Home / GitHub Page

Missing Master Key

When I do a full sync, I’m missing a master key, so I quite a few of my notes are still encrypted. Also, I have a ton of different master keys for some reason. How can I removed those?

Version: 1.0.170 (prod, linux)
Operating System: ArchLinux
log.txt (45.5 KB)

@PopeRigby The keys will sync, and you should be okay once they do. You will be prompted to enter the password and the notice will clear. It took ~24 hours for mine to sync. I’ve heard others say it took 3 days.
If it’s a Windows client, you cannot remove the keys. If Linux, you can remove them by deleting the profile /home/username/.joplin and deleting the data from your sync folder… basically starting over again. Yes, I do see ArchLinux on your post. I included the Windows inability for reference.

If it takes 24h to sync the master key, then there’s something wrong. Either with the current architecture or the sync algorithm. @laurent I can’t believe that it takes up to 3 days for a key to sync. Maybe keys should be stored in a separate directory on the sync target, like .keys. The current implementation seems too fragile. It’s madness to wait 3 days for the data to decrypt. I’ve never used encryption, so I don’t know the code in that area, but if there’s a dedicated directory it should be easy to sync that data first, instead of downloading all md files and hoping that there is one with the master key type_ in the meta data.

Is there a way to just purge all the master keys from everywhere? I want to start over with encryption.

By my understanding the keys are just a small bit of text in the database, On the Linux side I have been able to delete the database and start over successfully. On Windows, however, I deleted every file I could find, used uninstaller software, and manually scanned the registry, and yet the keys remain.
Now I am sitting at 24 hours again with NO sync. I created a note on the Linux client and a note on iOS. Neither has received the other’s note. Each one says Updated remote items: 1 on every sync, but nothing is changing.

@tessus Do you think I could export my notes in a a JEX, clear the database and import the JEX to clear out the keys?

This is a good question. I don’t know the encryption code too well, so I don’t know, if an export to JEX will also export the master key(s). Furthermore, I don’t know what would happen, if some notes were still encrypted but exported.

This is a question @laurent will have to answer.

Hmm. I just looking to completely strip away all encryption from my notes so I can start from scratch.

Notes are never encrypted locally, so that’s not a concern. The encryption keys are NOT included in the export. This is exactly how I cleared mine… Export to JEX, close Joplin. Delete the local and sync files. Restart Joplin. Import JEX, enable encryption, and sync. No more duplicate keys, incorrect password, etc.
If you want your local database encrypted you can place the profile on a VeraCrypt volume or similar file/folder/device encryption software. I recommend VeraCrypt because it is OTFE (On the Fly Encryption). Your data is never stored unencrypted on your drive. VeraCrypt is a fork of the now defunct TrueCrypt. This is the same software Snowden used, to which the NSA gave up after a year and admitted they could not break it. Just be sure to use a strong password.
http://irwinelectronics.com/blog/18/09/2019/irwinel/encryption/
http://irwinelectronics.com/blog/20/10/2019/irwinel/new-tools/

There is a whole series of blogs about encryption, open source, government mandated back doors, etc.: blog.irwinelectronics.com

1 Like

The keys are not contained in the jex. I’m led to believe this by starting over with an imported jex that was using encryption previously. Once the database and sync location are cleared the previous master-keys are gone (in my case: Linux and Android - where data was cleared on both, before importing jex).

I don’t know for Windows, but if Joplin was uninstalled, residual config cleaned up, and the sync location cleared - I can’t think where the previous master-key might be.

The keys are stored in the SQL Database. Go to Tools/Options. Under the General tab, look for "Notes and settings are stored in: " at the top. To clear the keys, delete or rename that folder. That is where your database is located.

The master key is saved to the local database when you initiate encryption on your first device.

The other devices get the key from the data in your sync folder.

Even if you delete the SQL database, when other devices sync they will still discover the master-key in the sync folder.

The master key is not saved in an exported jex, so if you clean out your sync folder, and uninstall Joplin and remove config files on all devices and then reinstall, you can import your backed-up.jex for a clean start with no encryption.

You can then set up encryption again as you like.

Interesting. I installed Joplin Portable on desktop (Win7) and made a reinstall as you described after encryption failed to provide a master key to the next device (Desktop Win10). But my next try also failed and then I discovered a lot (!) of old files in the following directory …\AppData\Roaming\Joplin. May they have been responsible for my negarive attempts to make perfect en- and decryption after reinstall? How to deal with them?

Hi @renee, I’m using Linux here, so not sure about Windows. I’ve found the best way to start over is to clear out any left-overs and old config you can find. If I was using Windows I think I’d be inclined to delete the Joplin folder at AppData\Roaming\Joplin before starting fresh, but tbh I don’t know what data Windows keeps there, apart from it’s obviously related to Joplin.

Hi @johano, @tonybc, @laurent,
Problem solved! (maybe as a newbie I missed some deeper in the forum hidden tipps…)
My system: Joplin Portable 1.0.170; dropbox; 1st device: desktop Win7(64), 2nd device: desktop Win10(64)
Problem: no master key for decryption on 2nd device was transferred
Solution: complete reinstall, i.e. backup to *.JEX-file; delete Joplin directory for user, delete Joplin Sync-directory in dropbox, delete Joplin directory in User\AppData\Roaming (more than 5MB), clear tmp-directory in Windows, restart Windows. Then open Joplin anew, load from backup file, activate encryption and connect to dropbox -> Sync. On the second system same reinstall (but no deleting in dropbox of course). After Sync I could activate the transferred sync key successfully. Great!
Probably the deletion of the AppData-directory before reinstall was the crucial thing to do…
Cheers! …and thanks

1 Like

Well, I guess I fixed it by exporting it to a JEX file and wiping the settings on all my clients.