Home / GitHub Page

Set "active" E2EE key to use for encryption

[Using Joplin 1.0.179 on two computers, one Windows and one Mac. Using Dropbox as backend.]
I’m trying to set up an encrypted sync between two computers. My problem is that they both end up using different encryption keys. Steps I did:

  1. Set all attachments to always download (to have everything locally).
  2. Disabled encryption, saw my client decrypt everything and sync with backend.
  3. Synced all clients with it and disabled automatic syncing to avoid syncing partially encrypted states.

At this point, I should be having a clean, decrypted, synchronised state.
Now, following this tutorial, I set up encryption:

  1. Enable encryption on Windows PC. Set password. Wait until all is encrypted and sync.
  2. Sync on Mac client. The Joplin client correctly discovers that an encryption key has been set and asks for password. It does not enable encryption, though, even if the documentation says it should
  3. After syncing is complete, my PC pushes encrypted notes, and my Mac pushes decrypted ones!
  4. If I manually enable encryption on Mac, everything is re-encrypted with a newly generated key, and my PC asks for this new key to decrypt but still uses his own key to encrypt

Something is wrong. I’d like to MARK one common encryption key for all clients. Also, if I connect a third client, it will also re-encrypt everything and a third key will be set…
Am I doing something wrong? If it’s a bug, is there a way to “reset” encryption and start over again?

Key settings on Mac:


Key settings on PC (different key selected):

(solved by resetting the app by deleting the .config folder, then re-importing everything. but my question is still valid: is there a way to manually mark a key to use for encrypting?)

The password you set when you set up E2EE on your first computer is the password you enter into all subsequent clients after they have synced for the first time. You will end up with one master key id and one password for all your clients.

I have added a bit of extra detail to the Joplin instructions.:

  1. On your first device (eg. on the desktop application), go to the Encryption Config screen and click “Enable encryption”
  2. Input your password. This process will generate a Master Key ID and the password you set will be used to encrypt all your notes. Make sure you do not forget it since, for security reasons, it cannot be recovered.
  3. Now you need to synchronise all your notes so that they are sent encrypted to the sync target (eg. to OneDrive, Nextcloud, etc.). Wait for any synchronisation that might be in progress and click on “Synchronise”.
  4. Wait for this synchronisation operation to complete. Since all the data needs to be re-sent (encrypted) to the sync target, it may take a long time, especially if you have many notes and resources. Note that even if synchronisation seems stuck, most likely it is still running - do not cancel it and simply let it run over night if needed.
  5. Once this first synchronisation operation is done, open the next device you are synchronising with. Click “Synchronise” and wait for the sync operation to complete. The device will receive the master key that was created at step 2, as part of the sync process. Go to the Encryption settings page on the new client where you will see a single Master Key entry with the same ID as at step 2, and you will need to provide the password for it. This is the password that you set at step 2. At this point E2EE will be automatically enabled on this device. Once done, click Synchronise again and wait for it to complete.
  6. Repeat step 5 for each device.
1 Like

Thank you for the detailed instructions.
Just to be clear, I was using the same password for all the (six) keys that were created.
Exporting, resetting Joplin and re-importing my whole notebook solved the issue.

It seems you created 6 keys, all with the same password. If you set it up correctly, you only create and use one key.

Just to be clear, it’s not “I” who created 6 keys, Joplin asked 6 passwords and set up 6 keys, hence the bug.