Disabled E2EE encryption keys still active - Joplin Cloud

Version: Joplin 2.10.19 (prod, win32)
Sync Version: 3
Profile Version: 42
Keychain Supported: Yes
Revision: 1100ab0
Victor: 1.0.0
O.S.: Windows 11

I'm trying to fix the E2EE for my devices. Previously I had Joplin installed on two laptops (macOS and Windows), as well as an iPhone. I backed up my data and have deleted Joplin from all 3 devices and re-installed only on Windows. I deleted all local files I could find (in AppData and C:\users****.config), did the "Re-upload local data to sync target" option, and also ran the Victor plugin after the fresh install to try and clear out everything I could from the Joplin cloud server. Before syncing to Joplin Cloud, Joplin is empty (as should be) and I do not see any notes/data, including E2EE keys. As soon as I sync to Joplin Cloud, Joplin pulls everything back down to the local including a host of old E2EE keys. Even if I re-upload local data to sync target and run Victor again while synced to Joplin Cloud, I am unable to find a way to remove everything from the Joplin cloud server so I can start fresh. The end goal was to only have one E2EE key. That said, if I had to have a bunch of disabled keys, that's fine too as long as it works. But, currently, after the fresh install, sync and running Victor it continues prompting me for old keys that show to be disabled and will not sync a new encryption key if I create one after attempting to delete all of my local and remote data. The very first E2EE key I created (last year) is in the disabled key list, but has a checkmark in the Active box and prompts for a password. Even after entering the correct password for that old key, it still doesn't work correctly and I can't clean out all of the data.

Please reference this post as I seem to be having the exact same issue > Delete encryption keys from Joplin Cloud. I can post logs/pics or whatever here or to Github if needed...just let me know.

Even though I'm pretty sure I started off with Joplin setting up E2EE correctly, it seems to have screwed up...a common thread I've been seeing in the forum among many other users. Either way, whether my fault or not, this issue is pretty annoying. I've had issues with E2EE since the beginning (and it's really the only issue I seem to have). Add to that the fact that developers have obviously not prioritized or refused for several years to give users the ability to easily delete E2EE keys even though numerous users have had issues with E2EE...and it seriously makes me reconsider paying for Joplin again.

You can't delete E2EE keys. What do you want to do exactly? What is the issue? (in a few words if possible, so that we can focus on one problem at a time)

I can no longer sync E2EE via Joplin Cloud. There appears to be an issue with old E2EE keys still being active. I'm having the same issue as this post "Delete encryption keys from Joplin Cloud" (I would provide link but it won't let me). As soon as I sync to Joplin Cloud, it pulls the old keys back down and wants the password for an old key that is currently disabled.

Updated post title to accurately reflect the issue

wants the password for an old key that is currently disabled

I've recently merged a pull request that fixes this issue. So if a key is disabled, the app will no longer ask for the password for it. It will be in the next version, and I guess in the meantime you can simply ignore this message asking you to enter the password.

1 Like

Ok. So, I just reset the Master Password and created a new E2EE key. The new key had a checkmark in the 'Active' column. After a while, I checked back on it and the new key is no longer checked as 'Active'. Now the old disabled key is checked 'Active' even though it is disabled and has a red X under the 'Valid' column. Any ideas?

There's some heuristic to decide what should be the active key, which in most cases work well. But indeed in this case it make sense to pick it as active if it's currently disabled. I'll take a look at it and try to find a fix

Issue is here: Improve selection of active E2EE key · Issue #8254 · laurent22/joplin · GitHub

1 Like

Thank you for your help!

I've released a new version which addresses a few issues related to E2EE, and which should fix your issue too:

In particular, when you start it, it should select the correct key for encryption. Please give it a try and let me know if you still notice any issue.

Installed new release on desktop. All appears well at the moment. Correct key is selected for encryption and it has not changed for the past hour or so. Will continue to monitor. Only thing I've noticed is the orange banner that now appears on mobile device (re-installed mobile to start fresh), but that is a minor annoyance as far as I'm concerned. The notes are synced to mobile and appear to be encrypted, so I'm good with that. I appreciate you addressing this issue so fast.

Well, that's weird. After sending that reply, my desktop encryption shows to be disabled and now mobile encryption configuration shows to be enabled. I did not edit either one of the encryption configurations.

So I corrected the desktop app encryption to be enabled, then I disabled encryption on mobile again. They both synced fine. Then less than 5 min later, desktop encryption again shows disabled and mobile app encryption shows enabled. Not sure what is going on @laurent

It seems you want to have E2EE enabled on desktop but disabled on mobile, is that correct? This cannot be done, as it needs to be enabled everywhere or disabled everywhere. And you only need to enable/disable on one device, as the state will then be synced to other devices. But please clarify what you are want to do exactly.

Yes that orange banner on mobile also shouldn't be there, and that will need to be addressed

Ah, I didn't realize the enable/disable status would be synced along with the key to other devices. I was under the impression the only device that should have the status set to 'Enable' was the 1st device. I'll redo the process to make sure I do it correctly and it works right.

Ideally E2EE should only be enabled or disabled from one device, but once that's done this status is indeed going to be synced to all the devices. In fact, whether E2EE is on or off is more a property of the server, and the apps just show you what that property is

Interesting. Good to know! I appreciate your help and the work you do on the application.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.