VeraCrypt encryption of Joplin profile

former_evernotist · 2023-07-20T22:26:31.160Z

Welcome to the forum!

Can't really say anything about Joplin Desktop and VeraCrypt, but I'm running several instances of Joplin Portable in VeraCrypt containers, both on thumb drives and internal SSDs. Simply put Joplin.exe and the config folder in your mounted VeraCrypt drive and start it from there.

darp · 2023-07-21T03:53:21.033Z

Thanks former_evernotist. I tend to lose USB drives, but if I can install it within a VeraCrypt container on an internal SSD, that's a possibility. I'd prefer to be able to swap the profiles within one instance of Joplin once the encrypted profile is mounted (if that's even possible) but your method is certainly a fall back option. Can you sync to cloud storage with end to end encryption as normal from withiin a mounted container?

zblesk · 2023-07-21T07:39:11.560Z

Yes, I think profile switching should work as expected. Sync definitely does.
I also suggest using the Portable version: it can do all the things the installed, Desktop version can. But it makes it really simple to manipulate specific folder placement.

darp · 2023-07-21T13:25:10.049Z

Thanks for that zblesk. Good to know you can sync. What you and former_evernotist suggest looks a way forward and if no one comes up with a desktop solution I'll take that route.

Rootman · 2023-07-21T15:27:15.840Z

I did this by using the Joplin portable app and putting the app and it's subsequent profile on a drive that is VeraCrypt encrypted. I have not found anything that the full app can do that the portable on can't, at least nothing that I use anyway.

I have 4 PCs running Joplin, 2 use Bitlocker for the OS and secondary drive / partition with the app and profile on it. 1 uses VeraCrypt that way and the 4th uses a Self Encrypted SSD using a BIOS set access password.

former_evernotist · 2023-07-21T22:44:51.684Z

darp:

if no one comes up with a desktop solution

If it fits your use case a separate user account (on the operating system) or a whole disk partition with VeraCrypt could be used to safeguard a proper desktop installation from unauthorised access. Joplin Portable is a fine piece of software, but it takes a very long time to start.

And it has no access to the OS's key chain to store your E2EE password which means that it's stored in plain text in your Joplin database. Maybe that doesn't really matter as in your scenario local storage is encrypted anyway.

darp · 2023-07-22T01:26:38.097Z

Thanks for your response Rootman. Looks like portable is the way to go.

darp · 2023-07-22T01:33:50.408Z

Changing user accounts would be a bit clunky for me. A separate, small partition might work though. I'm going to try that and the portable and see how it goes. Feedback appreciated former_evernotist.

Rootman · 2023-07-22T14:18:43.232Z

I also use Joplin portable on USB drive as well. I have the drives setup using Ventoy, Ventoy is an ISO boot utility that allows you to boot multiple tools and OS installations from one stick. The Ventoy takes up about 40 GBs, the rest of the drive is devoted to backups of files as well as a passel of portable apps. This includes Joplin portable with it's profile. This partition is encrypted with VeraCrypt.

So I have a USB thumb drive and USB HDDs that can boot into multiple ISO files, Windows installation, utilities and other stuff. The same USB drive has a large partition that is encrypted with VeraCrypt, the Veracrypt files are even on the first unencrypted partition so I can mount the veracrypt partition on a PC that does not have Veracrpyt installed. I have access to my personal files on that second partition as well as a few dozen portable app - most from PortableApps.com.

It makes for a nice little system, I can boot to a WinPE ISO and get access to disks that may have the OS corrupted. I can install Windows or Linux from the same stick. I can use utility ISOs to do many things. I can mount the VeraCrypt partition and have access to a host of portable apps including Joplin, utilities and tools to do a host of things.

I am in IT and I find it invaluable to have so much available right in my pocket.

ajay · 2023-07-23T08:19:49.171Z

Not sure the responses you have received are solving your problem.
My take is I would not use the built-in profile switching (based on experience on a Mac, I could explain why, but it's lengthy), but rather create an alias in the .config place which points to the veracrypt disk. But there are problems under MacOS, and there may be problems under windows.

Any chance you could add it to this thread, when you find a workable solution ? I am asking since many threads go numb when the solution is found, without explaining what the solution was. If you have specific questions (win or macOS) which you'd like to discuss further - I am ready to spend some time on it.

darp · 2023-07-23T16:28:41.893Z

That's some set up Rootman, from what understand of it. Portable apps appear very versatile. If possible, however, for me, I'd like to keep everything under one roof.

darp · 2023-07-23T16:39:27.999Z

Hi ajay, thanks for responding. I'll be sure to post the solution if I find one. I suspect there may be others interested in the achieving the same end. However, with my leve of technical knowledge.... well, don't hold your breath.

How do I create an alias? Do I duplicate the joplin-desktop file. And do I point to VeraCrypt by encrypting it for use as a mounted drive?

ajay · 2023-07-24T06:00:58.111Z

On windows : The Complete Guide to Creating Symbolic Links (aka Symlinks) on Windows

darp · 2023-07-24T15:06:30.964Z

I'll take a look

Rootman · 2023-07-25T10:49:00.289Z

I've used symbolic links many times. It generally works without a hitch, although a few apps have caused me grief. One in particular, I moved the folder I wanted on my encrypted drive and put a symbolic link back to the original source, works a treat. However, whenever I update it I guess the installation actually deletes the folder I am linking to (actually the link because it does not seem to know any better) and breaks there goes my fix, I have to create the link all over again. So, be sure to check your links to make sure they are still valid.

Links are easy to create from the command line, easier with a GUI. Google up HardLink Shell Extension, it makes creating links as easy as drag and drop.

darp · 2023-07-25T14:06:07.580Z

Thanks for that Rootman. The link ajay sent me looks good. When I get a spare hour I'm going to give it a go. Do I need a hard or soft link do you know?

darp · 2023-07-28T20:21:05.577Z

For the sake of anyone else trying to achieve the same end, I'm updating my progress. I managed to achieve local encryption of a profile and its associated notebooks, but was not able to sync them.

I set up a separate profile which is protected by a VeraCrypt container. The container needs to be mounted before changing profile, otherwise the profile, or Joplin, won't open. Once the container is mounted, Joplin will open again. VeraCrypt provide detailed instructions on how to do this.

Using the link ajay provided above, I found this command to get the 2nd profile to store its notebooks in the encrypted folder mounted on volume J (in my case). mklink /J C:\Users\user.config\joplin-desktop\profile-xxxxxxxx J:\profile-xxxxxxxx

I was unable to get the 2nd profile to sync separately, either to the same server as the default profile, or to a different location. It will sync to the same location as the default profile, but the notebooks are duplicated in both profiles. There doesn't appear to be an option to use a different password for each profile.

tomasz86 · 2023-07-28T20:49:28.686Z

You can't use the same cloud storage to sync multiple profiles unless you use filesystem sync into completely separate folders and then sync those between different devices.

darp · 2023-07-30T04:56:32.788Z

Will that only work with Joplin Portable?

system · 2023-08-29T04:56:57.299Z

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.