Hi,
I am using the Joplin Server Docker container, Windows app, Android app to sync my notes.
Recently, I decided to retire my old password used for E2E encryption. Before I add my new password, I decrypted all my notes and synced over all my devices. I reinstalled/purged my Android app.
Then I add my new password and re-encrypted my notes. However, when I sync over my android device, it is still asking for old passwords (the one that I retired). Even if none of my notes are encrypted with the retired password, it keeps bugging me with the orange warning banner on top "Press to set the decryption password".
What is the purpose of this design of keep asking the old password even when I have no note encrypted with it? I am very confused on the decision to keep a retired/compromised password. With the confusing design mentioned above, there is no way to delete a password. And even if I disable E2E, the app is still asking for a password with an intrusive banner at the top of Windows and Android client.
I set my password using random generator, even me myself cannot remember them. It would be so frustrating when the old password is somehow deleted by the user without knowing in advance that Joplin will keep asking for it forever if you cannot provide it.
I only encounter this problem after using it. And there is no official documentation of this half-baked design in the official documentation.
Sorry for being frustrating here. But could the official documentation be improved at the very least to warn user that if a password is ever used, it cannot be deleted/forgiven even it is retired/compromised? Could we indicate that if a password was retired and the user does not provide them in new app installation, there will be a permanent banner warning about password not provided? Can we have enough warning agaist the usage of E2E feature so that user understands the downside?
Thank you.