Joplin
/
website
mirror of https://github.com/joplin/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
website/docs/help/dev/spec/e2ee/index.html

17 lines
34 KiB
HTML
Raw Permalink Blame History

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

<!doctype html>
<html lang="en" dir="ltr" class="docs-wrapper docs-doc-page docs-version-current plugin-docs plugin-id-default docs-doc-id-dev/spec/e2ee/index" data-has-hydrated="false">
<head>
<meta charset="UTF-8">
<meta name="generator" content="Docusaurus v2.4.3">
<title data-rh="true">Encryption | Joplin</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://joplinapp.org/help/dev/spec/e2ee/"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docusaurus_version" content="current"><meta data-rh="true" name="docusaurus_tag" content="docs-default-current"><meta data-rh="true" name="docsearch:version" content="current"><meta data-rh="true" name="docsearch:docusaurus_tag" content="docs-default-current"><meta data-rh="true" property="og:title" content="Encryption | Joplin"><meta data-rh="true" name="description" content="Encrypted data is encoded to ASCII because encryption/decryption functions in React Native can only deal with strings. So for compatibility with all the apps we need to use the lowest common denomi..."><meta data-rh="true" property="og:description" content="Encrypted data is encoded to ASCII because encryption/decryption functions in React Native can only deal with strings. So for compatibility with all the apps we need to use the lowest common denomi..."><link data-rh="true" rel="icon" href="https://joplinapp.org/favicon.ico"><link data-rh="true" rel="canonical" href="https://joplinapp.org/help/dev/spec/e2ee/"><link data-rh="true" rel="alternate" href="https://joplinapp.org/help/dev/spec/e2ee/" hreflang="en"><link data-rh="true" rel="alternate" href="https://joplinapp.org/fr/help/dev/spec/e2ee/" hreflang="fr"><link data-rh="true" rel="alternate" href="https://joplinapp.org/help/dev/spec/e2ee/" hreflang="x-default"><link rel="alternate" type="application/rss+xml" href="/news/rss.xml" title="Joplin RSS Feed">
<link rel="alternate" type="application/atom+xml" href="/news/atom.xml" title="Joplin Atom Feed"><link rel="stylesheet" href="/assets/css/styles.3f0207fa.css">
<link rel="preload" href="/assets/js/runtime~main.1fb4f966.js" as="script">
<link rel="preload" href="/assets/js/main.aa9faae4.js" as="script">
</head>
<body class="navigation-with-keyboard">
<script>!function(){function t(t){document.documentElement.setAttribute("data-theme",t)}var e=function(){var t=null;try{t=new URLSearchParams(window.location.search).get("docusaurus-theme")}catch(t){}return t}()||function(){var t=null;try{t=localStorage.getItem("theme")}catch(t){}return t}();t(null!==e?e:"light")}()</script><div id="__docusaurus">
<div role="region" aria-label="Skip to main content"><a class="skipToContent_fXgn" href="#__docusaurus_skipToContent_fallback">Skip to main content</a></div><nav aria-label="Main" class="navbar navbar--fixed-top"><div class="navbar__inner"><div class="navbar__items"><button aria-label="Toggle navigation bar" aria-expanded="false" class="navbar__toggle clean-btn" type="button"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a href="https://joplinapp.org" target="_self" rel="noopener noreferrer" class="navbar__brand"><div class="navbar__logo"><img src="/images/logo-text-blue.svg" alt="Joplin" class="themedImage_ToTc themedImage--light_HNdA"><img src="/images/logo-text-blue.svg" alt="Joplin" class="themedImage_ToTc themedImage--dark_i4oU"></div><b class="navbar__title text--truncate"></b></a></div><div class="navbar__items navbar__items--right"><a class="navbar__item navbar__link" href="/news">News</a><a aria-current="page" class="navbar__item navbar__link navbar__link--active" href="/help/">Help</a><a href="https://discourse.joplinapp.org" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">Forum</a><a href="https://joplinapp.org/plans" target="_self" rel="noopener noreferrer" class="navbar__item navbar__link navbar-custom-buttons plans-button">Joplin Cloud</a><a href="https://joplinapp.org/donate" target="_self" rel="noopener noreferrer" class="navbar__item navbar__link navbar-custom-buttons sponsor-button">♡ Support us</a><div class="navbar__item dropdown dropdown--hoverable dropdown--right"><a href="#" aria-haspopup="true" aria-expanded="false" role="button" class="navbar__link"><svg viewBox="0 0 24 24" width="20" height="20" aria-hidden="true" class="iconLanguage_nlXk"><path fill="currentColor" d="M12.87 15.07l-2.54-2.51.03-.03c1.74-1.94 2.98-4.17 3.71-6.53H17V4h-7V2H8v2H1v1.99h11.17C11.5 7.92 10.44 9.75 9 11.35 8.07 10.32 7.3 9.19 6.69 8h-2c.73 1.63 1.73 3.17 2.98 4.56l-5.09 5.02L4 19l5-5 