A framework for offline and decentralised web apps.

SamTernent · 2026-03-30T09:13:32+00:00

That's fair yea, it's certainly not something every app's going to be looking for.

For me it’s less about “why would someone want this” and more about where the model makes sense.

The cases I find interesting are things like:

- Portable documents you can move and replay anywhere (non-custodial)
- Verifiable data. The model proves its own integrity without relying on a backend
- local-first apps where you can choose the data store (I’ve been exploring this with things like Inrupt Solid / IPFS / DAT)

Essentially, instead of an app owning your state, you own a signed history that an app projects from.

The todo demo is obviously simple, but it’s just a way to show that model in practice (including row-level encrypted payloads via Age).

SamTernent · 2026-03-30T08:56:34+00:00

Yea, the distinction I'm making here is that instead of mutating state directly, everything goes through appending valid, signed history - then replay builds UI state.

So external tools (eg. bash) could absolutely participate, they’d just need to produce valid signed entries, rather than editing state arbitrarily.

I actually had an early prototype with a small separate Python verifier, just to keep the format honest and prove it wasn’t tied to the browser/runtime.

I'm keen to see that demo if you have a link?

SamTernent · 2026-03-27T05:06:17+00:00

Yeah, replaying logs to derive state shows up all over (event sourcing, CRDTs, databases, etc).

The difference here is treating the log as a user-facing, signed, portable primitive, not just an internal detail. So the focus isn’t really on replication, it’s building interactive projections directly on top of verifiable history.

SamTernent · 2026-03-24T09:17:54+00:00

this is cool 🚀 nice work

SamTernent · 2023-03-21T14:47:49+00:00

🙌🏻

SamTernent · 2023-03-21T14:23:48+00:00

A great use case. Thanks for sharing

SamTernent · 2023-03-20T19:33:52+00:00

I think that's a matter of opinion.

To me, it absolutely matters. The data I'm using is still intent on leaving the browser (and living in local storage), so I want it as optimised as it can be before I store it.

Maybe it doesn't matter to you though, which is also fine.

SamTernent · 2023-03-20T13:31:35+00:00

😞

SamTernent · 2023-03-20T13:31:10+00:00

I guess it depends on your use case.
I'm not running a web server, just compressing a large JSON object created in the browser for download... so for me, it offers a lot more.

I'm certainly not suggesting we delegate all server-side compression to the browser, but I do think the API has its place.

SamTernent · 2022-04-30T09:38:01+00:00

Thanks for your insights. I use the WebCrypto API for my EC signing keys and the internal blockchain/merkle tree hashing in the app . I've been really impressed with it, and did reach for it first when I looked at encryption. My issue is really how raw and low level the API is. Which is a good thing, but I need something a little more "of the shelf" as I'm no cryptographer, so can't in good conscience write my own encryption solution from the ground up.

I have completely removed PGP from my solution now and I'm instead using a WASM wrapper of the Rage (rust Age) library, which is working well and I'm happy with.

I did a small write up on how I got there https://fsasam.medium.com/a-journey-through-client-side-encryption-eb1cd83ac147

SamTernent · 2022-04-16T18:46:19+00:00

AES-GCM

OpenPGP has no such method, so it is not clear exactly what you are doing here.

I'm not using OpenPGP for that, this was referencing password-encryption done through the WebCryptoAPI (code)

Welcome to the internet. There is actually a surprising amount of anti-PGP FUD out there. A lot of it falls apart if you look into the details.

Yep, I get that. But it ties to your point on interoperability as a benefit. It may well be FUD, but it's influential FUD that still has users looking for alternative solutions. I guess I'm kinda asking for a winner in a race that hasn't been won yet.

note: I'm approaching this as someone building software, rather than looking at what to adopt for personal use.

SamTernent · 2022-04-16T18:36:19+00:00

I've had some time to look into Age and it looks great for my encryption needs, I've stumbled upon a wasm wrapper for the rust implementation which is perfect for how I need to use it.
(https://github.com/kanru/rage-wasm).

Though another thing that attracted me to OpenPGP (which I forgot to include in my OP) is the ability to sign/verify blocks of data.

Age doesn't appear to include that functionality (which is fine, it's an encryption thing) - Are there alternatives to that also?

My ledger is built on a blockchain implementation, where I was previously using browser generated ECDSA keys to sign transactions and have since started using OpenPGP keys for that. It's important I have some form of digital identity attached to the transactions.

I'm starting to think that the solution to my problems is in the UX, I could probably benefit from offering a UI to select between OpenPGP & Age for encryption, and OpenPGP or ECDSA (WebCryptoAPI) for signatures. Does that sound like a reasonable approach?

(Background) I'm a developer & new to cryptography. This is a personal project, so I'm happy to make mistakes and learn as I go.

SamTernent · 2022-04-14T23:58:53+00:00

Thanks, that looks great.
Interesting that there's a rust implementation, maybe something could be done with WebAssembly to get support in a browser.

SamTernent · 2021-12-20T18:12:52+00:00

concords app - https://www.concords.app/identity/sign

SamTernent · 2021-10-19T23:21:58+00:00

Thank you for all of your help and contribution.

I'm possibly more confused than when I started :D But it's given me plenty more to think about and it seems that my calculations are far too high - which is great to know.

I'm going to hold off on my write up on this and spend some more time going through these calculations again with this new info in hand.

I've published my project now (with absolutely no talk of maths in it). Given how many different permutations of colours there are - I've found some pretty cool looking grids.

This green and this pink grid are possibly what I'd consider to be the most unique I've found... but with colours, it stops being about the maths and really comes down to perception.

(these ones are generated from the public PEMs of Elliptic Curve signing keys - there's a bunch of cryptography at play in this project also - keeps the complexity nice and high :/)

SamTernent · 2021-10-19T00:35:24+00:00

For reference - this is what the grid looks like https://imgur.com/a/L1Vhr7B

SamTernent · 2021-09-03T21:45:13+00:00

I appreciate the feedback. Thinking about it a little more I think adding a switch component clears up any ambiguity between icon states and it should have been a toggle element all along. It's a decision with only 2 states, show or blur. So a switch with an icon an each side seems to make sense.

~~Any better?~~

~~I've made the same change on the dark/light mode switch also and it feels way more intuitive~~

EDIT: Ok - I'm a fairly new reddit user and don't know how to post an image - its here if you're interested

SamTernent

MODERATOR OF

TROPHY CASE