I understand that Joplin does not have a built-in feature for encrypting notes or parts of notes. However, I also have the need to include some sensitive information in Joplin. The method I currently use is to store them in a password-protected 7z file and attach it to a note. By including proper descriptions, I can easily search for it.
On a Windows machine, I can modify the text within the attached 7z file with ease, and the changes are watched by Joplin. The issue arises when using Android devices, as I haven't found an easy way to edit the text in the .7z file and have Joplin reflect those modifications. Can someone suggest a better workaround?
Probably not, as plugins don't work on mobiles. Encryption usually implies something is secret so on Android it's best to assume somebody is always watching. I wouldn't decrypt any secrets on such an insecure platform with the big "G" in control.
I've tested a few different ideas. The only solution I've been able to find is not a good one or at least not as convenient as it is on windows. On Windows I was able to use the seven zip file manager to open the password encrypted archive open a text file that was inside and some text and then save it back encrypted zip file without having to First extract it to the file system and then put it back in the archive.
On Android I was forced to open the seven zip file in my seven zip app then save it to the Android file system open it edit it and then put it back into a password encrypted archive and import it into Joplin. A pain in the ass if I must say so.
I'll try and think of another solution but my instinct was to use the seven zipper app for Android and it failed to function the same way the seven zip app works on windows.
I don't think it's a good idea to rely on a plugin for something like this. If the plugin is no longer developed and stops working, you no longer have access to your important data.
Encryption for notes should be a core function of Joplin and has often been requested by users.
I have apps on my phone that allow me to manage my bank accounts. Additionally, I have government-provided apps that grant me access to my healthcare data and public services, which undoubtedly contain my personal and private information. Since my money and private information are already accessible through my phone, I have no choice but to assume that the platform is secure enough.
I don't want to start an argument, but I am genuinely curious. Since you don't trust big "G," I assume you also don't trust the big Apple and M$. Do you exclusively use Linux systems to handle sensitive data?
I'd have to agree here. One warning I recall from a few years back regarding "add-on" stuff like plug-ins and even CSS was that there's no guarantee that Joplin won't change and cause these things to stop working. If there's an update to Joplin and the encryption plugin stops working it's bye-bye encrypted notes if the plug-in developer isn't around.
For sensitive stuff I rely on KeePass. There's a few variants but all are compatible and being open-source are more secure than anything released by the likes of A, G, and MS (Paranoid? Yup.) For really secure items I like VeraCrypt (Android EDS.) It's not all that user friendly but can be made as secure as you want, a lot more than the AES in common use.
Yes I know those software and I indeed tried keepass and truecrypt before ... on a microsoft machine and android mobile phone. I just don't know how to avoid decrypting secrets "on such an insecure platform with the big XXX in control" unless I only use linux.
I recently tried to solve this problem too. I tried the existing "Encrypt notes" plugin, but on my desktop MacOS Joplin it worked inconsistently or not at all. My solution is a bit cumbersome, but it works:
Joplin has a very handy feature to open a note in an external text editor with a click. My editor of choice on the Mac is BBedit. In bbedit it is possible to write a script in a variety of languages which is then executed as a "text filter" on an open document, or some block of text therein. So, using python's 'cryptography' module I wrote a script that will encrypt a joplin note opened as a text document, and decrypt it as needed.
This procedure is fairly fragile, but at least it is entirely under my control. It does not, however, allow me to encrypt/decrypt a note in my mobile Joplin, and I presume any plugin would not either. Notwithstanding, I know there are javascript encryption libraries and writing such a plugin shouldn't be too complex. I hope someone more knowledgeable than I will take a shot at it. --JJC
An alternative solution may be to make use of the encryption available for 7Zip archives, or possibly even standard zip files.
On Windows, the 7Zip app allows editing the contents of an archive without extracting it (technically this does extract the file into the tmp dir, but it is deleted as soon as you close the file within the archive which was opened). So you can put a text / markdown file inside a password protected 7z archive, then add the file as an attachment to a note in Joplin. In Joplin, you can then double click the attachment within the note, which will trigger the archive to be opened and prompt for the password. Once opened, you can edit the file in your preferred text editor (whatever the file extension is associated with) and when you save, 7Zip will prompt to update changes to the archive. When a change is made, the file will automatically be updated in Joplin, provided that you keep the note containing the archive open, so that the attachment is tracked.
This solution could be beneficial because, while it would be impractical (but possible) to modify a 7z archive on mobile and keep it synced with Joplin, if you need to be able to at least view the encrypted contents on mobile, the ZArchiver app is available for both IOS and Android, which will allow you to extract the archive and view the contents.
NB: I stated a solution for desktop using Windows, however there are various 7z clients available for Mac and Linux, so likely there is a client which will allow editing the contents of a 7z archive without extracting it, like 7Zip on Windows