1. Introduction
Background and Academic Focus
I am a Computer Engineering student with a strong interest in building secure and scalable software systems. Throughout my academic journey, I’ve focused on understanding how software architecture works in real-world environments and applying that knowledge through hands-on development. Most of my work revolves around modern JavaScript and TypeScript ecosystems, where I enjoy designing clean, maintainable solutions that balance performance and usability.
Professional Experience
Over the last eight months, I have been actively involved in professional development work, moving beyond academic projects into production-level applications.
-
Junior Developer (Current – 5 Months):
I am currently working on full-stack e-commerce platforms and mobile applications using React, Next.js, and Node.js. My responsibilities include building UI components, implementing APIs, handling database interactions, and ensuring that the overall system remains scalable and maintainable. -
Software Intern (3 Months – Yeti Nepal, Pokhara):
During my internship, I focused mainly on mobile development using React Native and Expo Go. I worked on improving application performance, fixing UI issues, and building new features to enhance user experience.
My main development stack includes TypeScript, Express.js, Nest.js, Prisma ORM, React, and React Native, and I regularly work with Git/GitHub and Slack for collaboration and version control.
Open Source and Community
I actively contribute to open-source projects on GitHub under the username Jery7675. Open source gives me the opportunity to learn from real-world codebases and collaborate with developers globally.
Joplin particularly interests me because it stands for privacy-first software. While sync encryption is already strong, I believe improving local data security would make the platform even more robust and trustworthy for users who rely on it for sensitive information.
2. Project Summary
The Problem
Joplin already provides strong End-to-End Encryption (E2EE) for synchronization, which protects data in transit and during cloud storage. However, notes stored locally on a device remain in plaintext, which creates a potential security gap.
This can lead to several risks:
-
Sensitive notes may be visible on shared or public devices.
-
Anyone with access to the filesystem or SQLite database can read stored notes.
-
If a device is lost or stolen, all local notes can be exposed.
In short, while sync security is strong, local data protection still needs improvement.
Proposed Solution
The idea is to introduce optional client-side encryption for individual notes and notebooks, allowing users to lock sensitive content directly on their device.
Key aspects of the solution:
-
AES-GCM encryption for secure and efficient data protection
-
PBKDF2 or Argon2 for strong password-based key derivation
-
Zero-knowledge design, meaning passwords and keys are never stored
-
Granular locking, allowing users to encrypt a single note or an entire notebook
This ensures that only the user can access protected content, even if someone gains physical access to the device.
Expected Outcome
After implementation, users will be able to lock notes and notebooks with a password, making them unreadable without proper authentication.
Key results:
-
A simple lock/unlock option inside the note editor
-
Notes remain encrypted in storage and are only decrypted in memory
-
Encrypted notes will be excluded from search indexing to prevent accidental exposure
-
Smooth user experience across desktop and mobile platforms
This would significantly improve Joplin’s privacy model by protecting both synced and local data.
3. Technical Approach
Architecture
The implementation will follow a clean and modular structure to ensure maintainability and easy integration with the existing Joplin codebase.
Flow:
UI Layer (Lock/Unlock Controls)
→ Service Layer (Encryption Logic)
→ Crypto Module (AES + PBKDF2/Argon2)
→ Storage Layer (SQLite Database)
This separation keeps encryption logic independent from UI and storage, making the system easier to maintain and extend.
Security Design
AES-GCM
AES-GCM will be used because it provides:
-
Data confidentiality
-
Integrity protection
-
Efficient performance
-
Authenticated encryption
This ensures that encrypted notes cannot be modified or tampered with.
Metadata Handling
Each encrypted note will store:
-
Unique salt
-
Initialization Vector (IV)
-
Encryption metadata
This ensures that even identical notes produce different encrypted outputs and remain secure.
Risk Mitigation
To prevent data loss during encryption:
-
A temporary backup will be created
-
Encryption will be validated before replacing original content
-
Rollback will occur if any failure is detected
This guarantees safe transitions from plaintext to encrypted notes.
4. Implementation Plan
Week 1–2: Research and Codebase Study
-
Analyze Joplin’s storage and note handling system
-
Identify hooks and integration points
-
Understand encryption and sync mechanisms
Week 3–4: Crypto Module Development
-
Implement AES-GCM encryption
-
Implement PBKDF2/Argon2 key derivation
-
Test encryption and decryption independently
Week 5–6: Core Integration
-
Connect crypto module with note services
-
Add encryption and decryption workflows
-
Ensure compatibility with existing storage
Week 7–8: UI Development
-
Add lock/unlock controls in desktop UI
-
Implement mobile UI in React Native
-
Ensure smooth user experience
Week 9–10: Notebook and Attachment Encryption
-
Extend encryption to notebooks
-
Handle attachments and metadata
-
Optimize performance
Week 11–12: Testing and Documentation
-
Test edge cases and failure scenarios
-
Validate wrong password handling
-
Write developer and user documentation
5. Availability
-
Weekdays: Available in the evenings (part-time)
-
Weekends: Available full-time
-
Exams: Some university exams are scheduled; dates will be communicated in advance
-
Location: Nepal (UTC +5:45)
GitHub: Jery7675