Encryption when stored in the cloud keys are also there

Joplin 2.7.15 for Mac osx desktop 12.3.1

I don't know how encryption supposed to work but I noticed when I set up to have my notes stored on OneDrive that when I'm looking at my notes from OneDrive I can see all of them encrypted but I also see a file called "info.json". When loading that file into a text editor I can see my public key and private key. Now wouldn't stand a reason that if you can see those keys you can then to creep decrypt someone's notes? Now if OneDrive was to get hacked that would these keys be available to the hackers or am I seeing this or understanding this wrong?

The keys are encrypted with your master password.

so if someone was able to get my public and/or private key they would still need my password in order to decrypt is that what you're saying?

Yes that's correct, none of the keys (except the public one) can be used without your password.

both public and private keys our in a text file called info.json. And else those keys are encrypted to and both need the password

sorry I don't understand your post, and not sure if that's a question

yes it was a question sorry. I'm saying that the public key is also in that info.json file and I can read it so if the public key is there then if someone was able to get it they could then read my notes without a password right?

sorry if I have taken up any of your time just trying to understand how this whole thing works. Thank you very much for your thoughts. All leave this post for now you have a great day.

They can't decrypt your notes with your public key. They can however send you encrypted data, that only you can decrypt with your private key, and that's the mechanism we use for sharing encrypted notebooks. See also "public-key cryptography" - https://en.wikipedia.org/wiki/Public-key_cryptography

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.