So that even when the app is open, these private notes can only be viewed with knowledge of the additional password?
Is something like this planned?
@Starszy welcome to the forum.
There is a plugin that seems to do what you are looking for called Note Encryption.
I have not tried it myself. You can install and try it out by going to Tools > Options > Plugins and searching for Encrypt.
Thanks!
Unfortunately, this plugin does not seem to work with the Android version of Joplin.
It also has a major caveat that doesn't seem to be documented: if you decrypt the note, this essentially changes the note which in turns trigger the app to synchronise your data. So at this point your note is going to be uploaded in plaintext to the server.
Then if one of your devices synchronise at that time, it will also download the note in plaintext. That's going to be resolved once you reencrypt the note but just something to keep in mind anyway - the plaintext will almost definitely be uploaded at some point.
(Of course if you have E2EE enabled, the note will still be encrypted in transit and on the server, but not on the clients)
2 Likes
This caveat would not be a problem, because I use E2EE and it's only a small time frame.
For me, it is important that "normal" notes on the smartphone are secured with a fingerprint and confidential notes are additionally secured with a password.
What I mean is that it may indeed do the job, but you shouldn't rely on it completely. You should expect that at some point one of your device will have the note in plaintext, for example if sync worked when the plaintext was uploaded, but was off when you encrypted the note again.
That's not the problem - the problem is that this plugin does not work with the Android version of Joplin.