Data at rest is not encrypted

[chuckg]

Bug report

"Data at Rest Encryption" is listed as one of the features however data is left on disk in plaintext and can be parsed and discovered using simple tools like grep. I can see the title or tags being unencrypted, but from my testing it appears as if the entire note is always stored in plaintext on disk.

It should be noted I'm running in only local mode as I test Inkdrop.

Info

• Platform: macOS
• Platform version: 10.12.6
• App Version: 3.9.0

Reproduce

• After initial install, login using Inkdrop.info user
• Immediately open the open the preferences, and set sync to "Local only"
• Create a new note titled "Not Encrypted" with the tag "ohsnap" and a message body of:

  
  The kid went to the store.

He bought some eggs!

- Open preferences, click "Open Config Folder" to figure out the path
- Open terminal/iTerm/etc. and navigate to config folder path.
- Run:

echo $PWD /Users//Library/Application Support/inkdrop grep -R "kid" * Binary file db/4c4a874d25665696706562ad92118c63/000006.log matches Binary file db/4c4a874d25665696706562ad92118c63-search-b27690f30b86e82565ee03d91d2aaabf/000010.log matches

Digging into the actual body of 000006.log, is here a snippet containing the the full body of the test message:

"body":"The kid went to the store.\n\nHe bought some eggs!"

[craftzdog]

Hi, thank you for the feedback.

"Data at Rest Encryption" is available only on the Inkdrop remote database. Your notes are encrypted on the server something like this:

{
  "_id": "note:05f32a5b-eca0-4bfa-bd9b-6e39afbd6b72:2c26a778-7bea-4042-9779-11a884f4ee1c",
  "_rev": "3-0e7153b677161b9bdad6ac51f020f4d4",
  "doctype": "markdown",
  "updatedAt": 1481602841860,
  "createdAt": 1461581428179,
  "tags": [
    "tag:498c7139-a2c1-49a8-a6b8-8bd6496ead65"
  ],
  "status": "none",
  "bookId": "book:05f32a5b-eca0-4bfa-bd9b-6e39afbd6b72",
  "encryptedData": {
    "algorithm": "aes-256-gcm",
    "content": "F1R6CBkTlEDMFQHBMrKFGKPgyWCC5XRHXgT07TB0jT4PdVnqJ6IkvSWskPQ8R4lU1JRuI0EHlSaiTlMj2ZFcC/YuAfxzd+6rsRS7vkLOwoS0e2QHCvXg+CHIjCPla+sm3vDSmlGpgCzMcYLf2s5C2HgwVeHM/H8PQ1O812Xp4/VdAXEBYBFWPC8r+K+d/19LRTHA+xoVyJyiW0b2W2NtBrnqHWgf/gAuTH98RNW60589AVlkiiVNbYKnrrLwkAtstjxcP62a8lDVLU8AEN6dDm1YskdadDtdEHJ++K/TKGXHvmab3lojBY66bcQllVWegJUL9KmwCIKRICWnd+rY3qh8VlRe4Jfh88Gbi6LIkb2mhcARVqrXgSwEGBU/5eEQ27jynhk18kUv/lXfv6ERYZtd5cYptOyT0WDqy5LxrNrQlezDD+/+g/mfvl4pbiKu/mUQzXZqcdv/d6AN51aN7srBwjLt+hC32Bp+qEyLbbjJB8BXjdkZ/8MVGO68Bp15lXdV5gz99T29L2cancriXHHQOKPxmE54sEOB0vcgBJqMCysi68tO4Q==",
    "iv": "b675f235e752b8454fde310c",
    "tag": "bfe8476a39527154202c070532310e9c"
  }
}

Unfortunately encryption in local is difficult due to the performance reason such as the full-text search, listing notes, etc.

[chuckg]

Thank you for the explanation @craftzdog -- I have opened a feature request for encrypted notes instead in #71 to allow for a similar feature.