Option for Secure JEX archives (password encrypted)

The JEX backup is a rock solid feature. I have used it to recover my data after bad results in Joplin several times. It is simple and works expected.

One request that would make JEX even better would be to have the option to encrypt the JEX file with a password. This can be as simple as a checkbox on the "Export Joplin JEX file" screen where the user has the option to enter a password. If a password is entered then the JEX file will be saved in a secured encrypted format.

This would be handy is anyone is using their JEX files as backups.

4 Likes

Theoretically i think it just literally exports the data in the database to files and creates a .tar archive of them, which means that if the data is encrypted already , it should remain encrypted in the JEX/tar archive

For encryption on your own machine, you should use the system disk encryption or something like VeraCrypt. Expecting all apps you use to encrypt their own data is a losing battle, and disk encryption today is so fast and well integrated that you don't even need to think about it.

It's not. If you use E2EE it is encrypted on the remote sync target. Your local data is unencrypted and remains so in the JEX (tar) archive.

Personally I use full disk encryption and store JEX exports as unencrypted backups in a restricted network share on an encrypted NAS.

1 Like

Yes but the use case for a JEX files is for backup and backups need to be portable. Typically one would not want to store backup data on their own machine (regardless of encryption). It should be stored on a different medium and ideally offsite for disaster recovery.

If I want to store a copy of my JEX file on cloud storage backup I cannot without securing it with a 3rd party app. If I store it locally on an external hard drive I would also need to secure it somehow with a 3rd party utility.

Veracrypt could work but it adds a significant layer of fiction to the process. Not all apps should be expected to encrypt data however several other apps that can be used to store private or confidential data do have build in encryption- Password Managers, Authenticators, App Backup, office documents, etc.

I can easily save my tax or business records to a spreadsheet and upload it to cloud storage because I can easily secure the file within the app. I can't currently use Joplin for this use case without the use of 3rd party tools.

Yes and you should definitely consider encrypting your backup drive, even more so than your own personal computer. A backup drive that you forget on a desk is much easier to steal without you noticing than a whole laptop.

Full disk encryption doesn't solve the problem raised here. The backups and app itself needs a password to prevent the host operating system and other operating systems to which it is copied, or people who get their hands on the backup file from being able to see your data. I agree the app itself needs a passcode to protect data in the same way standard notes does this. The android app should also have a passphrase option.

Topic is 8 months old.