From 8fad8d837416fcbd990c626e4632f4c7bdd6bf60 Mon Sep 17 00:00:00 2001 From: Siavash Sameni Date: Fri, 27 Mar 2026 09:58:57 +0400 Subject: [PATCH] Add encrypted message history + cloud backup to Phase 2 roadmap - History encrypted with key derived from seed (HKDF) - No extra password needed (seed = access) - Optional double encryption with passphrase - Cloud targets: S3, Google Drive, WebDAV - Backup is encrypted archive, provider sees only blobs - Incremental sync, versioned, deduplicated - Also marked WebSocket, TUI, Web WASM as done in Phase 2 Co-Authored-By: Claude Opus 4.6 (1M context) --- DESIGN.md | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/DESIGN.md b/DESIGN.md index b247849..b018084 100644 --- a/DESIGN.md +++ b/DESIGN.md @@ -442,8 +442,20 @@ warzone.wasm # browser client (via wasm-pack) - ENS domain resolution (@vitalik.eth → 0xd8dA... → Warzone identity) - Crates: k256, tiny-keccak, ethers-rs/alloy for ENS resolution - Session key delegation from hardware wallet (sign once per 30 days) -- [ ] TUI client (ratatui) -- [ ] Web client (WASM) +- [x] TUI client (ratatui) +- [x] Web client (WASM) +- [x] WebSocket real-time push +- [ ] Encrypted local message history & cloud backup + - Messages encrypted at rest using key derived from seed (HKDF, info="warzone-history") + - No extra password needed — if you have your seed, you can read your history + - Optional passphrase for additional protection (double encryption) + - Browser: encrypted blob in IndexedDB, export as file + - CLI: encrypted sled DB (already has seed-encrypted keystore) + - Cloud backup targets: S3-compatible, Google Drive, WebDAV + - Backup format: encrypted archive (ChaCha20-Poly1305), versioned, deduplicated + - Restore: import backup + provide seed → decrypt and merge history + - Sync: periodic incremental backup (new messages since last backup) + - Privacy: backup provider sees only encrypted blobs, no metadata ### Phase 3 — Federation & Key Transparency - [ ] DNS TXT record format specification (server discovery + user key transparency)