago

# Hacker News Submission

## Title Show HN: TimeSeal – Cryptographic time-locked vaults with Dead Man's Switch

## Post Text

I built TimeSeal to solve a problem: most "future message" apps rely on trust. TimeSeal uses split-key cryptography to make early access mathematically impossible.

*How it works:*

Your browser generates two random AES-GCM-256 keys. Key A stays in the URL hash (never sent to server). Key B goes to Cloudflare Workers. The server refuses to release Key B until the unlock time. Without both keys, decryption is impossible—even for me.

*Three modes:*

1. *Timed Release* - Opens at exact future date (product launches, birthday messages) 2. *Dead Man's Switch* - Auto-unlocks if you stop checking in (crypto inheritance, whistleblower insurance) 3. *Ephemeral* - Self-destructs after N views (one-time passwords, confidential sharing)

*Architecture highlights:*

- Triple-layer encryption (client-side AES-GCM + server-side key encryption + master key) - Split-key design: no single party can decrypt early - Server-side time enforcement (client clock is irrelevant) - Cloudflare Workers + D1 database (edge-native, globally distributed) - Replay attack prevention with nonce-based pulse tokens - Rate limiting via SHA-256 browser fingerprinting - Open source (BSL license, converts to Apache 2.0 in 4 years)

*Security model:*

Even with full database access, an attacker cannot decrypt without: - Key A (in URL hash, never transmitted) - Master encryption key (environment secret) - Both keys combined

The server enforces time-locks via Cloudflare's NTP-synchronized infrastructure. No root access = no time manipulation.

*Use cases I didn't expect:*

- Estate planning (crypto seed phrases that unlock after 30 days of silence) - Journalist insurance (evidence auto-releases if arrested) - Marketing stunts (countdown timers for product drops) - Legal holds (contracts that activate on settlement date)

Live demo: https://timeseal.online

Source: https://github.com/teycir/timeseal

Docs cover threat model, attack scenarios, self-hosting, and trust assumptions. Happy to answer questions about the crypto, architecture, or edge cases.

---

Comments

pants2•1mo ago

This is cool - similar to Sarcophagus in the crypto world, but based on CloudFlare workers instead of a Blockchain. Assuming I trust that it works as intended and the site doesn't have access to my data, I'm still trusting 1. That CloudFlare workers will still be around after I die. 2. That you, the site owner, are still paying your CloudFlare bill. 3. That the cryptography behind it hasn't been cracked. 4. Governments haven't come in and forced you or CloudFlare to delete encryption keys because of some info they didn't want to leak. That's a lot of ifs.

halosghost•1mo ago

I flagged this as undisclosed slopware being pushed as secure cryptographic engineering with no reasonable measure of human review.

All the best,

-HG

Ask HN: How much of your token use is fixing the bugs Claude Code causes?

Show HN: Agents – Sync MCP Configs Across Claude, Cursor, Codex Automatically

Hello

FSD helped save my father's life during a heart attack

Show HN: Writtte – Draft and publish articles without reformatting, anywhere

Portuguese icon (FROM A CAN) makes a simple meal (Canned Fish Files) [video]

Brookhaven Lab's RHIC Concludes 25-Year Run with Final Collisions

Transcribe your aunts post cards with Gemini 3 Pro

.72% Variance Lance

ReKindle – web-based operating system designed specifically for E-ink devices

Encrypt It

NextMatch – 5-minute video speed dating to reduce ghosting

Personalizing esketamine treatment in TRD and TRBD

SpaceKit.xyz – a browser‑native VM for decentralized compute

NotebookLM: The AI that only learns from you

Show HN: An open-source starter kit for developing with Postgres and ClickHouse

Game Boy Advance d-pad capacitor measurements

South Korean crypto firm accidentally sends $44B in bitcoins to users

Apache Poison Fountain

Web.whatsapp.com appears to be having issues syncing and sending messages

Google in Your Terminal

Shannon: Claude Code for Pen Testing: #1 on Github today

Anthropic: Latest Claude model finds more than 500 vulnerabilities

Brooklyn cemetery plans human composting option, stirring interest and debate

Why the 'Strivers' Are Right

Brain Dumps as a Literary Form

Agentic Coding and the Problem of Oracles

Malicious packages for dYdX cryptocurrency exchange empties user wallets

Show HN: I built a <400ms latency voice agent that runs on a 4gb vram GTX 1650"

Penisgate erupts at Olympics; scandal exposes risks of bulking your bulge