This feature request is for documentation purposes within my fork, of things I'd like to see happen upstream or within this fork should I find the time.
While Joplin has made an effort to do At-Rest Encryption on the Server Side (E2EE procedure as documented on their website), including an E2EE Spec of how it's used within Joplin, I am a bit disappointed that there isn't as much care placed on At-Rest encryption the Client Side. The upstream team has deferred to operating-system security measures as sufficient.
For storing less-sensitive documents, this is a fair assumption. I, on the other hand, would prefer the ability to safely keep more sensitive documents around -- such as family-shared passwords for husband/wife access to banking, or personal diary or journal entries that should be kept from prying eyes.
Computers and Phones are easily stolen; and storage devices usually store data in plain-text. It is up to the operating system to enforce an encryption layer (such as Windows' BitLocker), and yet, few users have the knowledge or ability to enable that.
I'd like to see something along these lines happen. If At-Rest Encryption and In-Transit Encryption can be assuredly enforced (across ALL client-side implementations that have access to the data), it would be possible to create a viable Secure Password/Note Sharing solution, which internally would just be a "Shared Note" that is always opened and decrypted on the client-side after an Authentication-Unlock Mechanism (password, fingerprint on Android, OTA-Code in a key-manager application, Yubikey, or whatever) has passed.
This feature request is for documentation purposes within my fork, of things I'd like to see happen upstream or within this fork should I find the time.
SeeAlso: Upstream Feature Request's notes. laurent22/joplin#289
While Joplin has made an effort to do At-Rest Encryption on the Server Side (E2EE procedure as documented on their website), including an E2EE Spec of how it's used within Joplin, I am a bit disappointed that there isn't as much care placed on At-Rest encryption the Client Side. The upstream team has deferred to operating-system security measures as sufficient.
For storing less-sensitive documents, this is a fair assumption. I, on the other hand, would prefer the ability to safely keep more sensitive documents around -- such as family-shared passwords for husband/wife access to banking, or personal diary or journal entries that should be kept from prying eyes.
Computers and Phones are easily stolen; and storage devices usually store data in plain-text. It is up to the operating system to enforce an encryption layer (such as Windows' BitLocker), and yet, few users have the knowledge or ability to enable that.
I'd like to see something along these lines happen. If At-Rest Encryption and In-Transit Encryption can be assuredly enforced (across ALL client-side implementations that have access to the data), it would be possible to create a viable Secure Password/Note Sharing solution, which internally would just be a "Shared Note" that is always opened and decrypted on the client-side after an Authentication-Unlock Mechanism (password, fingerprint on Android, OTA-Code in a key-manager application, Yubikey, or whatever) has passed.
Easier said than done? Probably.