Joplin: Improving management of E2EE master keys

Created on 8 Nov 2018  路  11Comments  路  Source: laurent22/joplin

Add a "status" field that can be:

  • "Compromised" - in which case it will no longer be used for encryption (but it is kept to allow decrypting any existing items)
  • "Preferred" - in which case it will be used for encryption, instead of using the existing default one.

Also allow manually creating master key without having to disable/enable encryption.

enhancement high
Source
picture laurent22
👍7 👀2

Most helpful comment

I would love to see the ability to "cleanup" master keys as well. I have a few leftover from having to enable and disable encryption, and it would be nice to clear up the unused ones.

picture WingofaGriffin on 26 Nov 2018
👍9

All 11 comments

I would love to see the ability to "cleanup" master keys as well. I have a few leftover from having to enable and disable encryption, and it would be nice to clear up the unused ones.

WingofaGriffin picture WingofaGriffin on 26 Nov 2018
👍9

I would also very much prefer a cleanup option in order to remove older keys.

ardevd picture ardevd on 11 Apr 2019

Any progress on being able to remove old keys, or at least disable the orange prompt for a password for them?

rclilly picture rclilly on 31 May 2019
👍2

Deletion of old keys would be great.

Zer0CoolX picture Zer0CoolX on 7 Aug 2019
👍2

Export master keys.

Since everything is encrypted with master key, and master key is not fully derived from password, it would be impossible to access encrypted data if the master key is corrupted or deleted. For data safety, there should be a method to backup master key. (maybe export master key in encrypted format)

https://github.com/laurent22/joplin/issues/389#issuecomment-380572593 has mentioned exporting master, but it seems this feature is not implemented yet?

QuantumGhost picture QuantumGhost on 13 Sep 2019
👍2

+1. An "Edit" button needed.

KYLN24 picture KYLN24 on 17 Feb 2020

I would like to work on it.
@laurent22 it would be great if you can provide a detailed specs for the implementation so I can work accordingly.

kowalskidev picture kowalskidev on 19 Apr 2020

@kowalskidev @laurent22 I would very much like to contribute to implementing this as well, and have access to XCode on a Mac (as well as Linux boxes) if that would be helpful in any way.

rayrrr picture rayrrr on 6 May 2020
🎉1

I would like to work on it.
@laurent22 it would be great if you can provide a detailed specs for the implementation so I can work accordingly.

We can start by building the code and write some tests.

scrumit picture scrumit on 21 May 2020

@scrumit clear game plan. What I (and most likely @kowalskidev) could use to jumpstart the plan are some links to lines of code where the handling for E2EE keys currently occurs. Any pointers?

rayrrr picture rayrrr on 21 May 2020
👍1

Initially, I'm ignoring the test folders.

From a cursory look, Master key handling is dealt with in only two files:

  • MasterKey.js
  • EncryptionService.js

I did a search for MasterKey and found it is handled in only three places in EncryptionService.js; where it is saved (line 60), loaded (97) or checked for validity(226).

When I say found in only three places it means that I need to look more carefully because the MasterKey is assigned to something else, like masterKey or newMasterKey and so becomes hidden from a simple search.

These probably need further investigation

masterKeysThatNeedUpgrading

in EncryptionService.js:

and

shared.upgradeMasterKey

in encryption-config-shared.js

scrumit picture scrumit on 25 May 2020
👀1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

LifeIsAParadox picture LifeIsAParadox  路  3Comments
jacobgonzales20 picture jacobgonzales20  路  3Comments
laurent22 picture laurent22  路  3Comments
smhearty picture smhearty  路  3Comments
okoetter picture okoetter  路  3Comments