GSoC 2026 Proposal Draft – Idea: Support for Encrypted Notes and Notebooks – Abhijit Sahoo
Links
-
Project Idea: Support for Encrypted Notes and Notebooks (Joplin)
-
GitHub Profile: https://github.com/abhijit9040
1. Introduction
I am Abhijit Sahoo, a Computer Science undergraduate with strong experience in TypeScript, JavaScript, and React-based applications.
-
Background / Studies:
Undergraduate student in Computer Science with focus on software development and systems. -
Programming Experience:
-
TypeScript (production-level experience)
-
JavaScript, React
-
Familiar with Web Crypto API
-
Experience working with databases and application architecture
-
-
Open Source Experience:
-
Contributed to React-based open-source projects
-
Explored and studied Joplin codebase (EncryptionService, BaseModel, plugin API)
-
Set up Joplin locally and executed test suite successfully
-
2. Project Summary
Problem
Joplin currently supports end-to-end encryption (E2EE) at the sync level, but once unlocked, all notes are readable locally. There is no way to protect specific sensitive notes.
Solution
Introduce per-note and per-notebook password-based encryption, allowing users to lock sensitive data individually.
Why It Matters
-
Protects sensitive information (credentials, personal notes, medical data)
-
Adds fine-grained security
-
Useful for shared devices and local access threats
What Will Be Implemented
-
Password-protected note encryption
-
Notebook-level encryption with inheritance
-
Secure encryption using AES-256-GCM
-
Key derivation using PBKDF2 / Argon2id
-
UI for encrypting/unlocking notes
-
Resource (attachment) encryption
-
Session-based key caching
Expected Outcome
-
Fully functional encrypted notes system
-
Seamless integration with existing Joplin sync
-
Secure client-side decryption model
Out of Scope
-
Password recovery (intentionally impossible for security)
-
Full-text search inside encrypted notes (initial version)
3. Technical Approach
Architecture
-
UI Layer (React)
-
Encryption dialog
-
Unlock interface
-
Placeholder for locked notes
-
-
Service Layer
- NoteEncryptionService (core logic)
-
Crypto Layer
-
Web Crypto API
-
AES-256-GCM encryption
-
PBKDF2 key derivation
-
-
Database Layer
-
SQLite schema updates
-
Metadata storage
-
Key Design Decisions
-
Encryption happens client-side only
-
Password is never stored
-
Use of verification token for fast password validation
Changes to Joplin Codebase
-
Add fields to:
-
notestable -
folderstable
-
-
Modify:
-
SearchEngine (exclude encrypted notes)
-
Resource handling
-
-
Add new service:
NoteEncryptionService
Technologies
-
TypeScript
-
React (Electron + React Native)
-
Web Crypto API
-
SQLite
Challenges
-
Secure key management without storage
-
Performance of PBKDF2 (~200–400ms)
-
Mobile crypto compatibility
-
Handling edge cases (export, duplication)
Testing Strategy
-
Unit Tests (Jest)
-
Encryption/decryption
-
Wrong password handling
-
-
Integration Tests
- Database encryption flow
-
UI Tests
- Encrypt → Lock → Unlock flows
-
Manual Testing
-
Sync across devices
-
Mobile compatibility
-
Export behavior
-
Documentation Plan
-
User guide (how to encrypt/unlock notes)
-
Developer documentation (crypto design and architecture)
4. Implementation Plan
Week 1–2
-
Study Joplin codebase
-
Implement encryption utilities
-
Write unit tests
Week 3–4
-
Database migration
-
Core encryption service
Week 5–6
-
UI implementation
-
Integrate with service
Week 7
- Resource encryption
Week 8
-
Search handling
-
Session management
Week 9–10
-
Notebook-level encryption
-
Password inheritance
Week 11
- Mobile compatibility
Week 12
- Testing and documentation
Week 13
- Buffer + final improvements
5. Deliverables
At the end of the project:
-
Encrypted notes and notebooks feature
-
Resource encryption support
-
Full UI implementation
-
Unit + integration tests
-
Documentation (user + developer)
-
Clean and reviewed pull request
6. Availability
-
Weekly Availability: Full-time during GSoC
-
Timezone: IST (UTC +5:30)
-
Other Commitments: None