Skip to content

0.100.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 14 Jun 04:46
· 14 commits to main since this release
0.100.0
8e772a2

0.100.0 — Shared-key collaboration for encryption (BETA)

⚠️ Beta, and not yet tested across real devices. Vault encryption — and
especially this new shared-key collaboration — is beta software handling data
that has no recovery if the key is lost. The multi-device sync of the key
file has only been verified in simulation, not on two real synced devices yet.
Keep your own unencrypted backups of anything important, and treat this as
"protects against a casual snoop," not "trust it with secrets," until it's had
wider testing and a security review. No .stashenc format changes — existing
encrypted notes keep working and single-device vaults upgrade automatically.

Share an encrypted vault with collaborators

Two people on one synced vault can now share encrypted content. The vault has a
single key, distributed through a synced key file (.stashpad/keys.json, with
rolling backups in _keys/). Pick whichever sharing style you prefer — or use
both:

  • Shared password — set one passphrase that everyone types to unlock. Share
    it through a password manager or secure message. Simplest; the trade-off is a
    shared secret and no per-person removal.
  • Device approval — a new device taps Request access, an existing member
    taps Approve, and the key is shared to that device by public key. No shared
    secret ever changes hands; each person keeps their own password.

Manage both under Settings → Stashpad → Encryption → Sharing: set/change/turn
off the shared password, and approve, deny, or remove devices.

Notes:

  • Removing a member or turning off the shared password stops future access; it
    does not claw back copies someone already synced (true revocation would require
    rotating the key — a future feature).
  • The key file is safe to sync: it only ever contains public keys and the key
    wrapped under a password/public key, never anything in the clear.

Also in this release

  • List refresh on external delete — deleting a note on the filesystem (sync,
    another device) now updates the list immediately.
  • Decrypt-all is faster — "Decrypt all locked notes" no longer rewrites
    settings once per note; it batches a single save at the end.
  • Encryption UX polish — a clearer "Forget password on this device" action
    (distinct from removing encryption), a BETA badge in the encryption screens,
    the type-to-confirm phrase is case-insensitive, and the remembered password is
    now namespaced per vault so it can't collide between vaults on one machine.
Assets 5
Loading