Software Engineer · Dec 2024–present
Luvero
React 19ViteTailwind CSSVercel ServerlessPostgreSQLSupabase@noble/curves@noble/hashes+5 more
Overview
Designed and built a production-ready, zero-knowledge task management application with military-grade end-to-end encryption. The system ensures complete data privacy through client-side cryptography where passwords, encryption keys, and task data never reach the server in plaintext.
What I Built
- ▸Implemented sophisticated 5-layer key hierarchy: Password → Root Key (Argon2id) → Master Data Key → User KEK (HKDF) → Org Master Key → Task Data Key
- ▸Built sealed-box PKI system using X25519 elliptic curve + XChaCha20-Poly1305 AEAD for secure team invitations without pre-shared secrets
- ▸Designed atomic PostgreSQL RPC procedures preventing orphaned encryption keys during invite acceptance
- ▸Created comprehensive Row-Level Security (RLS) policies across database tables with JWT token validation
- ▸Developed client-side registration flow with one-time recovery seeds and automatic legacy user migration
- ▸Implemented multi-organization support with role-based access control (owner, superadmin, teammate, guest)
- ▸Built encrypted collections, sections, and task attributes with AES-256-GCM
- ▸Created complete audit trail with activity logging and membership lifecycle tracking
- ▸Developed CSV batch import, search/filtering, and real-time collaboration features
- ▸Designed human-friendly H-codes for easy member discovery and invitations
Technologies Used
React 19ViteTailwind CSSVercel ServerlessPostgreSQLSupabase@noble/curves@noble/hashes@noble/ciphersargon2-browserAES-256-GCMX25519XChaCha20-Poly1305
Impact & Results
- ✓Server never accesses plaintext passwords, keys, or task data - true zero-knowledge architecture
- ✓Database admins cannot decrypt user content, ensuring complete data privacy
- ✓Forward secrecy via ephemeral keypairs in sealed boxes
- ✓Production-ready security with comprehensive cryptographic architecture documentation