New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature request] Password or pin protection #289

Open
SamuelBlickle opened this Issue Mar 12, 2018 · 27 comments

Comments

Projects
None yet
@SamuelBlickle
Copy link
Contributor

SamuelBlickle commented Mar 12, 2018

I think it would be nice to have a password or pin protection for notebooks. This would add some privacy for the notes and todos if the content of the notebooks would only be visible when the user enters a password. The notebook should be 'locked' again when an other notebook gets opened or the app is closed.

@laurent22

This comment has been minimized.

Copy link
Owner

laurent22 commented Mar 12, 2018

I'm afraid that would be out of scope. Securing apps and device data is something for the operating system to handle. You can also get extra security using an encrypted hard drive, but doing this at the app level I think would not make sense.

@laurent22 laurent22 closed this Mar 12, 2018

@SamuelBlickle

This comment has been minimized.

Copy link
Contributor

SamuelBlickle commented Mar 12, 2018

i did not think about securing data at os level. imo this is handled really well with the e2e encryption feature. all i thought about is some sort of protection against curious roommates etc. a simple password input would do the trick.

@laurent22 laurent22 referenced this issue Mar 16, 2018

Closed

[Feature] - password to decrypt on open #302

8 of 8 tasks complete
@laurent22

This comment has been minimized.

Copy link
Owner

laurent22 commented Mar 16, 2018

To provide more details, the end to end encryption that Joplin implements is to protect the data during transmission and on the cloud service so that only you can access it.

On the local device it is assumed that the data is safe due to the OS built-in security features. If additional security is needed it's always possible to put the notes on an encrypted Truecrypt drive for instance.

If someone that you don't trust has access to the computer, they can put a keylogger anyway so any local encryption would not be useful.

@mikeziri

This comment has been minimized.

Copy link

mikeziri commented Mar 16, 2018

I felt the need for this on my job pc. It is password protected but my boss have access to it.
I trust them but by principle I like to have a master password on my stuff (like password managers).

I understand your point on the security aspect of Joplin is out of scope.

It doesn't seem priority but tell me if I'm wrong, it seems rather easy to check if encryption is set on an instance on startup and prompt for the master password to continue (unlock) instead of loading it from sqlite db.

@SamuelBlickle

This comment has been minimized.

Copy link
Contributor

SamuelBlickle commented Mar 16, 2018

yes @mikeziri thats exactly my opinion. it should not be very complicated to get passwords from an input field and it would add exactly this level of 'security' i am talking about. often a password prompt is all it needs to stop people from looking through your private data you do not want them to see.

@laurent22

This comment has been minimized.

Copy link
Owner

laurent22 commented Mar 16, 2018

The SQLite database is not encrypted, even when E2EE is enabled. It might contain encrypted items it got via synchronisation but those will eventually be decrypted too.

Asking for a password wouldn't be useful if the data behind is not encrypted - anyone can easily open the SQLite file and view all the content without launching the app.

Other than a built-in solution, you could probably do this using a small script. You could for instance put the profile directory in a password-protected ZIP file. Then with a bash or batch script, you would unzip the file (at which point you will be asked a password) and then run the app. When the app close, you'll re-encrypt the file again from the same script.

Otherwise putting the profile on a USB key that you can take with you could be a solution too. I think some USB keys have built-in encryption.

@mikeziri

This comment has been minimized.

Copy link

mikeziri commented Mar 16, 2018

Just to understand better:
the notes directory has the encrypted content.
the sqlite has the same data not encrypted?

just to see how I approach a solution for my situation. ty

@SamuelBlickle

This comment has been minimized.

Copy link
Contributor

SamuelBlickle commented Mar 16, 2018

the method with the zip script could work, yes, even if it's a bit of a workaround.
but i think @mikeziri and me are not thinking about 'encryption' per definition, it's more an added layer of protection because:
yes technically you are right @laurent22 anyone could open the sqlite database but i think 90% of all potential curious office workers or roommates would not be able to do so (or would be too lazy for it).

@laurent22

This comment has been minimized.

Copy link
Owner

laurent22 commented Mar 16, 2018

@mikeziri, yes, the note directory on the cloud service (eg. OneDrive, Nextcloud, etc.) has encrypted data.

The local, SQLite data is not encrypted.

@stjok

This comment has been minimized.

Copy link

stjok commented Apr 8, 2018

could not agree more. there should be a password to open the app

@stjok

This comment has been minimized.

Copy link

stjok commented Apr 8, 2018

while I'm at it, it would be great if images could be copied to a note. that and the password get done, I'm contributing and sticking with Joplin. Thank you for considering my requests

@nsarnav

This comment has been minimized.

Copy link

nsarnav commented May 27, 2018

This should really be reopened, because of the lack of a pin/password, basically a boss key, Joplin is unusable safely in a work/public setting on a desktop computer. Yes, on your own Android device you can get a third-party app to lock it, but on a work/public computer most people don't have privileges to install such apps and anybody that sits down (or remote desktops) in front of such a computer can immediately go through their notes. A simple pin would alleviate 99% of this problem leaving your notes readable only to a determined IT guy - and that certainly wouldn't be the scope of this request.

