GSoC Idea - Password-protected notes

this is the topic in regard to the above-mentioned topic.
Anything on how to do this, how it shall be done, what features in shell include etc. is discussed here if an existing topic hasn’t been created yet, see idea description below.
Your interest in this idea shall be announced here, otherwise, it gets easily lost as we would need to remember each introduction.

This topic is used to update the specification of the idea as well, even if there is an existing topic, so interested students, watch it!
Anything that shell be discussed privately as e.g. if it involves your proposal will be discussed through a private channel what is currently in discussion.

As of the moment, I’m writing this, the idea’s description of https://joplinapp.org/gsoc2020/ideas.html#6-password-protected-notes is:

We would like to add an option to allow encrypting a note or a notebook with a password. When opening the note, the password must be provided to reveal the content.

Expected Outcome: The user select a note and has the option to encrypt it.

Difficulty Level: Medium
Skills Required: JavaScript; React
Potential Mentor(s): PackElend, laurent22

2 Likes

Hi @PackElend, I am Prashant Bajaj a Computer Science undergrad student from India. I am well versed in Javascript and React. I was looking forward to contributing to the Password-protected notes for Joplin. I would like to know how can I start with the same.

may you start as instructed in GSoC Live Blog, first we do familiarization before start talking about your proposal

If the note has been synced between platforms, then the note should also be protected on all the other platforms right?

YES

1 Like

So then We’d have to find a safe to transfer the notes between different client version. Do we have any encryption as of now in Joplin? I see E2E encryption. I’m quite unclear what that does.

E2E encryption is currently implemented in Joplin, but it’s currently optional. The way it works is that prior to syncing a note, it will encrypt the note and then send it to the sync target. This means that during transmission to a sync client (and storage there) the note is encrypted. But locally a not is stored without protection.

In my view the correct way to implement this GSOC idea would be to add an additional layer of encryption (with a separate password, perhaps unique to each note) that would encrypt a note at rest and by definition on the sync client.

1 Like

Thank You so much for clearing this up @CalebJohn. I’ll start looking into ideas for implementing this.

i just wanted to know before submitting the proposal should I have to proof that whether i am capable or not.

i am interested for password-protected notes

We do recommend that you fix some small bugs/make some small improvements to Joplin beforehand. This just allows us to more accurately evaluate your ability to contribute to the app.

may that helps you guys as well https://www.vaultproject.io either as integration or as blueprint for password integration

Do we need to have an additional option as to encrypt only a portion of a note/notebook and not the entire note/notebook?

to be honest that would be a very nice feature but not a have to

1 Like

@PackElend Is this feature to be implemented on both mobile & desktop or we have to choose one?

both as you want to be able to open these notes any device, don’t you?

okay thanks :slight_smile:

Considering personal security and availability on mobile Apps, this should be a "must have". A log-in dialogue to access the Joplin App itself would be even better!