I am learning how NOT to set up encrypted sync. I'll probably figure it out by reading lots of fine print and wading through forum topics, but it seems that this should be Wiki front page stuff. And yes, I can try to contribute it myself, once I know what is going on.
What doesn't work:
Set up sync on desktop (using OneDrive), set it as encrypted with password.
I am confused by a second password box that has a red x by it after setting up the first. So I just type in the same password again.
Now I install Joplin on my Android phone. I link it to the same OneDrive account and set up encryption using the same password. No Dice. Nothing added to the desktop shows up on the phone and nothing added to the phone shows up on the desktop (after multiple successful synchronizations).
I have just seen some text on the e2ee page that seems to indicate a very specific order in which the above operations are to be accomplished. Maybe encrypted use is not popular, but I think there needs to be a wiki page on "How to set up synchronization" with a section on the same page that covers encryption.
I'll try to edit this topic so it answers the questions I was searching for. Your help is appreciated.
Removed encryption on the phone and synced with OneDrive
Removed encryption on desktop and synced with OneDrive
Sync, sync, sync.
Still, the note I added on the desktop doesn't show on mobile.
Now I delete all notes on the mobile device.
Sync, sync, sync
No notes appear on the mobile, no notes disappear from the desktop.
FWIIW, I only have one OneDrive account.
I create a new note on mobile Joplin, sync/sync but it doesn't appear on desktop.
I must have really screwed things up with the encryption attempt (which is now disabled on both devices). So I will try deleting the mobile app and starting over.
Seems like the steps on the e2ee page assume that I have multiple devices that are already syncing, and now I want to set up encryption.
My mistake was starting with a single device, setting it to encrypted, and then trying to set up more devices. I'll wipe out the OneDrive directory and start all over, setting up syncing first and then encryption next.
With encryption turned off on both mobile and desktop,
and having deleted all data in the sync drive,
Neither device (Windows, Android) can make any notes that are synced to the other.
Sync status on mobile (left) and desktop (right):
Note 6/6 -- 6/6
Folder 2/2 -- 2/2
Resource 3/3 -- 3/3
Tag 0/0 -- 0/0
NoteTag 0/0 -- 0/0
MasterKey 0/0 -- 1/1
Revision 1/1 -- 3/3
Total 12/12 -- 15/15
Interesting. Even though the encryption was disabled in the Windows version, it is still using a master key for something...
I'll try again by deleting the windows data directory and starting over.
The bit that seems to get many people is you only switch on E2EE once, on the very first device. That device encrypts the data and syncs it again (this can take some time if you already have lots of notes). The other clients then sync and download the encrypted data. You do not need to activate E2EE on any other clients. One of the bits of data that comes down with the encrypted data is the Master Key. When this arrives the client will ask you to add the password for the Master Key. If you THEN go to the encryption settings you will see a field where you can type the password you used on the first device when E2EE was "triggered". You do not switch on E2EE in any other clients, you just add the Master Key password.
Does that make sense? I do not know if I have explained that clearly. I do have a step by step checklist I use for starting all over again that I could edit and share if you wish...
I won't write or help writing that wiki page, but let me provide a few bullets to help
I started 4w ago with one device, sync and encryption and it worked immediately across several devices, so sth else is going on on your side
there were minor bugs, which were already about to be fixed by the developer, all irrelevant to what you have reported,
several people have reported problems with Onedrive recently, so I suggest you use another cloud service for your tests
if things don't work, here is what you do in this sequence (my take)
= remove all but one app (from all other devices), keep only one (ideally desktop, but not a requirement)
= remove all other app's data folders (not needed on iOS), but don't touch the main device app or profile folder
= log into your cloud server manually and delete everything, log out
= keep your desktop notes encrypted, or encrypt them now (if yo like)
= setup your sync target on your main device (if not yet done) and sync
= never manipulate Joplin data outside Joplin (manually for.ex.)
= next re-install your other devices/apps and follow dpoulton's advice
If any of this doesn't make sense, please ask back ...
Good Luck !!
Finally found out how to delete all and start over since an uninstall and reinstall did't work:
Deleting the data on both desktop and mobile, and in the sync directory allowed me to set up sync first and get it working with no encryption. This is a prerequisite to enabling encryption. Now I can follow the steps on the wiki page and will report back if all works well.
The first time I set up encryption, I re-entered my password in the box above and clicked Save. This time I decided not to do anything here.
Now, all worked as expected and my mobile device asked for the password after the sync was finished. Encrypted files are being created and flowing in both directions.
My advice to set up Joplin for encrypted syncing would be:
Set up syncing using your preferred method
Confirm that syncing is working in both directions.
Turn on encryption and set the password and confirm it. Don't do anything in the Master Keys section below.
Sync this Joplin, then sync the other device.
When prompted, enter the password on the other device.
Sync the other device to encrypt its files and send back to the first device.
Sync the first device and they should now be fully equal and set up to stay that way.
Thanks dpoulton.
This is something that should be clearly mentionned in the help page (or did I missed it ?).
Because I know nothing about all this stuff, and I was under the impression that encryption had to be activated on every device... and that's what I did