@laurent22 laurent22 reopened this May 27, 2018

@laurent22

This comment has been minimized.

Copy link
Owner

laurent22 commented May 27, 2018

I'm reopening the issue in case someone would like to propose a pull request.

@nr458h

This comment has been minimized.

Copy link

nr458h commented May 27, 2018

I'm not a programmer but I would like to add two other points:

  1. I don't know how it is handled at the moment, but the pin/pwd could be used to save the key encrypted (or the hash)
  2. This would also add the ability to unencrypt the notes only when running the app
@t2hv33

This comment has been minimized.

Copy link

t2hv33 commented Jun 4, 2018

Waiting for this feature
I really love feature setting a password for some phrase in the note of Evernote.

@teresaejunior

This comment has been minimized.

Copy link

teresaejunior commented Jun 7, 2018

I'll have to be honest that a password to open the app without encrypting the database itself seems more like a quick hack than a security precaution. It could do the job for some use-cases, but Joplin becomes useless for any sensitive information (I already have KeePassXC for passwords, but it is not practical at all for writing and syncing notes).

@zblesk

This comment has been minimized.

Copy link
Contributor

zblesk commented Jun 7, 2018

Yes, well, that might be a part of the reason why Laurent is hesitant to just hack something together. Right now I don't have enough time to look for links, but multiple people (including me :D ) have asked about this before, both here and on the forum. Maybe take a look if you're interested.

Though I do disagree with the sentiment that Joplin "becomes useless". There is working E2E encryption, and if you're afraid of your device falling into the wrong hands, you can encrypt the entire device. (Whether it's a phone or a pc.) Or you can just keep Joplin data in an encrypted partition.

@teresaejunior

This comment has been minimized.

Copy link

teresaejunior commented Jun 7, 2018

Not totally useless for sure, but I meant useless for anything sensitive. I don't care so much in my Linux laptop, which I have already setup very securely, but having unencrypted notes in an Android phone feels like sharing all my notes with the world!

I'm not complaining, though, but this is something that would be very valuable.

@zblesk

This comment has been minimized.

Copy link
Contributor

zblesk commented Jun 7, 2018

@teresaejunior

This comment has been minimized.

Copy link

teresaejunior commented Jun 7, 2018

Applications in Android are sandboxed, but it is not that difficult to find applications that manage to break the sandbox, or even root the phone. I take all precautions I can, of course, but security is never too much.

@nsarnav

This comment has been minimized.

Copy link

nsarnav commented Jun 8, 2018

I agree that anything less than an encrypted mysql db is less than ideal, but a pin/boss key is not a hack, it is just a small step towards better security on public computers. Having said that, the end goal should still be database encryption.

@nidusin

This comment has been minimized.

Copy link

nidusin commented Jun 18, 2018

Hi All,
I agree that some form of authentication makes sense for a note system that advertises encryption. Particularly in a workplace or shared environment as discussed earlier.
My workaround on windows at the moment is to run the portable version of Joplin including its data files in a Cryptomator vault. This encrypts both the executable and the database until a password is provided. Once unlocked the system can run, sync and update as normal. The vault gets locked when I am not present. This would also be suitable for a secured USB stick.
edit: Should work on linux as well.

@aplocher

This comment has been minimized.

Copy link

aplocher commented Nov 20, 2018

I think having the notebooks themselves password protected would be the best (perhaps optionally down to the note level, but that's more granularity than I need, personally).

I have a hard time convincing people that my notebook called "not pr0n" doesn't have pr0n in it when all it takes is a click of a mouse.

@aplocher

This comment has been minimized.

Copy link

aplocher commented Nov 20, 2018

J/k btw, but I do have some sensitive information in my notes which will prevent me from switchign to Joplin until that feature arrives. I really dig this tool, though - would love to see that feature and make the switch.

@koshia

This comment has been minimized.

Copy link

koshia commented Nov 30, 2018

I'm also waiting for some similar capabilities. As a manager now, I share 90% of my notes with my staff - but I don't really have a private area to put down notes that may be sensitive in nature. I attempted to run Joplin in multiple sessions and that worked one-quarter of the time, with synchronization kind of hap-hazardly working.

@sollermun

This comment has been minimized.

Copy link

sollermun commented Dec 14, 2018

I agree with the above comments. There needs to be a way to keep data encrypted and locked on the devices themselves so that other users or applications cannot access the contents. A good example is the Signal app which encrypts both the transmissions and the client side data (if chosen).

@manad777

This comment has been minimized.

Copy link

manad777 commented Dec 27, 2018

@laurent22 , could you use SQLCipher (transparent encryption for SQLite) for Node? Ex: https://coolaj86.com/articles/building-sqlcipher-for-node-js-on-raspberry-pi-2/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment