Which kind of encrytion method does Joplin use?

Hi guys,

i'm using Joplin 2.7.15 for a couple of days now on Kubuntu 20.04 / 18.04 and 2 Win10 installations (real and Virtualbox machine). Data is encrypted and synchronized via a managed nextcloud server from a german hosting provider.

Everything works fine so far, not having any problems with that great tool.

The last few days I've tried to find out what kind of encryption method is used by Joplin but didn't find any information on that. I googled it, tried the FAQ, but i'm not techie enough to understand what is said there.

Would be great if someone could help a newbie to understand what encrytion method is used and/or how safe Joplins encryption is.

Thanks in advance for that.


Just to be sure: You found this info about E2EE including further links and it did not answer your questions, correct?

To be fair, that page never mentions the encryption method used.

@Mute I believe Joplin uses SJCL: a Javascript crypto library

At Wimvan: Right. As i said in my post i read this but unfortunately i don't have knowledge enough to understand how safe or unbreakable Joplins encryption method is just by checking the information behind the link you posted.
For example if i search Cryptomators website i find they are using an AES256 encryption. I can research this and understand that this is a safe encryption method even if i don't understand the maths and all the matter behind that.
Problem is every one at work is working remotely and i was given the job to research for collaboration tools. Our CEO's understanding of computer matter is rather low which makes her very worried and refusing about cloud synchronized tools because of overall data security and violation of data protection laws here in Germany. That's why i need to be sure that there's a safe encryption method in the background of every collab tool i might want to recommend.

At Roman_r_m: Thanks for the information. How sure are you about that?

I understand. I suppose your question is for the developers of Joplin. Hope they will notice this topic.

This is the actual code (there is a link from the e2ee spec) . Sjcl1a for data, sjcl4 for the master keys.

Both specify AES but a 256 keysize for master keys and 128 for data.

If anyone knows better then please correct me but that is my understanding, the code has comments for various sjcl resources and examples if you want to understand the various settings better.

:+1: COOL :+1: Thank you very much. You made my day.

Happy Easter to everyone here.

1 Like

Daeraxa is correct, we use AES-256 as well as a high number of key derivations to encrypt master keys, to ensure they are secure as possible. The data itself use AES-128 and a lower number of key derivations for performance, and because that data is also indirectly protected by the more secure master key.

The way it is currently setup was done based on the recommendations we got during this audit. Also there's more technical info here: https://joplinapp.org/spec/e2ee/


Thank you a lot for clarification. :+1: I understand Joplin is a great tool that caters to my security needs perfectly.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.