Hello everyone I need openions
Regarding encryption of notes
First idea:
I am thinking of implementing a system where each user has a single Master Key (MEK), generated once and shown to the user (similar to a recovery key). Each note/file will have its own password and optional hint. Internally, each file will be encrypted using a file-specific key, which is protected by the file password. In case the user forgets the file password, they can use the MEK to unlock the file key and reset the password.
The master key which is unique per user we will give option to save it in a secure format or a .txt format similar like bitlocker
OR
Second idea
The proposed encryption architecture relies on a Master Encryption Key (MEK) that remains entirely hidden from the user. When a user first sets a password, the system generates this MEK and encrypts it using both the user's password and a separate recovery key. During normal operation, the user's password decrypts the MEK, which in turn unlocks the notes. If the password is forgotten, the user can input their recovery key to decrypt the MEK, regain access to their notes, and set a new password. Ultimately, both the password and the recovery key serve the exact same function—unlocking the underlying MEK—ensuring the user never has to interact with the hidden cryptographic layer directly.
1 Like
please share your thoughts , which idea seems better to you
If your question is related to the GSoC proposal idea, please post in the GSoC category, not Feature.
If you want to make a proposal for this project, I’d recommend going with a single password approach rather than individual passwords per note, as there is a lot of complexity to this project. See GSoC 2026 : Local Note Encryption (Draft proposal and POC) for a long technical discussion
Thanks for pointing that out. I’ll make sure to post in the GSoC category instead of Feature when it’s related to proposal ideas. I think youare correct that a single password approach makes more sense here
Second options seems to be better and easy from end users prospetive.