Home / GitHub Page

Delete E2EE Master Keys

After enabling and disabling encryption, I noticed Joplin creates a new master key each time. Is there a way to clean these up and delete unused master keys? It seems like they’re stored in the sqlite database, but didn’t want to go hacking through that if there was an easier way.


It’s not possible but if they are not used anyway, they simply don’t do anything. However, a bigger problem would be to accidentally delete the wrong master key and then end up with items that cannot be decrypted.

Probably if there was a need to keep the list master key cleaner, there could be an option to hide some of them. But deleting them most likely will never be an option.

See also https://github.com/laurent22/joplin/issues/810

Why not?
Even PGP offers you the ability to delete/manage keys. I do not see where the problem is, as long as you give people enough warnings.
On the other hand, a proliferation of never-used keys is just plain messy and is not really useful to anyone.

Besides, you end up with the annoying orange “set the password” banner that never disappears unless you set up some password for all the inadvertently-generated keys that will never be used anyway. And this banner takes up screen space both in the apps and on the desktop.

The master key is just a row of a few bytes in the database so it doesn’t affect anything and even if it’s messy, users almost never need to go to the encryption config screen. That being said, I’ve never realised that it was prompting for password for these old keys with no way to disable the prompt. That should indeed be fixed.

Thanks for the reply, Laurent. That fix will definitely improve matters.

1 Like

Agreed, having old keys with a message banner that constantly keeps asking for a password is annoying!

Has this been resolved?

true but it’s not fixed yet

Still not. I agree it’s a bit of an annoyance and would certainly accept a pull request for it, but on my side it’s relatively low priority.

I think it should be fixed, because i suspect it is the cause of this unwanted behaviour:

  1. I changed sync from Dropbox to self hosted Nextcloud.
  2. Because of this I do no longer want E2EE.
  3. Therefore I uninstalled Joplin from all devices except my main desktop computer.
  4. On the main computer I disabled E2EE and all notes were decrypted and synced to Nextcloud.

so far so good…

  1. I reinstall Joplin on my phone, pad etc and set up sync to the new Nexcloud instance.

  2. All notes are synced to the phone

  3. Then Joplin insist on having the password for the master key (although the notes are not encrypted).

  4. After providing the master key the phone starts sending all notes back to Nextcloud (which in turn makes the desktop computer also pulling all notes back from Nextcloud.

#8 above should not be necessary…

Please make it possible to delete unused encryption keys. It is total anoying and confusing! Do you think we are unable to figure out what key we need?
Or is the problem, that programming of deleting keys is a problem for you?
Please, leave it to the user to decice what key can be deleteted and which not. Or put at least a hide functionthere.
Thank you very much,

Just to get rid of this I just removed my notebooks on 3 desktops, cleared app data on one mobile and nuked the whole cloud folder after (presumably) one typo in the password on one of the new installs.

I think it’s clear there is a way to make removal of unused (for whatever definition of “unused”) keys perfectly safe (although the discussion about what checks, confirmations and backups need to be done might be a long one, never mind the actual implementation). But until then maybe some sql commands to clean up would be nice (and pretty safe as anyone engaging in such operations would know to make backups).

Actually nothing allow us to drop master key now.
There will be something done later. It’s already between the Laurent’s hands

If I wish to disable E2EE - can I just follow the FAQ?
I have a prompt “One or more master keys need a password. Set the password” - so I will just disable all devices one by one, no problems expected?

I disabled E2EE at all devices one by one.
Now I have the problem. Joplin crash at 2 different iPad. Crash while syncing WebDAV. And there is still message “One or more master keys need a password. Set the password” at desktop Joplin.
P.S. The 3rd iOS device syncing the same WebDAV account is iPhone iOS 10.3.3. It does not crash.

@Limping, can you provide a crash log when it happens? https://joplinapp.org/debugging/

Ok, I will do it.
Now I press Export Debug Report and i see gray: Creating report… nothing happens. I turned off WiFi, since Joplin crashed as usual during 1-2 minutes after start. At least with WiFi=off it does not crash.

And when I just press Log, I can see there DecryptionWorker mistakes. Has failed more than 2 times.

Joining the crowd here, I created a master key by mistake on a new installation. Basically I configured an encryption password before the 1st sync… I know, what was I thinking !
Since the master key wasn’t synced yet, obviously a new key was created. Now I have this annoying orange banner on all the clients.

What If I remove the master key file directly ? Would there be side effects ? I read the keys are also referenced in DB. Is there a manual way to clean things up in DB as well to make things right ?

Sorry I realize it’s my mistake and not many people may be concerned (hence not high priority), but still, shit happens and considering the exchange other people would like to get rid of unused keys. Even something manual would be fine if such a thing is possible in order to avoid providing something in the client (as I agree people erasing the wrong key by mistake would be much worse).

Removing the annoying banner would be the least but I’d rather a proper cleaning method than just masking things up.

Thanks in advance.


For now, can’t you input the password for the master key? That will remove the orange banner.


You can delete the master key (the .md file) from the sync target, and that will delete it from all the clients after sync. But it’s generally not recommanded to directly change stuff on the sync target.