undefined | Better HN

0 pointswim1y ago0 comments

We're building https://thymer.com/ to do this. Real-time collaboration, local-first + end-to-end-encrypted (and optionally self-hosted).

0 comments

3 comments · 1 top-level

I_am_tiberius1y ago· 2 in thread

Cool. May I ask how you implement the collaborative e2e? Do you encrypt the content multiple times - once for every user?

wimOP1y ago

The workspace data is encrypted with a (symmetric) workspace key. Each user gets hteir own encrypted copy of that key, using the user's public key. By wrapping the data-encryption key for each user the content is only encrypted once but each authorized user can decrypt it.

I_am_tiberius1y ago

Ah ok. I guess that means when a user leaves the team, you have to re-encrypt the codebase with a new symetric key (as the user would still know the old symetric key)?

1 more reply

j / k navigate · click thread line to collapse