3.11 3.11.76-2.04zM18.5 10h-2L12 22h2l1.12-3h4.75L21 22h2l-4.5-12zm-2.62 7l1.62-4.33L19.12 17h-3.24z"></path></svg>English</a><ul class="dropdown__menu"><li><a href="/help/dev/spec/e2ee/" target="_self" rel="noopener noreferrer" class="dropdown__link dropdown__link--active" lang="en">English</a></li><li><a href="/fr/help/dev/spec/e2ee/" target="_self" rel="noopener noreferrer" class="dropdown__link" lang="fr">Français</a></li></ul></div><div class="toggle_vylO colorModeToggle_DEke"><button class="clean-btn toggleButton_gllP toggleButtonDisabled_aARS" type="button" disabled="" title="Switch between dark and light mode (currently light mode)" aria-label="Switch between dark and light mode (currently light mode)" aria-live="polite"><svg viewBox="0 0 24 24" width="24" height="24" class="lightToggleIcon_pyhR"><path fill="currentColor" d="M12,9c1.65,0,3,1.35,3,3s-1.35,3-3,3s-3-1.35-3-3S10.35,9,12,9 M12,7c-2.76,0-5,2.24-5,5s2.24,5,5,5s5-2.24,5-5 S14.76,7,12,7L12,7z M2,13l2,0c0.55,0,1-0.45,1-1s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S1.45,13,2,13z M20,13l2,0c0.55,0,1-0.45,1-1 s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S19.45,13,20,13z M11,2v2c0,0.55,0.45,1,1,1s1-0.45,1-1V2c0-0.55-0.45-1-1-1S11,1.45,11,2z M11,20v2c0,0.55,0.45,1,1,1s1-0.45,1-1v-2c0-0.55-0.45-1-1-1C11.45,19,11,19.45,11,20z M5.99,4.58c-0.39-0.39-1.03-0.39-1.41,0 c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0s0.39-1.03,0-1.41L5.99,4.58z M18.36,16.95 c-0.39-0.39-1.03-0.39-1.41,0c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0c0.39-0.39,0.39-1.03,0-1.41 L18.36,16.95z M19.42,5.99c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06c-0.39,0.39-0.39,1.03,0,1.41 s1.03,0.39,1.41,0L19.42,5.99z M7.05,18.36c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06 c-0.39,0.39-0.39,1.03,0,1.41s1.03,0.39,1.41,0L7.05,18.36z"></path></svg><svg viewBox="0 0 24 24" width="24" height="24" class="darkToggleIcon_wfgR"><path fill="currentColor" d="M9.37,5.51C9.19,6.15,9.1,6.82,9.1,7.5c0,4.08,3.32,7.4,7.4,7.4c0.68,0,1.35-0.09,1.99-0.27C17.45,17.19,14.93,19,12,19 c-3.86,0-7-3.14-7-7C5,9.07,6.81,6.55,9.37,5.51z M12,3c-4.97,0-9,4.03-9,9s4.03,9,9,9s9-4.03,9-9c0-0.46-0.04-0.92-0.1-1.36 c-0.98,1.37-2.58,2.26-4.4,2.26c-2.98,0-5.4-2.42-5.4-5.4c0-1.81,0.89-3.42,2.26-4.4C12.92,3.04,12.46,3,12,3L12,3z"></path></svg></button></div><div class="searchBox_ZlJk"><div class="navbar__search"><span aria-label="expand searchbar" role="button" class="search-icon" tabindex="0"></span><input type="search" id="search_input_react" placeholder="Loading..." aria-label="Search" class="navbar__search-input search-bar" disabled=""></div></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div id="__docusaurus_skipToContent_fallback" class="main-wrapper mainWrapper_z2l0 docsWrapper_BCFX"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docPage__5DB"><aside class="theme-doc-sidebar-container docSidebarContainer_b6E3"><div class="sidebarViewport_Xe31"><div class="sidebar_njMd"><nav aria-label="Docs sidebar" class="menu thin-scrollbar menu_SIkG"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/help/">What is Joplin?</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/help/install">Installation</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" aria-expanded="false" href="/help/apps/">Using Joplin</a><button aria-label="Toggle the collapsible sidebar category &#x27;Using Joplin&#x27;" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" aria-expanded="false" href="/help/api/">Programmatic API</a><button aria-label="Toggle the collapsible sidebar category &#x27;Programmatic API&#x27;" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--active" aria-expanded="true" href="/help/dev/">Development</a><button aria-label="Toggle the collapsible sidebar category &#x27;Development&#x27;" type="button" class="clean-btn menu__caret"></button></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret menu__link--active" aria-expanded="true" tabindex="0" href="/help/dev/spec/architecture">Technical specifications</a></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/help/dev/spec/architecture">Joplin architecture</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/help/dev/spec/clipper_auth">Clipper authorisation mechanism</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/help/dev/spec/default_plugins">How to add a new default plugin</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/help/dev/spec/desktop_styling">Desktop application styling</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-3 menu__list-item"><div class="menu__list-item-collapsible menu__list-item-collapsible--active"><a class="menu__link menu__link--sublist menu__link--active" aria-current="page" aria-expanded="true" tabindex="0" href="/help/dev/spec/e2ee/">Encryption</a><button