Links
-
Project idea: Support for encrypted notes and notebooks
-
GitHub profile: Georgi Popov
-
Forum introduction post: Georgi’s Introduction post
Joplin Pull Requests
-
https://github.com/laurent22/joplin/pull/14482 - Added translations to Bulgarian language (merged)
-
https://github.com/laurent22/joplin/pull/14505 - Fixed translations to Bulgarian (merged)
Other Open Source Contributions
-
Buildforce/cli – Fix getting correct project version (merged)
-
Modelcontextprotocol/csharp-sdk – Fix issue handling JsonSerializerOptions without TypeInfoResolver (unmerged)
-
Dotnet/aspnetcore – Simplified code using lambda expression (merged)
1. Introduction
Background / Studies
I am currently in the final year of my Software Engineering bachelor’s degree at Plovdiv University, Bulgaria. Previously I graduated from a secondary school specializing in Application Development. I have also completed several courses at SoftUni including C#, JavaScript, Angular, React and DevOps.
Programming Experience
I have around two years of professional experience as a developer. My primary experience is with .NET, JavaScript, SQL and cloud technologies. Recently I have also been working on integrating AI agents into internal systems. I also have strong interest in Docker, Kubernetes, TypeScript and DevOps practices.
Open Source Experience
I actively explore open source projects and contribute when possible. I have several merged pull requests including contributions to the Joplin project and other repositories.
2. Project Summary
Problem
-
Notes become accessible immediately after opening the application.
-
Sensitive information may be exposed on shared devices.
-
Joplin supports End‑to‑End Encryption (E2EE) only for synchronization, not for local access.
Proposed Solution
-
Encryption for individual notes
-
Password‑protected access to encrypted notes
-
Optional encryption for entire notebooks
-
Encrypted attachments and resources
Expected Outcome
Users will be able to mark notes as encrypted. The content will be securely stored using AES‑256 encryption and decrypted only in memory after the user provides the correct password.
- Understanding Existing Joplin Encryption
Relevant parts of the codebase:
-
packages/lib/services/e2ee/
-
packages/lib/models/Note.ts
-
packages/app-desktop/gui/NoteEditor
-
packages/app-mobile
Architecture Overview:
-
UI (Desktop / Mobile)
-
Note Service
-
Encryption Service (new component)
-
SQLite Database
3. Technical Approach
Encryption Strategy
-
AES‑256 symmetric encryption
-
PBKDF2 for password‑based key derivation
-
Derived key: Password → PBKDF2 → Encryption key
Data Model Changes
-
is_encrypted flag
-
encryption_algorithm
-
encryption_salt
-
encryption_iv
Encryption Service Responsibilities
-
Encrypt note content
-
Decrypt note content
-
Handle encryption metadata
-
Manage encryption keys during runtime
Technologies
-
TypeScript
-
React (Desktop UI)
-
React Native (Mobile UI)
-
AES encryption
-
PBKDF2 key derivation
- Security Design
Threat Model
-
Protection from unauthorized local access
-
Protection when device is shared
-
Protection if someone accesses the SQLite database
-
Protection of exported note files
Important Note
This feature complements Joplin End‑to‑End Encryption and does not replace it.
- Key Management Strategy
-
Passwords will never be stored.
-
User enters password when unlocking a note.
-
PBKDF2 derives encryption key from password.
-
Encryption key exists only in memory while the note is unlocked.
-
When the note is locked or the application closes, the key is removed from memory.
Stored Metadata
-
Salt – used for PBKDF2 derivation
-
IV – used for AES encryption
- Synchronization Behavior
-
Encrypted notes synchronize normally through Joplin sync.
-
Note content remains encrypted during synchronization.
-
Another device downloads encrypted data.
-
User must provide password to decrypt and read the note.
- User Experience
Encrypting a note
-
User opens note options
-
Selects 'Encrypt Note' toggle
-
Password dialog appears
-
Note becomes locked and encrypted
-
Locked notes display a lock icon
Opening encrypted note
-
User clicks the note
-
Password prompt appears
-
After entering the correct password the note decrypts in memory
4. Implementation Plan
-
Week 1–2: Explore Joplin codebase and encryption system
-
Week 3: Design EncryptionService
-
Week 4: Implement encryption for note content
-
Week 5: Add encrypted metadata fields
-
Week 6: Implement decrypt workflow
-
Week 7: Desktop UI integration
-
Week 8: Mobile UI integration
-
Week 9: Encrypted attachments
-
Week 10: Synchronization compatibility testing
-
Week 11: Testing and performance improvements
-
Week 12: Documentation and final polishing
5. Deliverables
Implemented Features
-
Per‑note encryption
-
Password‑protected access
-
Encrypted attachments
-
UI controls for encryption management
Testing
-
Unit tests for EncryptionService
-
Integration tests for note lifecycle
-
Edge case tests (incorrect password, corrupted data)
Documentation
-
Technical encryption design documentation
-
User guide for encrypted notes
-
Developer documentation
6. Availability
-
Part‑time during weekdays (mostly evenings)
-
Full‑time during weekends
-
Timezone: Eastern European Time (UTC+2)
-
Location: Plovdiv, Bulgaria
-
Some days reserved for university exams