Encryption of (synced) storages

[sherabi]

Requesting support for encryption when using external storage services like s3, Google drive, Dropbox etc.
Just like Laverna.

Moderator note:
This GitHub issue is purely about the encryption of storage. For adding the sync feature see: #308

IssueHunt Summary

Sponsors (Total: $60.00)

• issuehunt ($45.00)
• edulcoweb ($10.00)
• satywa ($5.00)

Become a sponsor now!

Or submit a pull request to get the deposits!

Tips

• Checkout the Issuehunt explorer to discover more funded issues.
• Need some help from other developers? Add your repositories on IssueHunt to raise funds.

[asmsuechan]

Hi, @sherabi. Thank you for your request. Yes, I consider this feature.

[MrBMT]

+1 for encryption, that'd be a really nice feature.

I mainly use Boostnote for taking notes at work and wouldn't want to have any of my notes stored on an external storage platform without them being encrypted first, as some of the information is confidential.

[MrW4S4B1]

I'd love to see this feature implemented!

@MrBMT I'm using Cryptomator to create an encrypted drive inside the cloud storage with all the Boostnote files inside. You have some cons, though: You have to use the desktop sync app of your cloud storage provider, no mobile sync and a bunch of apps in the background. On the other hand, if encryption is a must, this is probably the best workaround as cryptomator is designed to protect cloud storage. Hope you find it useful!

[ximbal]

Encryption of the files would be great, I am currently using keybase to store things like SSH keys, but it would be super useful if I could store them right next to code snippets, all in a single tidy place

[IssueHuntBot]

@kazup01 has boosted this issue with $40. Visit this issue on Issuehunt

[IssueHuntBot]

@chartotu19 has started working. Visit this issue on Issuehunt

[TobiasDev]

I would love to see this feature as well. However, it would be awesome if it can be combined with WebDav sync (for the mobile app at least, since I can point the desktop app to any folder I want on my PC), so that I can use this app together with my Personal NextCloud instance. Rather than having to trust Dropbox with my data. :)

[IssueHuntBot]

@TobiasDev funded this issue with $18.98. Visit this issue on Issuehunt

[TobiasDev]

I have seen that this is in development (when looking on IssueHunt), is there any time release for when it would come in? Just out of curiosity since I'm currently holding back on switching to BoostNote for all my notes. :) Obviously no stress, but I really enjoy BoostNote so the sooner I can make the full switch from Evernote the better. :)

[IssueHuntBot]

@kazup01 has cancelled funding for this issue.(Cancelled amount: $40.00) See it on IssueHunt

[IssueHuntBot]

@issuehuntfest has funded $40.00 to this issue. See it on IssueHunt

[IssueHuntBot]

@edulcoweb has funded $10.00 to this issue.

---

• Submit pull request via IssueHunt to receive this reward.
• Want to contribute? Chip in to this issue via IssueHunt.
• Checkout the IssueHunt Issue Explorer to see more funded issues.
• Need help from developers? Add your repository on IssueHunt to raise funds.

[IssueHuntBot]

@satywa has funded $5.00 to this issue.

---

• Submit pull request via IssueHunt to receive this reward.
• Want to contribute? Chip in to this issue via IssueHunt.
• Checkout the IssueHunt Issue Explorer to see more funded issues.
• Need help from developers? Add your repository on IssueHunt to raise funds.

[IssueHuntBot]

@IssueHunt has funded $5.00 to this issue.

---

• Submit pull request via IssueHunt to receive this reward.
• Want to contribute? Chip in to this issue via IssueHunt.
• Checkout the IssueHunt Issue Explorer to see more funded issues.
• Need help from developers? Add your repository on IssueHunt to raise funds.

[TobiasDev]

Not sure if this helps, but if you guys are looking for a way to do this (using for example Nextcloud), I think Joplin might be good to look into. An open-source Evernote alternative.

[Cito]

If you mention Joplin you should also mention Standard Notes. Maybe Boostnote can use the same encryption library Standard File that Standard Notes is using?

[TobiasDev]

Yeah. The reason for Joplin was more since they also support file syncing to NextCloud, Dropbox, etc. Standard Notes has their own servers for your things. Hence why they don't support file attachments using storage on their space. :)

[IssueHuntBot]

@TobiasDev has cancelled funding for this issue.(Cancelled amount: $18.98) See it on IssueHunt

[dlumma]

I'd pay for an integration with keybase.

[Flexo013]

@dlumma You can open a new issue specifically asking for syncing and encryption using keybase. Then through IssueHunt, you can fund that new issue.

[Tiramisu77]

I can implement this feature using window.crypto. We can add optional password field when creating a new folder, if the password was provided, all notes under the folder will be encrypted. Also there will be the option to change the password when right clicking on an encrypted folder.

[Flexo013]

@Tiramisu77 You are the first to mention a password in this thread. The community so far has mentioned that they would simply want the option to encrypt the files within a storage. This would be done by generating a key(pair) that can be used to encrypt and decrypt the files.

When creating a new folder Boostnote should be able to generate these and store these somewhere that the user can access them. When adding an existing (encrypted) storage one should have the option to provide the key(pair) to make sure that the storage can actually be used.

[Tiramisu77]

@Flexo013 My bad, thanks for clarifying that. Would it make sense to start working on this feature now, or is it better to wait until the sync feature is added?

[Flexo013]

@Tiramisu77 No problem at all. You can already start working on this feature now. To workaround the sync you can simply use syncing with something like Dropbox or MEGA. If you need any more clarification, then don't hesitate to ask.

[Tiramisu77]

Here's my plan so far:

Add "encrypt" checkbox when adding a new storage location.

If not exists, create a keystore file in the Home directory, where keypairs for all encrypted storages will be stored.

Under Preferences > Storage, add options for opening the keystore file's location and changing its location

When user adds a new storage location, if there already is a storage in that location and it is encrypted and there's no keys for this storage in the keystore, then ask the user to provide the keypair

Only note's content will be encrypted.

Crypto will be handled by openpgpjs

If it all sounds good, I can start implementing it.

[Flexo013]

This sounds good to me!

@Rokt33r and @ZeroX-DG do either of you have additions or comments about @Tiramisu77's plan here?

[arcturus140]

is this issue still about the encryption of synced files or are local files being encrypted as well?

How can user recover their encrypted notes after they lost the key?

[Flexo013]

@arcturus140 Currently there isn't really a difference between a note file that is synced and not synced, as that is handled by external syncing software. This new feature would encrypt your local files, (because those are uploaded). Note that this is optional when making (or editing?) a storage. Your notes won't be encrypted by default.

The whole idea of encryption is that you can't. You will need the key to decrypt the notes. It depends on how it's implemented, but you will most likely be able to use a command line version of PGP to decrypt a file with your key.

[arcturus140]

@Flexo013 I know but syncing could be a requirement for encryption once storage Locactions of type sync are supported.

Before Boostnote I have been using Laverna. One thing I learned about self hosted keys: users loose them.

This is less a personal concern as a general observation. It would seem that the user be responsible to store their keys is a rather unreliable solution, for once when it comes to recover from a corrupted system.

[Flexo013]

@arcturus140 Hmm, I understand your concern. We could try something with different levels of security:

• High security: everything is encrypted - losing your key means losing your notes
• Medium security: there is both an encrypted and non-encrypted version of your storage - the encrypted one can be used for syncing and will be leading - losing your key will mean you can no longer update/read synced files, but you still have the last plain version
• No security: nothing is encrypted - this is what we have now

@Tiramisu77 Just in case you hadn't yet, feel free to start with that implementation.