Encryption on local computer


(Ronald Ropp) #1

Greetings - checking out inkdrop - really pretty and nice support and ecosystem

I am a security professional by trade (CISSP, GSEC, GCIH, etc) and am looking over the apps behavior to potentially use.

I chose to not synchronize after I logged in and did the basics (So local computer only).

I am running Arch Linux and Inkdrop version 4.3.1

Two questions for “local only” type work. (EG. no sync with anything)

  1. It appears the data in the SQLite DB is stored in “the clear” I was able to open the DB and browse the data and read it.

  2. When I chose to backup the data and chose a local folder, it backed the data up in JSON format that was also “in the clear”.

So my question on the E2E encryption front, when does the data get encrypted. When you trigger an sync event? (presume yes) and in the event you are not syncing, none of the local data is encrypted? I am not overly concerned about the DB as Joplin behaves the same way (another editor in the same family)

Just want to make sure I know what normal behavior looks like. I have my local device full disk encrypted, but if I chose to use something like Syncthing to move data around rather than hosted services, etc. I need to understand the risk of the data at rest.

Also when choosing local only, that no other locations or text files are being written in the clear other than to the DB and or if I trigger a backup of the JSON files.

tks
Ron


(Takuya Matsuyama) #2

Hi Ronald,

Thank you for the question.
Please read the documentation about the E2EE first:

Data is basically encrypted when transporting them to the Inkdrop server.
It does not happen when storing data in local for performance reason. Encrypting local data is not planned to be supported.