Why a new encryption key for each device?

I installed Joplin on 3 different devices (Android tablet, Windows PC Android phone) and ended up with three encryption keys in my encryption configuration. It seems I have to re-enter the password for every existing device plus the one each time I add a device. Why?

The password is the same for all. It seems awkward and makes me question the reliability of the encryption system. I would expect a new device to find encrypted notes on the server and ask me for the password once. Each device should have one key and not have knowledge of keys created for and on other devices. What is the idea here?

1 Like

Do not manually enable encryption on multiple devices in parallel, but rather wait for the other ones to sync with the first already encrypted device. Otherwise, you may end up with multiple encryption keys.

https://joplinapp.org/e2ee/#enabling-e2ee

Maybe you get caught (like me, and many others) by this tricky step :
Quote from dpoulton : " you only switch on E2EE once , on the very first device".

Useful posts to understand how it works :
Struggling with Sync setup
Set "active" E2EE key to use for encryption

This silly. I did not choose to create multiple keys, after I created one on one device, notes on the other device showed as encrypted/inaccessible so I was invited to setup encryption for the other device too. There was no option to just enter the password to access the encrypted notes.

Anyway, thanks for the links that teach me what I should have done. I now have three keys on all devices. Exporting the lot and setting up everything from scratch is not appealing. Is there an easy way to get rid of the extra keys?

1 Like

No, there's no way to do that. It's technically not possible.

Howerver, the new sync protocol should sync the encryption key first, so I'm not sure why you didn't get a popup that asked for the key password.

If having multiple master keys bothers you, your only option is to start over. For info, there's a banner on top of the encryption screen that invites you to read the instructions to setup E2EE. This banner is present because we know setting it up is a bit unintuitive.

This is not done yet. The plan eventually is to store the master keys in info.json, that way it will be fetched as soon as sync starts.

1 Like

Oops, sorry. I though that this was what sync protocol 2 did.

I did start over but even that was not easy. I only had about ten notes so that part wasn't too bad, I saved each of them as text and pasted them back into Joplin after I managed to clean it out. On the Android devices it went as expected. I just uninstalled and reinstalled and I was good. On the PC however the experience was not so great.

It appeared that uninstalling the PC version does not clean the local data. This should be an option, like"Keep local data/Delete local data". Or always delete and just display a warning in case anyone expects it to remain.

I found cached data is stored in obscure places and if you do not find and delete these folders manually, the local data will survive a re-install and propagate like a virus again.

The installer is oddly slow, making me wonder what on earth it is doing.

Anyway, in the end I won and I got a clean install again, without keys. Hooray. I then pressed sync and the desktop window went blank. Menus were still accessible but there was no content, the client area remained blank. I had to kill the application (four processes, why?).

Then it blew up immediately after restart (briefly flashed and gone). The next time it came up and all seemed fine. So I started repopulating my notes without further issues. One thing to be fixed: if I start a new note, the first thing I want to do is enter a title so I do not want the cursor in the body pane.

--- for a ruler only works when preceded by a blank line. (___ does work without but looks less nice and is harder to enter, needing shift).

Long notes are hard to navigate on a phone or tablet. I would like some sort of thumb that acts as a scroll bar.

I am still fairly pleased, just poviding some feedback.

Import/Export do the job

Yes in Joplin Profile folders, like a virus I would not say, because this tries to hide and prevents the deletion

This is nothing unusual, many applications use multiple processes. VSCode 12, Firefox 14, ...

depends on the own work / preferences, the first line becomes for example automatic the title

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.