Home / GitHub Page

Confused about encryption password

Hello all,

I was trying to sync Joplin (Android version 1.0.311) on my new phone (running Pie). I entered the decryption password, hit “Save”, and nothing happened. Tried that a couple more times, same thing. I went into the desktop version (Windows 10, Joplin version 1.0.174) and to change the password, in case I had gotten that wrong. I entered a new password, and the green check mark under “password ok” changed to a red x - I don’t know what that means.

Could someone explain what I’m doing wrong? Thank you!

What is your sync target on your Windows 10 machine and did you also connect to your sync target on your phone?

You can try doing the following to see if it resolves the issue.

  1. Change the master password back to what you had before on your Windows 10 machine.
  2. Press the “Synchronize” button and wait until it completes.
  3. Repeat step 2 until you no longer see any sync changes listed
  4. On your phone, press the “Synchronize” button and wait until it completes. You may be prompted for a password at this time. If not, wait until it completes and then go to “Configuration” -> “Encryption Config” and ensure that encryption is enabled and enter your master password.

If that doesn’t work then you can try to follow the steps listed at the link below.

You can not change the the password. Joplin uses a very unintuitive encryption scheme. You turn encryption on and joplin creates a master key, it then asks that you add a password. From that point on all notes written on that machine will be encrypted using that master key and password. If you sync with another device Joplin will also sync the master key and ask you for your password to unencryp files that were encrypted using that master key. If you don’t remember the password then you can’t decrypt the synced files. And again, you can’t change the password once it’s set.

Your best bet would be to stop the sync, erase the files on all but one machine. See if you remember the old password on the machine you originally set the password on - if you type it and you get a green check mark - and them restart the sync. Wait for the number of encrypted sync files to be the same on the synced machine as on the original machine and them introduce the password.

If you don’t remember the password you original typed… then things can get a bit more complicated… especially in Joplin.

@boring10 @AlucardNoir Thanks for your responses!

What I actually did was stop synchronization of Joplin from my desktop computer, decrypt the files on my desktop, delete the app on my phone, reinstall the app, and set up my phone to synch with Dropbox again. Synchronization worked, but:

  1. all of the notes are visible to me on my phone, they’re all unencrypted - I did not re-enter my password
  2. when I go into the Encryption Config section of the settings, it says that encryption is enabled
  3. the password field is empty and has a red X next to it

I’m not at home so I can’t check that Joplin on my computer is still set to be unencrypted, but I don’t see why that would have changed.

I’m tempted to just export all my notes and start a new Joplin account, first making sure I have a better understanding of how it all works.

So, to clarify: the password is used so that Joplin will user the master key to encrypt/unencrypt, but I don’t need to enter the master key myself at any point? Should I also record the master key somewhere secure i.e. a piece of paper in a hidden place? Or is it just necessary to know the password?

Thanks for any further explanation you can provide!

@grag the master password should be something that is unique that you will remember. If you need to store it in a password manager or however you store it in case you need to remember it later then you will want to do that. That password must be entered on any device that you plan to use Joplin with. For instance, you will need to enter it on your desktop and you will need to enter it on your phone.

  1. I would guess that when you initially entered your master password that some of your files were synced and decrypted but there may have been errors that caused it not to register properly.
  2. Encryption being enabled signals that you would like to encrypt your files. You will want to make sure that you manually enter the same master password that you used on your desktop to ensure that you can encrypt/decrypt your files on both devices.

If you want to export your data from Joplin I believe that the recommended method is the JEX format. To ensure that you remove Joplin completely you will want to delete the ~/.config/joplin-desktop directory. For Windows 10 that would be something like C:\Users\your_username\.config\joplin-desktop. The .config is a hidden folder so by default you will not see it listed on Windows. You can change this by opening your file explorer and select “View” -> “Hidden items”. I believe that you will also need to delete the “Joplin” folder that is located in the “Apps” folder on Dropbox or you will just end up trying to access the original files again.

Joplin uses E2E encryption. This means that the files will be decrypted on your computer/phone but encrypted before being synced to Dropbox and stay encrypted. The files are only decrypted once they are downloaded to your phone/computer, as long as the master password is correct.

One thing to keep in mind is that the phone app, I can only speak for the Android version, does not handle decrypting files that are larger than 10MB. If you think that you may have files that will be synced that are larger then you will want to change your attachment setting to manual to prevent the app from becoming stuck trying to decrypt the larger file.