End to end encryption


(Davi Ray) #1

Bug report

It is my understanding that E2E is only supported in v4+ of Inkdrop. Is this not an accurate? If this is the case, then how come I can still use v3 as well as v4? Meaning, I can create a note in a v4 app and then open that same note on a v3 app. This wouldn’t be possible with end to end encryption.
Please explain how end to end encryption has been implemented and please clarify if you have had security audits done by professional app pen testers to ensure proper implementation.

Info

  • Platform: Windows & Android
  • Platform version: Windows 10, Android Pi
  • App Version: 3.25.4, 4+

Reproduce

Create note in v4
Login to v3
Open Note


(Takuya Matsuyama) #2

Hi Davi,

Thank you for the question.
As I described in the doc here, that’s because the app basically uses a common key to encrypt/decrypt, which is generated when you signed up.
Your common key which is encrypted with your password, is stored in the server.
The server generates a client key pair based on the common key when you logged in from a client.
v3 uses it on the server.
v4 uses it on the client without storing it on the server.
v3 will be deprecated and all client keys for v3 stored in the server will be revoked soon.

I don’t have a plan to take a security audits by a professional organization since it’s small.
If you strongly need it, please consider using other security-focused apps.