Which kind of encrytion method does Joplin use?

Mute · 15 April 2022 13:41

Hi guys,

i'm using Joplin 2.7.15 for a couple of days now on Kubuntu 20.04 / 18.04 and 2 Win10 installations (real and Virtualbox machine). Data is encrypted and synchronized via a managed nextcloud server from a german hosting provider.

Everything works fine so far, not having any problems with that great tool.

The last few days I've tried to find out what kind of encryption method is used by Joplin but didn't find any information on that. I googled it, tried the FAQ, but i'm not techie enough to understand what is said there.

Would be great if someone could help a newbie to understand what encrytion method is used and/or how safe Joplins encryption is.

Thanks in advance for that.

Wimvan · 16 April 2022 15:10

Just to be sure: You found this info about E2EE including further links and it did not answer your questions, correct?

roman_r_m · 16 April 2022 15:20

To be fair, that page never mentions the encryption method used.

@Mute I believe Joplin uses SJCL: a Javascript crypto library

Mute · 17 April 2022 02:35

At Wimvan: Right. As i said in my post i read this but unfortunately i don't have knowledge enough to understand how safe or unbreakable Joplins encryption method is just by checking the information behind the link you posted.
For example if i search Cryptomators website i find they are using an AES256 encryption. I can research this and understand that this is a safe encryption method even if i don't understand the maths and all the matter behind that.
Problem is every one at work is working remotely and i was given the job to research for collaboration tools. Our CEO's understanding of computer matter is rather low which makes her very worried and refusing about cloud synchronized tools because of overall data security and violation of data protection laws here in Germany. That's why i need to be sure that there's a safe encryption method in the background of every collab tool i might want to recommend.

Mute · 17 April 2022 02:46

At Roman_r_m: Thanks for the information. How sure are you about that?

Wimvan · 17 April 2022 04:27

I understand. I suppose your question is for the developers of Joplin. Hope they will notice this topic.

Daeraxa · 17 April 2022 07:57

This is the actual code (there is a link from the e2ee spec) . Sjcl1a for data, sjcl4 for the master keys.

github.com

laurent22/joplin/blob/b5b02d8d7bce2c07c89fef50103e1399d792b75e/packages/lib/services/e2ee/EncryptionService.ts#L318

      
        
            					ts: 64, // ???
            					mode: 'ocb2', //  The cipher mode is a standard for how to use AES and other algorithms to encrypt and authenticate your message. OCB2 mode is slightly faster and has more features, but CCM mode has wider support because it is not patented.
            					// "adata":"", // Associated Data - not needed?
            					cipher: 'aes',
            				});
            			} catch (error) {
            				throw this.wrapSjclError(error);
            			}
            		}
            
            
		// 2020-03-06: Added method to fix https://github.com/laurent22/joplin/issues/2591
            		//             Also took the opportunity to change number of key derivations, per Isaac Potoczny's suggestion
            		if (method === EncryptionMethod.SJCL1a) {
            			try {
            				// We need to escape the data because SJCL uses encodeURIComponent to process the data and it only
            				// accepts UTF-8 data, or else it throws an error. And the notes might occasionally contain
            				// invalid UTF-8 data. Fixes https://github.com/laurent22/joplin/issues/2591
            				return sjcl.json.encrypt(key, escape(plainText), {
            					v: 1, // version
            					iter: 101, // Since the master key already uses key derivations and is secure, additional iteration here aren't necessary, which will make decryption faster. SJCL enforces an iter strictly greater than 100
            					ks: 128, // Key size - "128 bits should be secure enough"

Both specify AES but a 256 keysize for master keys and 128 for data.

If anyone knows better then please correct me but that is my understanding, the code has comments for various sjcl resources and examples if you want to understand the various settings better.

Mute · 17 April 2022 08:15

COOL Thank you very much. You made my day.

Happy Easter to everyone here.

laurent · 17 April 2022 10:40

Daeraxa is correct, we use AES-256 as well as a high number of key derivations to encrypt master keys, to ensure they are secure as possible. The data itself use AES-128 and a lower number of key derivations for performance, and because that data is also indirectly protected by the more secure master key.

The way it is currently setup was done based on the recommendations we got during this audit. Also there's more technical info here: https://joplinapp.org/spec/e2ee/

Mute · 17 April 2022 11:26

Thank you a lot for clarification. I understand Joplin is a great tool that caters to my security needs perfectly.

system · 17 May 2022 11:27

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Ultra-safe backups of encrypted notes Support	4	839	11 October 2020
How can we be sure that you've implemented E2E encryption securely? Support	7	1517	20 March 2019
Has Joplin been audited? Support	4	1185	30 July 2023
Encryption not working? Support	3	607	19 February 2023
Syncing and e2ee between three clients Support	9	427	13 December 2023

Which kind of encrytion method does Joplin use?

Related topics