I understand that Joplin does not have a built-in feature for encrypting notes or parts of notes. However, I also have the need to include some sensitive information in Joplin. The method I currently use is to store them in a password-protected 7z file and attach it to a note. By including proper descriptions, I can easily search for it.
On a Windows machine, I can modify the text within the attached 7z file with ease, and the changes are watched by Joplin. The issue arises when using Android devices, as I haven't found an easy way to edit the text in the .7z file and have Joplin reflect those modifications. Can someone suggest a better workaround?
Probably not, as plugins don't work on mobiles. Encryption usually implies something is secret so on Android it's best to assume somebody is always watching. I wouldn't decrypt any secrets on such an insecure platform with the big "G" in control.
I've tested a few different ideas. The only solution I've been able to find is not a good one or at least not as convenient as it is on windows. On Windows I was able to use the seven zip file manager to open the password encrypted archive open a text file that was inside and some text and then save it back encrypted zip file without having to First extract it to the file system and then put it back in the archive.
On Android I was forced to open the seven zip file in my seven zip app then save it to the Android file system open it edit it and then put it back into a password encrypted archive and import it into Joplin. A pain in the ass if I must say so.
I'll try and think of another solution but my instinct was to use the seven zipper app for Android and it failed to function the same way the seven zip app works on windows.
I don't think it's a good idea to rely on a plugin for something like this. If the plugin is no longer developed and stops working, you no longer have access to your important data.
Encryption for notes should be a core function of Joplin and has often been requested by users.
I have apps on my phone that allow me to manage my bank accounts. Additionally, I have government-provided apps that grant me access to my healthcare data and public services, which undoubtedly contain my personal and private information. Since my money and private information are already accessible through my phone, I have no choice but to assume that the platform is secure enough.
I don't want to start an argument, but I am genuinely curious. Since you don't trust big "G," I assume you also don't trust the big Apple and M$. Do you exclusively use Linux systems to handle sensitive data?
I'd have to agree here. One warning I recall from a few years back regarding "add-on" stuff like plug-ins and even CSS was that there's no guarantee that Joplin won't change and cause these things to stop working. If there's an update to Joplin and the encryption plugin stops working it's bye-bye encrypted notes if the plug-in developer isn't around.
For sensitive stuff I rely on KeePass. There's a few variants but all are compatible and being open-source are more secure than anything released by the likes of A, G, and MS (Paranoid? Yup.) For really secure items I like VeraCrypt (Android EDS.) It's not all that user friendly but can be made as secure as you want, a lot more than the AES in common use.
Yes I know those software and I indeed tried keepass and truecrypt before ... on a microsoft machine and android mobile phone. I just don't know how to avoid decrypting secrets "on such an insecure platform with the big XXX in control" unless I only use linux.