aria-label="Toggle the collapsible sidebar category &#x27;Encryption&#x27;" type="button" class="clean-btn menu__caret"></button></div><ul style="display:block;overflow:visible;height:auto" class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-4 menu__list-item"><a class="menu__link" tabindex="0" href="/help/dev/spec/e2ee/workflow">E2EE workflow</a></li></ul></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/help/dev/spec/history">Note history</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/help/dev/spec/interop_with_frontmatter">Markdown with Front Matter Exporter/Importer</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/help/dev/spec/note_viewer_isolation">Note viewer isolation</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/help/dev/spec/plugins">Plugin system architecture</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/help/dev/spec/read_only">Read-only</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/help/dev/spec/search_sorting">Search Engine</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/help/dev/spec/server_debug">Debugging Server project with vscode</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/help/dev/spec/server_delta_sync">Joplin Server delta sync</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/help/dev/spec/server_file_url_format">Structure of file URLs in Joplin Server</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/help/dev/spec/server_items">Joplin Server items</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/help/dev/spec/server_sharing">Joplin Server sharing feature</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/help/dev/spec/server_sharing_e2ee">Sharing a notebook with E2EE enabled</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/help/dev/spec/server_user_status">Joplin Server user status</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/help/dev/spec/sync">Joplin synchronisation</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/help/dev/spec/sync_lock">Synchronisation locks</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/help/dev/spec/sync_scroll">Synchronous Scroll</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/help/dev/spec/voice_typing">Voice typing</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-3 menu__list-item"><a class="menu__link" tabindex="0" href="/help/dev/spec/web_app">Web app</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" tabindex="0" href="/help/dev/gsoc/gsoc2020/">Google Summer of Code</a></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/help/dev/BUILD">Building the applications</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/help/dev/DEPLOY">Deploying Joplin apps and scripts</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/help/dev/build_troubleshooting">Build troubleshooting</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/help/dev/coding_style">Coding style</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/help/dev/localisation">Localisation</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/help/dev/spellcheck">Spellchecking using CSpell</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/help/dev/technical_spec">Guide to writing a technical spec</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" aria-expanded="false" href="/help/about/changelog/android">About</a></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/help/faq">FAQ</a></li></ul></nav></div></div></aside><main class="docMainContainer_gTbr"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_VOVn"><div class="docItemContainer_Djhp"><article><div class="tocCollapsible_ETCw theme-doc-toc-mobile tocMobile_ITEo"><button type="button" class="clean-btn tocCollapsibleButton_TO0P">On this page</button></div><div class="theme-doc-markdown markdown"><h1>Encryption</h1><div class="donate-links"><p><a href="https://www.paypal.com/donate/?business=E8JMYD2LQ8MMA&amp;no_recurring=0&amp;item_name=I+rely+on+donations+to+maintain+and+improve+the+Joplin+open+source+project.+Thank+you+for+your+help+-+it+makes+a+difference%21&amp;currency_code=EUR" target="_blank" rel="noopener noreferrer"><img loading="lazy" src="https://raw.githubusercontent.com/laurent22/joplin/dev/Assets/WebsiteAssets/images/badges/Donate-PayPal-green.svg" alt="Donate using PayPal" class="img_ev3q"></a> <a href="https://github.com/sponsors/laurent22/" target="_blank" rel="noopener noreferrer"><img loading="lazy" src="https://raw.githubusercontent.com/laurent22/joplin/dev/Assets/WebsiteAssets/images/badges/GitHub-Badge.svg" alt="Sponsor on GitHub" class="img_ev3q"></a> <a href="https://www.patreon.com/joplin" target="_blank" rel="noopener noreferrer"><img loading="lazy" src="https://raw.githubusercontent.com/laurent22/joplin/dev/Assets/WebsiteAssets/images/badges/Patreon-Badge.svg" alt="Become a patron" class="img_ev3q"></a> <a href="https://joplinapp.org/donate/#donations" target="_blank" rel="noopener noreferrer"><img loading="lazy" src="https://raw.githubusercontent.com/laurent22/joplin/dev/Assets/WebsiteAssets/images/badges/Donate-IBAN.svg" alt="Donate using IBAN" class="img_ev3q"></a></p></div><p>Encrypted data is encoded to ASCII because encryption/decryption functions in React Native can only deal with strings. So for compatibility with all the apps we need to use the lowest common denominator.