Desktop, Cli: Add support for encrypted database #11914
Conversation
| @@ -166,6 +166,7 @@ | |||
| "@joplin/lib": "~3.3", | |||
| "@joplin/renderer": "~3.3", | |||
| "@joplin/utils": "~3.3", | |||
| "@journeyapps/sqlcipher": "5.3.1", | |||
There was a problem hiding this comment.
Thank you for working on this! I've briefly looked into @journeyapps/sqlcipher.
Maintenance note: It looks like @journeyapps/sqlcipher hasn't had commits since 2021. However, it may still be maintained.
Platform support: @journeyapps/sqlcipher might have issues on ARM 64/Linux (also journeyapps/node-sqlcipher#114). The README reports that "building from source is not supported" when installing from NPM in more recent versions of the library.
There was a problem hiding this comment.
Good point, maybe we don't want to use this specific package if it's unmaintained. I see that node-sqlite3 supports it too, although we'd have to build it ourselves. But that would probably be a better way anyway over the long term: https://github.com/TryGhost/node-sqlite3?tab=readme-ov-file#building-for-sqlcipher
I'm thinking the encryption would be optional so that the app doesn't break on platforms that are not supported.
There was a problem hiding this comment.
Yes I think optional would be best. If the sqlite db is encrypted, would that mean that every time you read/write note contents that is has to decrypt/encrypt every time? I'd be concerned about performance for large notes
There was a problem hiding this comment.
That's performed natively so I don't think it should be a problem, but in any case yes it should be optional. After a while, if we notice there's no performance issue, we could enable it by default (if supported by the platform).
I made some quick tests with Sqlcipher and it seems to work fine, so I'm parking this here for now until we decide how the UI is going to be.