Password protected + encrypted notes

dullage / flatnotes

A self-hosted, database-less note taking web app that utilises a flat folder of markdown files for storage.

MIT License

1.47k stars 87 forks source link

Password protected + encrypted notes #46

Open woonaval opened 1 year ago

woonaval commented 1 year ago

Hi, I would like to make a suggestion. For me it would be great if notes could be password protected and then encrypted in the filesystem. Sounds a bit paranoid, but sometimes I write notes with more private content and I would love if these were encrypted and couldn't be easily read from the server. Thanks for your great project!! Edit: I mean an option to selectively protect individual notes, not all of them globally.

JayGoldberg commented 1 year ago

Interested in this as well. Or an "editing code" to allow saving of edited notes? I guess access control was not a design goal or we expect the instance to be protected by some other kind of auth.

Tiddlywiki allows client-side encryption/decryption as an example to what @woonaval said: https://tiddlywiki.com/static/Encryption.html

clach04 commented 5 months ago

Random notes:

Using a library such as SJCL like TW does means the server can be either http or https
- TW defaults to SJCL defaults https://talk.tiddlywiki.org/t/query-how-secure-is-the-inbuilt-encryption-option-in-tw/5185/6 has more details
using WebCrypto (builtin web browser crypto routines) requires https for the server unless serving localhost. https://stackoverflow.com/a/46671627 has more details