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="encrypted-data-format">Encrypted data format<a href="#encrypted-data-format" class="hash-link" aria-label="Direct link to Encrypted data format" title="Direct link to Encrypted data format"></a></h2><h3 class="anchor anchorWithStickyNavbar_LWe7" id="header">Header<a href="#header" class="hash-link" aria-label="Direct link to Header" title="Direct link to Header"></a></h3><table><thead><tr><th>Name</th><th>Size</th></tr></thead><tbody><tr><td>Identifier</td><td>3 chars (&quot;JED&quot;)</td></tr><tr><td>Version number</td><td>2 chars (Hexa string)</td></tr></tbody></table><p>This is followed by the encryption metadata:</p><table><thead><tr><th>Name</th><th>Size</th></tr></thead><tbody><tr><td>Length</td><td>6 chars (Hexa string)</td></tr><tr><td>Encryption method</td><td>2 chars (Hexa string)</td></tr><tr><td>Master key ID</td><td>32 chars (Hexa string)</td></tr></tbody></table><p>See <code>lib/services/e2ee/EncryptionService.ts</code> for the list of available encryption methods.</p><h3 class="anchor anchorWithStickyNavbar_LWe7" id="data-chunk">Data chunk<a href="#data-chunk" class="hash-link" aria-label="Direct link to Data chunk" title="Direct link to Data chunk"></a></h3><p>The data is encoded in one or more chunks for performance reasons. That way it is possible to take a block of data from one file and encrypt it to another block in another file. Encrypting/decrypting the whole file in one go would not work (on mobile especially).</p><table><thead><tr><th>Name</th><th>Size</th></tr></thead><tbody><tr><td>Length</td><td>6 chars (Hexa string)</td></tr><tr><td>Data</td><td>(&quot;Length&quot; bytes) (ASCII)</td></tr></tbody></table><h2 class="anchor anchorWithStickyNavbar_LWe7" id="master-keys">Master Keys<a href="#master-keys" class="hash-link" aria-label="Direct link to Master Keys" title="Direct link to Master Keys"></a></h2><p>The master keys are used to encrypt and decrypt data. They can be generated from the Encryption Service and are saved to the database. They are themselves encrypted via a user password using a <a href="https://github.com/laurent22/joplin/blob/b5b02d8d7bce2c07c89fef50103e1399d792b75e/packages/lib/services/e2ee/EncryptionService.ts#L373" target="_blank" rel="noopener noreferrer">strong encryption method</a>.</p><p>These encrypted master keys are transmitted with the sync data so that they can be available to each client. Each client will need to supply the user password to decrypt each key.</p><p>The application supports multiple master keys in order to handle cases where one offline client starts encrypting notes, then another offline client starts encrypting notes too, and later both sync. Both master keys will have to be decrypted separately with the user password.</p><p>Only one master key can be active for encryption purposes. For decryption, the algorithm will check the Master Key ID in the header, then check if it&#x27;s available to the current app and, if so, use this for decryption.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="encryption-service">Encryption Service<a href="#encryption-service" class="hash-link" aria-label="Direct link to Encryption Service" title="Direct link to Encryption Service"></a></h2><p>The applications make use of the <code>EncryptionService</code> class to handle encryption and decryption. Before it can be used, a least one master key must be loaded into it and be marked as &quot;active&quot;.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="encryption-workflow">Encryption workflow<a href="#encryption-workflow" class="hash-link" aria-label="Direct link to Encryption workflow" title="Direct link to Encryption workflow"></a></h2><p>Items are encrypted only during synchronisation, when they are serialised (via <code>BaseItem.serializeForSync</code>), so before being sent to the sync target.</p><p>They are decrypted by DecryptionWorker in the background.</p><p>The apps handle displaying both decrypted and encrypted items, so that user is aware that these items are there even if not yet decrypted. Encrypted items are mostly read-only to the user, except that they can be deleted.