Understanding the encryption feature

I am using the Joplin Server Docker container, Windows app, Android app to sync my notes.

Recently, I decided to retire my old password used for E2E encryption. Before I add my new password, I decrypted all my notes and synced over all my devices. I reinstalled/purged my Android app.

Then I add my new password and re-encrypted my notes. However, when I sync over my android device, it is still asking for old passwords (the one that I retired). Even if none of my notes are encrypted with the retired password, it keeps bugging me with the orange warning banner on top "Press to set the decryption password".

What is the purpose of this design of keep asking the old password even when I have no note encrypted with it? I am very confused on the decision to keep a retired/compromised password. With the confusing design mentioned above, there is no way to delete a password. And even if I disable E2E, the app is still asking for a password with an intrusive banner at the top of Windows and Android client.

I set my password using random generator, even me myself cannot remember them. It would be so frustrating when the old password is somehow deleted by the user without knowing in advance that Joplin will keep asking for it forever if you cannot provide it.

I only encounter this problem after using it. And there is no official documentation of this half-baked design in the official documentation.

Sorry for being frustrating here. But could the official documentation be improved at the very least to warn user that if a password is ever used, it cannot be deleted/forgiven even it is retired/compromised? Could we indicate that if a password was retired and the user does not provide them in new app installation, there will be a permanent banner warning about password not provided? Can we have enough warning agaist the usage of E2E feature so that user understands the downside?

Thank you.

Which version of Android are you running? And do you remember if you have just reinstalled the app, or wiped the data too?

I am using Android app v2.1.4
I tried wipping the app storage and reinstall the app, both methods are reminding me to "Press to set the decryption password" for the retired/compromised password. If I did not do that, the orange warning banner will be persistent, with no way to dismiss. This is the same with Windows app. And if this is by design, I have good reason to believe that the following issues will happen under Linux, MacOS, and iOS as well:

  1. No way to delete a password.
  2. No way to dismiss this warning (either the password is retired or encryption is completely disabled)
  3. No way to know in advance about this intrusive behavior until it surfaces to the user.

The reason I asked was that until recently the Android app had backup enabled which might have contributed to that. But since you're saying you've wiped the data, it must be something else.

I am really sorry to see Joplin's encryption feature marked as high priority on its GitHub repo for years without progress.

After being annoyed with the half-baked encryption for months, I eventually determined to set up Standard Notes sync server and host the extensions myself. With all my notes transferred and the Joplin server teared down, I think I will settle with Standard Notes after this long journey. The encryption feature offered by Standard Notes goes way beyond Joplin.

Sorry Joplin, but the persistent orange warning banner goes beyond my threshold. Even a dismiss button will make me stay but it is not there.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.