Home / GitHub Page

Delete E2EE Master Keys

After enabling and disabling encryption, I noticed Joplin creates a new master key each time. Is there a way to clean these up and delete unused master keys? It seems like they’re stored in the sqlite database, but didn’t want to go hacking through that if there was an easier way.

It’s not possible but if they are not used anyway, they simply don’t do anything. However, a bigger problem would be to accidentally delete the wrong master key and then end up with items that cannot be decrypted.

Probably if there was a need to keep the list master key cleaner, there could be an option to hide some of them. But deleting them most likely will never be an option.

See also https://github.com/laurent22/joplin/issues/810

Why not?
Even PGP offers you the ability to delete/manage keys. I do not see where the problem is, as long as you give people enough warnings.
On the other hand, a proliferation of never-used keys is just plain messy and is not really useful to anyone.

Besides, you end up with the annoying orange “set the password” banner that never disappears unless you set up some password for all the inadvertently-generated keys that will never be used anyway. And this banner takes up screen space both in the apps and on the desktop.

The master key is just a row of a few bytes in the database so it doesn’t affect anything and even if it’s messy, users almost never need to go to the encryption config screen. That being said, I’ve never realised that it was prompting for password for these old keys with no way to disable the prompt. That should indeed be fixed.

Thanks for the reply, Laurent. That fix will definitely improve matters.

1 Like

Agreed, having old keys with a message banner that constantly keeps asking for a password is annoying!

Has this been resolved?

true but it’s not fixed yet

Still not. I agree it’s a bit of an annoyance and would certainly accept a pull request for it, but on my side it’s relatively low priority.