Home / GitHub Page

Can't set password for encryption key

I am using Joplin 1.0.175-2 on Arch as well as on Android. There was some kind of snafu in setting up a new Android client and now there is apparently an orphaned master key. There is a banner at the top of my Joplin desktop client saying “One or more master keys need a password,” with “Set the password” as an active link that brings up encryption options.

On the encryption options page, I have my main/default master key that I’ve been using for over a year. I also have a “Missing Master Key” with only the key ID showing – no way to set a password or otherwise change or remove the key.

I’d like to remove this key or at the very least set the password for it. How can I do this?

1 Like


I ran into the same issue across all three of my platforms the first day I started messing around with Joplin. Also, glad to see someone else here is an Arch user (although, I’m now using Artix, an off-shoot with a focus on removing Systemd altogether, but I digress).

The solution I found (despite being a pain to do if you have a large amount of notes and to-do lists) was as follows:

  1. Backup everything. I would highly recommend making a Jex file export that is encrypted (in case) and syncing that with whatever cloud service you are using.

  2. Make a full sync across all of your platforms and make sure they all have the same files and changes made (don’t want there to be any loss of notes or information).

  3. If conflicts arise (you’ll see them at the bottom of your left pane under all of your notebooks), make sure you fix those quickly. All of the ones I’ve ran into were easily fixed by just deleted the conflicts (since they were old versions that were updated in my main notebooks).

  4. If you are worried about your notes being released on the web before the next step, I would highly recommend creating a pCloud or Mega.nz account. I’m currently using pCLoud as my syncing service and it has in its privacy policy that there is no way for them to ever decrypt your uploads due to Swiss privacy laws and how it’s fully encrypted already from client side to server side and back. More info for how to setup syncing to it here. After creating your account, set syncing intervals to Never in Configuration on your Android phone only at this moment (that way Joplin doesn’t try to prematurely sync your notes and possibly mess things up) and switch from your current one to WebDAV in your configuration. You’ll also need to fully upload your entire notes directory to a set directory in your pCloud drive and then manually sync to that or else Joplin will throw an error about wanting to fully delete your directory and all of your notes. Scary stuff. Also, make sure to hit Check Sync Configuration before leaving to see if any errors show up. If none do, you should be good to go.

  5. If you decided not to change your cloud syncing service, please either set all of your other devices to either sync to File System or set Syncing Intervals to Never. You don’t want them to pull your current syncing yet in case there are issues with your decryption.

  6. Since you have a Missing Master Key issue, I would go into your Android Configuration for Joplin, select Encryption Config and tap Disable Encryption. It may throw a warning, but hit OK. It will remove your encryption from all of the notes that are using your key on your phone (which does defeat the purpose a bit of privacy but if they remain encrypted when you try to recover them and your password isn’t working, you could permanently lose access to all of them otherwise, anyways).

  7. Depending on size, amount of extra content (like images and whatnot) and how fast your network speed is, this last step may take a good while. Make sure your phone is on the charger, that no system updates are trying to install (varies by phone), and that your internet connection is solid, and just wait. If everything goes well, it shouldn’t throw any errors and should say something about Completed. Your phone should also show all of your notes with no conflicts.

  8. If everything went well, check your cloud storage drive to make sure it looks like you want it to. If not, move all of your Joplin files on it to whatever folder you are wanting to use, update your sync Config, and resync until you are satisfied.

  9. Move on to your next mobile device or tablet before moving to your desktop. Repeat Step 2 through 8, making sure everything matches.

  10. For each device, if no errors arise and everything is kosher, Uninstall the Joplin App from the previous device to remove previous configurations.

  11. Once done with that, move back to your desktop and repeat Steps 2 through 8 for it.

  12. Once everything is fully decrypted and synced, backup your notes again using the Jex export and possibly something like 7zip for the entire directory (you can never have too many backup plans for this stuff).

  13. Do one last check on everything. Once you do the next steps, if anything goes wrong, you may have to start over from Step 1 and try again. Don’t delete your Joplin files from your original syncing service or cancel your account just yet in case you need to start over.

  14. Fully uninstall Joplin from your Desktop. Since you’re on Arch, removing Joplin’s configuration files is super easy. They should be under $HOME/.config/joplin (for CLI) and $HOME/.config/joplin-desktop (for Desktop). Back these up and then delete both folders if they exist.

  15. Reinstall Joplin on Arch. When you start it up, it should have the Welcome Notebook with nothing else.

  16. Import your Jex file from Step 12 and / or Set your Sync settings to what you set your cloud syncing service to be from Step 4 on.

  17. Wait for the files to sync.

  18. Check to make sure everything looks good.

  19. On Arch, Enable Encryption and set a new password (for security purposes, I wouldn’t reuse your old Master Password; instead, if you have a Password Manager, generate a solid new one). Document this password somewhere safe that you won’t lose it at but will never have to worry about someone stealing it either.

  20. Let it do its thing so that all of your notebooks are reencrypted and synced.

  21. If you changed your syncing service in previous steps and want to go back to your old service, and everything is still good on your end, delete or move the old service synced folders on your cloud drive and then upload your new folders so that the files match between both syncing services.

  22. Sync again.

  23. Reinstall Joplin one device at a time.

  24. Set your sync configs to match your Desktop.

  25. When prompted with that yellow bar at the top about a Master Key, add your Desktop’s Master Key to your Encryption settings. Should get a check mark.

  26. Rinse and repeat for each device until all are synced together and all notes are decrypted.

Thank you for reading this long step by step. I hope it helps you out. :smiley:

Nice writeup! I still think it’d be a nice feature to be able to either permanently dismiss the “One or more master keys need a password” message, or (even better) allow users to purge orphaned keys, rather than spending a morning wiping and reinstalling everything.

1 Like

Thanks. There’s probably better ways to handle it, like exporting your notes to RAW or MARKDOWN, but I’m not 100% sure what the major drawbacks are to doing just that.