search

saber-notes / saber

The cross-platform open-source app built for handwriting
https://saber.adil.hanney.org
GNU General Public License v3.0
2.05k stars 125 forks source link

allow unencrypted data sync #265

Open strk opened 1 year ago

strk commented 1 year ago

It would be handy to allow storing notes unencrypted. One less password to manage if the notes you are taking are not that sensitive...

adil192 commented 1 year ago

If the only problem you have with encryption is that you need to remember an extra password, could you not just use the same password for nextcloud and encryption?

strk commented 1 year ago

That's a good point, I guess I could, yes. I was really also thinking in terms of improving interoperability with other tools. Is there a formal specification for the file(s) format used by Saber ?

PS: I love to see this coming, great work you're doing !

xmha97 commented 1 year ago

Thank you for thinking about the security of our data, but I don't need it. I want to sync my notes on the personal server. Please make the "Encryption Password" field, optional.

Iey4iej3 commented 1 year ago

I have an alternative suggestion: possibility to select the notes to encrypt and the notes not to encrypt.

Now it turns out that the encryption sometimes leads to a computational overhead which slows down the app. I think that the encryption for non-sensitive notes (such as my course notes) does not seem to be necessary, thus I prefer a possibility to opt out non-sensitive notes.

thiswillbeyourgithub commented 3 months ago

Hi, I was wondering : can anyone give me pointers as to how I would go about manually decrypting .sba2 files on my computer?

I do have the file and the password, but am interested in decrypting it manually to see if I could code a few exporter. For example to Logseq whiteboards, or do handwriting OCR that automatically gets send somewhere etc.

Any pointers as to how I could manually decrypt the file given the password? If possible either in unix shell (I'm on linux) or python.

adil192 commented 3 months ago

Any pointers as to how I could manually decrypt the file given the password? If possible either in unix shell (I'm on linux) or python.

An easier route would be to use something like syncthing to sync the unencrypted notes.

If you really want to make a decrypting tool though, you'll need to just use file_syncer.dart and related files as a reference. The gist of it is that the notes are encrypted with a key and iv. The key and iv are stored in a config file on Nextcloud but they're encrypted by the user's encryption password.

markwmuller commented 1 week ago

Hi folks -- I'd like to chime in on this thread. In my mind, there are two ways of syncing files:

  1. With some "black box" cloud system, which the user configures through passwords and usernames. There is a third party that actually stores the data. In this case, having a way to encrypt the notes makes sense, because that prevents the third party from reading the files. The user never interacts with the raw files outside of the app, so it doesn't really matter what the storage system uses.
  2. Local sync, e.g. syncthing. Here, the notes are meant to be like any other files on my system, e.g. notes that I type into a text file and put on my desktop. I'm already used to dealing with files, storing them in a sensible place, and making backups. I want to make sure I can delete old notes as files (since they are, at the end, each a file). As such, here I do not want things encrypted, it makes it impossible for me to understand my own file structure from my file browser; it makes (e.g.) sync conflicts from syncthing totally opaque; it makes restoring a particular note from a backup impossible. There is no need for any additional security here; the user presumably already has full-disk encryption or similar.

As such, I'd love for this app to allow for local storage with absolutely no encryption; including the file name on disk matching the notebook title. I've put together an alternative suggestion in #1348

Iey4iej3 commented 1 week ago

With some "black box" cloud system, which the user configures through passwords and usernames. There is a third party that actually stores the data. In this case, having a way to encrypt the notes makes sense, because that prevents the third party from reading the files. The user never interacts with the raw files outside of the app, so it doesn't really matter what the storage system uses.

It also makes sense that the user could choose which files to encrypt.

Local sync, e.g. syncthing. Here, the notes are meant to be like any other files on my system, e.g. notes that I type into a text file and put on my desktop. I'm already used to dealing with files, storing them in a sensible place, and making backups. I want to make sure I can delete old notes as files (since they are, at the end, each a file). As such, here I do not want things encrypted, it makes it impossible for me to understand my own file structure from my file browser; it makes (e.g.) sync conflicts from syncthing totally opaque; it makes restoring a particular note from a backup impossible. There is no need for any additional security here; the user presumably already has full-disk encryption or similar.

It is presumably supported now, but there seem to be issues: #1223