Delete E2EE Master Keys

Support
28

I opted for Laurent’s ill-advised suggestion above of deleting the master key .md files directly from the Dropbox source (where I keep my sync content). It worked beautifully in the end but there are caveats and it can certainly be dicey. I just wanted to add my notes here for others who may want to try this in the future. Sorry for the length of this post, but this is a finicky process that I wanted others to be able to attempt.

Before you Begin:

  • Like Laurent warns, you could corrupt your entire note “database” doing this. You have been warned!
  • Only start this process if you are getting rid of ALL your master keys and starting fresh. If you are only removing some master keys, this will surely break more things than it will help.
  • There are objects that sync in the background BEYOND just notes. Especially when using mobile apps. So just because all of your notes are unencrypted doesn’t mean that all objects are unencrypted.
  • Ensure that ALL of your installations of Joplin have encryption successfully disabled before starting this. Double and triple check everything, re-sync multiple times, close and re-open the apps multiple times just in case. Especially on Windows, ensure you kill the background process too. Can never be too careful.
  • For added data integrity, export all your content from one of your installations before you begin in case something goes wrong.

My Process

  1. Disable encryption on ALL installations of Joplin. (See note about mobile apps in caveat below)
  2. Sync, re-sync, close, re-open, re-sync… do it a lot on all of them as it seems to take a bit to catch up with all the changes going on.
  3. Close and disconnect all the Joplin apps while changing the sync source. On mobile apps, make sure you Force Stop the app. On Windows, make sure you close the background process in the tray.
  4. Record the IDs of all the master keys from all of your Joplin installations. They are listed in the Encryption Settings. It’s good to know the passwords that match these keys too.
  5. Find the matching [masterkeyid].md files in your sync source location and MOVE them to a backup location. DO NOT DELETE them yet as you may need to put them back if anything goes wrong.
  6. Open ONE instance of Jopin and re-sync. Completely close that instance, open it again and re-sync again. This should remove the master keys from the encryption settings. Double check this.
  7. Once the above step is successful, repeat this for ALL Joplin instances BEFORE re-enabling encryption anywhere.
  8. After confirming all master keys are successfully removed and you can still read all of your notes, close all instances of Joplin once more.
  9. Choose one instance in which to re-enable encryption and create a single new master key. Re-sync and wait for ALL the notes to sync and stabilize.
  10. Open ALL other Joplin instances and re-sync. DO NOT re-enable encryption manually here as you will end up with multiple keys again. Wait for the sync to pull down the one master key and enter the password for each instance of Joplin.
  11. Once everything is synced and finalized you should be good to go with a single master key.

CAVEAT TO KEEP IN MIND ON MOBILE
I had uninstalled Joplin from one of my Android phones during this process assuming I could reinstall it fresh after everything was settled. However, it did not remove the saved data and settings when uninstalled. Thus on re-installing the app it brought back up some old settings and attempted to re-sync some background files using a master key that I was trying to remove. This forced the master key to be noted with an error saying that it was missing from the source. I thought I had hosed EVERYTHING at this point. Luckily, since I had saved the removed .md master key files, I was able to replace the master key in the content, unlock it with the password, and then successfully disable encryption again in the app. But then I had to clear everything out all over again and re-do a bunch of these steps. So if you remove Joplin from Android with this goal in mind, make sure you explicitly clear the data and cache first before uninstalling the app.

I know it is a lot of work, but for perfectionist types like myself (and likely any others who have searched into this topic), it is rewarding.

7 Likes