keshav-space
commented
7 months ago SafeNotes uses standard AES-256 encryption, and you can decrypt your notes as long as you remember the correct passphrase.
How exactly is the symmetric key derived?
Here is the algorithm for how we generate the Key and IV for encryption using a passphrase and salt. https://github.com/keshav-space/safenotes/blob/3bf776a2b30ac21ea39e1584566db5f3259f84ec/lib/encryption/aes_encryption.dart#L70-L91
Also, is the salt used when generating the symmetric key within the .json backup file? If yes, which field contains the salt?
We create a new salt for each text we encrypt, and the salt is appended at the beginning of the encrypted string. Here is the algorithm for decrypting the notes: https://github.com/keshav-space/safenotes/blob/3bf776a2b30ac21ea39e1584566db5f3259f84ec/lib/encryption/aes_encryption.dart#L49-L68
I am just concerned about relying on a single application with the ability to unencrypt my important notes.
That's the whole point of having it open source. All the encryption algorithms are public and can be cross-verified. Anyone can create a small utility to decrypt the notes using the correct passphrase in any programming language.
You may also want to see this: https://github.com/keshav-space/safenotes/issues/119#issuecomment-2001933727
Main question
Is it possible for me to unencrypt my Safe Notes backup using 3rd party tools (as long as I know my passphrase)?
More detailed question
It says in the Play Store description that the symmetric encryption key is "derived from your passphrase and randomly generated salt."
How exactly is the symmetric key derived?
Also, is the salt used when generating the symmetric key within the
.jsonbackup file? If yes, which field contains the salt?For context, here is a stripped example of my backup json of my 1 note. (I removed the main contents from the text.)
Thank you. I am just concerned about relying on a single application with the ability to unencrypt my important notes.