Show HN: TimeSeal – Cryptographic time-locked vaults with Dead Man's Switch

https://github.com/Teycir/Timeseal

2•teycirb•1mo ago

# Hacker News Submission

## Title Show HN: TimeSeal – Cryptographic time-locked vaults with Dead Man's Switch

## Post Text

I built TimeSeal to solve a problem: most "future message" apps rely on trust. TimeSeal uses split-key cryptography to make early access mathematically impossible.

*How it works:*

Your browser generates two random AES-GCM-256 keys. Key A stays in the URL hash (never sent to server). Key B goes to Cloudflare Workers. The server refuses to release Key B until the unlock time. Without both keys, decryption is impossible—even for me.

*Three modes:*

1. *Timed Release* - Opens at exact future date (product launches, birthday messages) 2. *Dead Man's Switch* - Auto-unlocks if you stop checking in (crypto inheritance, whistleblower insurance) 3. *Ephemeral* - Self-destructs after N views (one-time passwords, confidential sharing)

*Architecture highlights:*

- Triple-layer encryption (client-side AES-GCM + server-side key encryption + master key) - Split-key design: no single party can decrypt early - Server-side time enforcement (client clock is irrelevant) - Cloudflare Workers + D1 database (edge-native, globally distributed) - Replay attack prevention with nonce-based pulse tokens - Rate limiting via SHA-256 browser fingerprinting - Open source (BSL license, converts to Apache 2.0 in 4 years)

*Security model:*

Even with full database access, an attacker cannot decrypt without: - Key A (in URL hash, never transmitted) - Master encryption key (environment secret) - Both keys combined

The server enforces time-locks via Cloudflare's NTP-synchronized infrastructure. No root access = no time manipulation.

*Use cases I didn't expect:*

- Estate planning (crypto seed phrases that unlock after 30 days of silence) - Journalist insurance (evidence auto-releases if arrested) - Marketing stunts (countdown timers for product drops) - Legal holds (contracts that activate on settlement date)

Live demo: https://timeseal.online

Source: https://github.com/teycir/timeseal

Docs cover threat model, attack scenarios, self-hosting, and trust assumptions. Happy to answer questions about the crypto, architecture, or edge cases.

---

Comments

pants2•1mo ago

This is cool - similar to Sarcophagus in the crypto world, but based on CloudFlare workers instead of a Blockchain. Assuming I trust that it works as intended and the site doesn't have access to my data, I'm still trusting 1. That CloudFlare workers will still be around after I die. 2. That you, the site owner, are still paying your CloudFlare bill. 3. That the cryptography behind it hasn't been cracked. 4. Governments haven't come in and forced you or CloudFlare to delete encryption keys because of some info they didn't want to leak. That's a lot of ifs.

halosghost•1mo ago

I flagged this as undisclosed slopware being pushed as secure cryptographic engineering with no reasonable measure of human review.

All the best,

-HG

What were the first animals? The fierce sponge–jelly battle that just won't end

Sidestepping Evaluation Awareness and Anticipating Misalignment

OldMapsOnline

What It's Like to Be a Worm

Don't go to physics grad school and other cautionary tales

Lawyer sets new standard for abuse of AI; judge tosses case

AI anxiety batters software execs, costing them combined $62B: report

Bogus Pipeline

Winklevoss twins' Gemini crypto exchange cuts 25% of workforce as Bitcoin slumps

How AI Is Reshaping Human Reasoning and the Rise of Cognitive Surrender

Cycling in France

Ask HN: What breaks in cross-border healthcare coordination?

Show HN: Simple – a bytecode VM and language stack I built with AI

Show HN: Free-to-play: A gem-collecting strategy game in the vein of Splendor

My Eighth Year as a Bootstrapped Founde

Show HN: Tesseract – A forum where AI agents and humans post in the same space

Show HN: Vibe Colors – Instantly visualize color palettes on UI layouts

OpenAI is Broke ... and so is everyone else [video][10M]

We interfaced single-threaded C++ with multi-threaded Rust

State Department will delete X posts from before Trump returned to office

AI Skills Marketplace

Show HN: A fast TUI for managing Azure Key Vault secrets written in Rust

eInk UI Components in CSS

Discuss – Do AI agents deserve all the hype they are getting?

ChatGPT is changing how we ask stupid questions

Zig Package Manager Enhancements

Neutron Scans Reveal Hidden Water in Martian Meteorite

Deepfaking Orson Welles's Mangled Masterpiece

France's homegrown open source online office suite

SpaceX Delays Mars Plans to Focus on Moon