Home / GitHub Page

Enable encryption only for certain folder(s)

I’d find useful being able to encrypt only certain folders in Joplin.
This way in general I wouldn’t encrypt notes in general, making sync and setup faster and easier in new computers. But I’d still keep the ability to encrypt a subset of my notes with more sensitive data.
I think this is not possible currently. Not sure how hard to implement it would be either. Any thoughts on this?

1 Like

How would it make the setup faster or easier? You’d still have to do all the work with encryption keys you do now, but not all of your notes would be protected on the server.

Several aspects:

  • Having notes encrypted has the (minimal, but still possible) danger for missing all that info if I ever messed up or lost the master keys. This is an unnecessary risk for many notes where I don’t have sensitive data that I care about encrypting in servers.
  • When downloading all notes for the first time, if encrypted, I won’t be able to see them until the master key files are downloaded as well and I can introduce the corresponding requested password. With >5000 notes and growing at this point, this makes a difference in time I need to wait to start working on this when doing a new computer setup.

I’d say the setup speed is a minor detail, vs the more important aspect of not encrypting that which doesn’t necessarily require encryption.

One thing you could do now which is simple, is to export your secret notes to pdf. Then use your pdf reader program to encrypt the pdf file and link your note to that file after deleting the text of it. You’d have good encryption of specific notes only and access from Joplin via the link.

The pdf readers don’t usually encrypt documents but let aside the availability/cost/security of encrypted PDFs this doesn’t seem to be a solution, not a practical one. Once you create the “secret notes” at some point they’ll sync to whatever place you actually intended not to place them in clear text (like Onedrive, Dropbox, whatever). Sure, you can prevent that by pulling the network cable (or messing with the configuration or blocking Joplin in a personal firewall or setting airplane mode), making some notes, export them to pdf, then remove them from Joplin (hopefully they’ll be really gone) and then putting back the network cable (or undoing whatever config you’ve done so Joplin doesn’t sync in the meantime). This is certainly not a solution.

Not that I’m sure there is a problem in the first place. The notes are in clear on all devices (except the cloud) and you usually have at least two devices (this is why you want sync in the first place). Losing all devices, plus all their backups, plus forgetting the password seems to be a very far fetched scenario. And it’s much simpler and better to avoid this altogether by setting up some reliable backups or saving somewhere safe the password, it’s much less work than dealing with some encrypted and some not notes, more secure (as there would be no unencrypted notes stored in the cloud service) and safer for your data too (as you don’t go on the assumption that you can lose at any time all the encrypted notes).

Vb0, you apparently didn’t understand my proposal. When I said, link to a file and delete the text, I meant, oddly, link to a file, and delete the text. So, there is no clear text version. there is an encrypted file connected to your Joplin database with a link.

Blockquote The pdf readers don’t usually encrypt documents but let aside the availability/cost/security of encrypted PDFs this doesn’t seem to be a solution, not a practical one.

I do not know about most PDF readers. I use Tracker software’s PDF Editor and they have a free version that will do 256 bit AES encryption, and lesser ones. It is also fast and reliable. I’ve placed in on 200 client machines over a decade without issue. Adobe’s free version also has offered encryption for many years and is now up to 256 AES, which is very secure. So, any pdf reader that wants to be compatible with Adobe must also offer it, but, as I said, I haven’t looked at a lot of them. I don’t think the built in Windows 10 pdf reader offers it.

Blockquote Once you create the “secret notes” at some point they’ll sync to whatever place you actually intended not to place them in clear text (like Onedrive, Dropbox, whatever).

No. An encrypted file will not be in clear text. It will be encrypted. Furthermore, with a good password, (mine are normally 32 characters using all 4 character types and totally random), no one will be able to crack it in the lifetime of the universe.

The notion of using encrypted PDF files is very common. It is one of the easiest and simplest methods of sending secure information via email.

1 Like

This is not what you said, you said “export your secret notes to pdf”. That means obviously you create the secret notes first and implicitly as we’re on this forum you create them in Joplin. This means if you don’t disable the sync they’ll end up UNENCRYPTED in the same place you didn’t trust to keep them unencrypted (it doesn’t matter if NOW they don’t have the clear text version, if you don’t trust onedrive or dropbox or whatever to see your stuff it wouldn’t make sense to put it there in clear text first, then encrypt it then remove it and upload the encrypted version). So you’ll need to prevent Joplin from syncing in the first place for the time you have the secet notes in clear. And make sure nothing remains from them before you start syncing again.

You don’t need to know about “most” but when you say “use your pdf reader program” most people would understand “Adobe Acrobat Reader”. Which doesn’t create encrypted PDFs for sure. The hint with “Tracker software’s PDF Editor” is really good though.