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="enabling-and-disabling-encryption">Enabling and disabling encryption<a href="#enabling-and-disabling-encryption" class="hash-link" aria-label="Direct link to Enabling and disabling encryption" title="Direct link to Enabling and disabling encryption"></a></h2><p>Enabling/disabling E2EE while two clients are in sync might have an unintuitive behaviour (although that behaviour might be correct), so below some scenarios are explained:</p><ul><li>If client 1 enables E2EE, all items will be synced to target and will appear encrypted on target. Although all items have been re-uploaded to the target, their timestamps did <em>not</em> change (because the item data itself has not changed, only its representation). Because of this, client 2 will not re-download the items - it does not need to do so anyway since it has already the item data.</li><li>When a client sync and download a master key for the first time, encryption will be automatically enabled (user will need to supply the master key password). In that case, all items that are not encrypted will be re-synced. Uploading only non-encrypted items is an optimisation since if an item is already encrypted locally it means it&#x27;s encrypted on target too.</li><li>If both clients are in sync with E2EE enabled: if client 1 disable E2EE, it&#x27;s going to re-upload all the items unencrypted. Client 2 again will not re-download the items for the same reason as above (data did not change, only representation). Note that user <em>must</em> manually disable E2EE on all clients otherwise some will continue to upload encrypted items. Since synchronisation is stateless, clients do not know whether other clients use E2EE or not so this step has to be manual.</li><li>Although messy, Joplin supports having some clients send encrypted items and others unencrypted ones. The situation gets resolved once all the clients have the same E2EE settings.</li><li>Currently, there is no way to delete encryption keys if you do not need them anymore or if you disabled the encryption completely. You will get a persistent notification to provide a Master Key password on a new device, even if encryption is disabled. Entering the Master Key(s) password and still having the encryption disabled will get rid of the notification. See <a href="https://discourse.joplinapp.org/t/delete-e2ee-master-keys/906" target="_blank" rel="noopener noreferrer">Delete E2EE Master Keys</a> for more info.</li></ul><h2 class="anchor anchorWithStickyNavbar_LWe7" id="types-of-keys">Types of keys<a href="#types-of-keys" class="hash-link" aria-label="Direct link to Types of keys" title="Direct link to Types of keys"></a></h2><p>There are two types of key:</p><ul><li><strong>Data keys</strong>, which are used to encrypt Joplin items, such as notes, notebooks, tags, etc. when E2EE is enabled. A data key is generated when the user enables E2EE. Data keys are also dynamically generated when a user shares a notebook with another user. In this case, we create a separate key, so that the recipient can only decrypt this specific notebook.</li><li><strong>Public-private key pairs</strong>, which are used to transfer secrets between users.</li></ul><h2 class="anchor anchorWithStickyNavbar_LWe7" id="master-password">Master password<a href="#master-password" class="hash-link" aria-label="Direct link to Master password" title="Direct link to Master password"></a></h2><p>The master password is used to encrypt E2EE data keys as well as the user&#x27;s private key.</p><p><strong>It is possible to change the master password</strong> - in this case, all keys are reencrypted with the new password. The data, notes, notebooks, etc. does not need to be reencrypted.</p><p>If a master password is forgotten it&#x27;s not possible to recover it. <strong>It is however possible to reset it</strong>. In that case, all associated keys are disabled, and the public-private key pair is regenerated. In practice it means that any content that was encrypted with the forgotten password can no longer be decrypted.</p><h2 class="anchor anchorWithStickyNavbar_LWe7" id="public-private-key-pairs">Public-private key pairs<a href="#public-private-key-pairs" class="hash-link" aria-label="Direct link to Public-private key pairs" title="Direct link to Public-private key pairs"></a></h2><p>Public-private key pairs (PPK) are used to transfer secrets between users. Specifically, they are used when sharing a notebook while E2EE is enabled. The workflow is as follow:</p><ul><li>Alice shares a notebook with Bob</li><li>Since the notebook is encrypted, Alice also sends the key to Bob, but it needs to be encrypted too.