Steps to enable end-to-end encryption

I have Joplin in multiple devices. I try to enable encryption but encounter following situation. Hope someone can clarify.

I followed the steps in the link below to activate the encryption.

In short:
Machine 1,

  • In end-to-end encryption section > turned on "Enable Encryption" and entered "Master password'

  • In Master password section > entered "Master password"

  • Back to main screen > Start synchronize
    This conclude the steps for Machine 1.

Question 1:
When I check the resource directory in the resource directory, I see my every original attachment file has a .crypted file with same file name (e.g. abc.jpg has a corresponding abc.crypted).

Is that normal? Should the origin file deleted and only has the crypted file? Or it will keep 2 versions of same file in the computer at the same time?

Next step:
After the sync complete in machine 1, I perform the same step in machine 2.

When the sync complete, I saw 2 entries in the "Encryption keys" section, one entry marked as "active". The time stamp for this entry is the time for machine 1 encryption. The time stamp for the "non-active" entry is the time for machine 2 sync.

Question 2: Is it supposed to have 2 entries in Encryption keys?

Am I missing something in the steps? Should I enter the master password in "Master password" section? There is a master password place in "End-to-end encryption" section, should I only enter "master password" in this place but not the other place.

Hope someone can clarify. Thanks in advance.

Answer 1:
This is normal, Joplin keeps the unencrypted versions as well.

Answer 2:
You shouldn't have done the same steps on the second machine (you didn't have to activate encryption manually, but just synchronise). It is not supposed to have two entries of encryption keys, but it is also not bad. It should be enough to type the password into the active one.

Thank you for your response. I can see the whole picture now.

My current question is whether I should "Disable the encryption" and removed the master password in machine 2? So only machine 1 will have the encryption turned on and has the master password?

That wouldn't work, as it wouldn't remove the key. It is no problem leaving it like this.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.