PROTOTYPE: bytes-in-URL are encrypted (ChaCha20-Poly1305) with a key derived from the URL plus recipient email. Bytes-at-rest after claim are re-encrypted to your locally-generated key. Key rotation gates future incoming messages, not past ones. Production would add server-side TTL + 6-digit email confirmation + ratchet-style forward secrecy for high-stakes flows.
01 · Sender
Who signed this
02 · Confirm you are the recipient
Verify yourself
03 · Your capsule key
Generate or import your key
04 · Read the message
Open it.
05 · Verified message
(loading)
06 · Save your local copy
Re-encrypt to your own key
07 · Rotate keys
Generate fresh identity material