</li><li>To do so, she downloads Bob&#x27;s public key and encrypt the key with it</li><li>When accepting the share, Bob receives this key</li><li>Bob decrypts it with his private key</li><li>Once decrypted, he reencrypts it with his master password</li></ul><p>At this point, both users have a copy of the key and can share notes over E2EE.</p><p>A user can only have one PPK.</p><p>PPKs are generated automatically when E2EE is enabled and when the user synchronises. They are then stored in info.json on the sync target. The key is generated during sync because otherwise multiple clients could generate a PPK, and then there would be a conflict to decide which PPK should be kept. By doing it during sync, it ensures that only one PPK is generated because the synchronizer fetches first info.json - and only generates a PPK if none is already present.</p></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="theme-doc-footer-edit-meta-row row"><div class="col"><a href="https://github.com/laurent22/joplin/tree/dev/readme/dev/spec/e2ee/index.md" target="_blank" rel="noreferrer noopener" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_vwxv"></div></div></footer></article><nav class="pagination-nav docusaurus-mt-lg" aria-label="Docs pages"><a class="pagination-nav__link pagination-nav__link--prev" href="/help/dev/spec/desktop_styling"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Desktop application styling</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/help/dev/spec/e2ee/workflow"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">E2EE workflow</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#encrypted-data-format" class="table-of-contents__link toc-highlight">Encrypted data format</a><ul><li><a href="#header" class="table-of-contents__link toc-highlight">Header</a></li><li><a href="#data-chunk" class="table-of-contents__link toc-highlight">Data chunk</a></li></ul></li><li><a href="#master-keys" class="table-of-contents__link toc-highlight">Master Keys</a></li><li><a href="#encryption-service" class="table-of-contents__link toc-highlight">Encryption Service</a></li><li><a href="#encryption-workflow" class="table-of-contents__link toc-highlight">Encryption workflow</a></li><li><a href="#enabling-and-disabling-encryption" class="table-of-contents__link toc-highlight">Enabling and disabling encryption</a></li><li><a href="#types-of-keys" class="table-of-contents__link toc-highlight">Types of keys</a></li><li><a href="#master-password" class="table-of-contents__link toc-highlight">Master password</a></li><li><a href="#public-private-key-pairs" class="table-of-contents__link toc-highlight">Public-private key pairs</a></li></ul></div></div></div></div></main></div></div><footer class="footer footer--dark"><div class="container container-fluid"><div class="row footer__links"><div class="col footer__col"><div class="footer__title">Community</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://twitter.com/joplinapp" target="_blank" rel="noopener noreferrer" class="footer__link-item">Twitter<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://www.patreon.com/joplin" target="_blank" rel="noopener noreferrer" class="footer__link-item">Patreon<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://www.linkedin.com/company/joplin" target="_blank" rel="noopener noreferrer" class="footer__link-item">LinkedIn<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://discord.gg/VSj7AFHvpq" target="_blank" rel="noopener noreferrer" class="footer__link-item">Discord<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://mastodon.social/@joplinapp" target="_blank" rel="noopener noreferrer" class="footer__link-item">Mastodon<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://sopuli.xyz/c/joplinapp" target="_blank" rel="noopener noreferrer" class="footer__link-item">Lemmy<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li><li class="footer__item"><a href="https://github.com/laurent22/joplin/" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-hidden="true" viewBox="0 0 24 24" class="iconExternalLink_nPIU"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></svg></a></li></ul></div><div class="col footer__col"><div class="footer__title">Legal</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://joplinapp.org/privacy" target="_blank" rel="noopener noreferrer" class="footer__link-item">Privacy Policy</a></li></ul></div></div><div class="footer__bottom text--center"><div class="footer__copyright">Copyright © 2016-2024 Laurent Cozic</div></div></div></footer></div>
<script src="/assets/js/runtime~main.1fb4f966.js"></script>
<script src="/assets/js/main.aa9faae4.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink