Encrypting individual notes

I would like to have the option to encrypt/decrypt individual notes, the required key being asked by a popup dialog. This would make it possible to e.g. maintain personal information that should not be visible unless asked for.
Note this is unrelated to Joplin’s E2EE which affects storage and communication of all notes.

6 Likes

Like Evernote does for example ?
Personnaly i don't find that convenient. I Often swear because I set a pass I may forgot :wink: So the note is lost for ever :frowning:

1 Like

After importing all my notes into Joplin I realised I couldn’t read the notes that I had encrypted in Evernote.

I had to go back into EN and decrypt, one at a time, the over 500 notes I had encrypted before importing them back into Joplin This was a real pain.

I wouldn’t want to go through that again if for whatever reason I have to move my data to another app.

1 Like

@foxmask: Fortuantely, noone forces you to use this.

@Kassimleslie: What you describe looks more like a shortcoming of Evernote.
We can easily overcome this by choosing an encryption algorithm that is supported by other tools as well, so it will be possible to decrypt the notes outside of Joplin if necessary.

1 Like

I am all for it if such an encryption algorithm is possible.

https://www.tecmint.com/linux-password-protect-files-with-encryption/

Most likely app-level local encryption will never be an option (unless someone makes a good PR), because of various reasons that have been discussed. It’s probably a good idea to look at alternative that provide actual security (and not just the illusion of it!). For example:

  • To share a device with someone: Create “guest” accounts on your device and switch to them when you give it to someone else. Very good for many other reasons, for example it doesn’t matter if your kids install all kind of free2play games loaded with malware - your data will still be safe.

  • To prevent your data from being used if your laptop is stolen: Encrypt sensitive data with something like TrueCrypt (or one of its forks).

There are many other ways to keep your data secure and it’s worth getting use to them because they provide real security. App-level encryption is more like obfuscation - it will prevent someone who doesn’t really care from looking at your data. But someone who does care can still easily find a way to bypass it.

4 Likes

I don’t understand. When Joplin encrypts a note for me, asking me for the key, how can anyone easily find a way to bypass it? The key is not maintained by Joplin and not stored permanently.

I have a similar desire as @sciurius
Currently I’m making the transition over from Evernote to Joplin. It’s wonderful software so far!
My only concern is that in certain notes I keep very sensitive passwords and used to encrypt these notes individually in Evernote so that they could not be read without the decryption password.

I would like to have something similar in Joplin, if that’s possible with a TrueCrypt fork like VeraCrypt I’d also be happy to use it. But will using something like TrueCrypt make the files themselves encrypted only on my laptop, or will they also be encrypted on my NextCloud server? Sorry I’m a bit of a novice when it comes to this stuff!

Using Linux Mint 19.3

@jreus

Welcome to the forum.

When you use something like Veracrypt or Linux Mint’s inbuilt LUKS encryption the data is encrypted on your computer when the volume is not mounted / the system is powered off. It does not encrypt individual notes in Joplin. To protect them on the cloud storage you would use the End to End Encryption (E2EE) facility in Joplin. Traffic to and from the cloud server would then be protected by a combination of https and E2EE because Joplin would be sending and receiving encrypted notes over encrypted https.

1 Like

Ah, so maybe I misunderstood the functionality of E2EE in Joplin. I thought it was only doing encryption during transmission. So you’re saying that the notes are actually stored encrypted on the remote/sync server as well?

Yes, that’s right. The notes are only unencrypted on your devices with Joplin clients that are linked to the share and have the E2EE password. Basically it enables a “zero-knowledge” setup even if you use commercial cloud storage. So if your on-line storage provider has a rummage through your Joplin notes folder, or they are unlucky enough to get hacked, your notes are encrypted. This does mean that you cannot access your notes directly using the storage provider’s web portal but you should not do that even if they are unencrypted!!. Modifying Joplin notes should be done in the clients only. The cloud service is just used to sync the notes between clients.

As you are using Nextcloud, when you create your notes folder name it prefixed with a full stop ., say, .Joplin, then you can hide the folder in Nextcloud so you do not accidentally modify / delete it or its contents.

Also I noticed you use Linux Mint. If you haven’t already done it, this distro is easy to set up with LUKS when installing.

1 Like

Thanks for the clarification, however, a related question. I’m writing a blog entry about Joplin for use in K-16 education. While I’m familiar with solutions like Veracrypt, etc., I’m taking an angle that Joplin offers encryption of notes AND pictures attached in a note. Imagine how this would be helpful when safeguarding sensitive data. The dpoulton comment suggests that notes are encrypted at rest. But in a quick test, I found that the resources file only needed to be renamed (pic.jpg) to be viewable.

When E2EE is turned on, notes are encrypted at rest on cloud storage (e.g. Dropbox). However, resources (e.g. images, attached items) in the .resources folder are NOT.

Is that accurate to assert, that resources such as pictures/photos/attachments are not encrypted? Only the note is?

In eager anticipation of correction and guidance,

Miguel Guhlin
@mguhlin

@mguhlin

I am just a user and not a dev so maybe they can give a definitive answer however in light of your post I did a test.

I found an image attached to a note and noted down its resource name (something like :/012345678491437b9696718a0f091477).

On my desktop computer in the resources folder I found:

012345678491437b9696718a0f091477.png, and
012345678491437b9696718a0f091477.crypted

I have always assumed that the crypted file is the one Joplin sends to the cloud storage.

I then searched my Nextcloud Joplin folder for 012345678491437b9696718a0f091477 and got two results:

012345678491437b9696718a0f091477.md which contained metadata and

.resource/012345678491437b9696718a0f091477 which was an encrypted file.

Then, to be sure, I downloaded the entire .resource folder added .png to all files and browsed it using FastStone image viewer (which will recognise an image file even with the wrong extension). No files displayed as an image. I also sampled a large number of files and all were text files starting JED and containing keys such as "cipher":"aes","salt". No unencrypted files.

So Joplin is encrypting resources “at rest” for me.

Could it be you are looking at an old file(s) in your cloud storage that had been synced to your online storage before you enabled E2EE?

2 Likes

You're right, @dpoulton, that's exactly what I was doing. The sync had not finished. I'm glad to have that settled!!

:slight_smile:
Miguel Guhlin

1 Like

I would also like to have the possibility to encrypt individual notes or notebooks. In that way it would be easier to keep private stuff and other non-private notebooks. Is there a plan to develop this feature?

What is the use case you have in mind that you prefer non-private notebooks?

This separation of private and non-private made sense in the Evernote world because Evernote has access to your non-private notes. But with Joplin, once you enable encryption, you are the only person with access to the notes - not Joplin, not your cloud/sync service. So all your notes are private. Hence my question, what is the use case for choosing to make some of your notes non-private?

Another vote for local encryption. The images and sqlite db are wide open. Perhaps as a start the sqlite db can be password protected. I keep personal notes on a work machine and I would like to encrypt everything under .config/joplin-desktop.

Just because all my notes are in Joplin and sometimes I show some of them to colleagues. That's why it makes sense to encrypt some of the notebooks.

1 Like

@jb261
So you're actually interested in selective note or notebook encryption, because encrypting the whole profile folder would help when you "show to colleagues"- correct ?