From a6e4f47adf78a27e55f82463a00ea62c1e52f05f Mon Sep 17 00:00:00 2001 From: Laurent Cozic Date: Mon, 16 Apr 2018 16:16:31 +0200 Subject: [PATCH] All: Resolves #389: Documented method being used to encrypt master keys --- docs/index.html | 14 +++++++------- docs/spec/index.html | 2 +- readme/spec.md | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/index.html b/docs/index.html index 7e54a48db..221660eaa 100644 --- a/docs/index.html +++ b/docs/index.html @@ -464,14 +464,14 @@ $$ Croatian hr_HR -Hrvoje Mandić trbuhom@net.hr +Hrvoje Mandić trbuhom@net.hr 62% Czech cs_CZ -Lukas Helebrandt lukas@aiya.cz +Lukas Helebrandt lukas@aiya.cz 97% @@ -485,7 +485,7 @@ $$ Deutsch de_DE -Tobias Grasse mail@tobias-grasse.net +Tobias Grasse mail@tobias-grasse.net 96% @@ -499,7 +499,7 @@ $$ Español es_ES -Fernando Martín f@mrtn.es +Fernando Martín f@mrtn.es 100% @@ -513,7 +513,7 @@ $$ Galician gl_ES -Marcos Lans marcoslansgarza@gmail.com +Marcos Lans marcoslansgarza@gmail.com 97% @@ -534,14 +534,14 @@ $$ Português (Brasil) pt_BR -Renato Nunes Bastos rnbastos@gmail.com +Renato Nunes Bastos rnbastos@gmail.com 95% Русский ru_RU -Artyom Karlov artyom.karlov@gmail.com +Artyom Karlov artyom.karlov@gmail.com 96% diff --git a/docs/spec/index.html b/docs/spec/index.html index 58d9bab58..d0d31b4c7 100644 --- a/docs/spec/index.html +++ b/docs/spec/index.html @@ -316,7 +316,7 @@

Master Keys

-

The master keys are used to encrypt and decrypt data. They can be generated from the Encryption Service, and are saved to the database. They are themselves encrypted via a user password.

+

The master keys are used to encrypt and decrypt data. They can be generated from the Encryption Service and are saved to the database. They are themselves encrypted via a user password using a strong encyption method.

These encrypted master keys are transmitted with the sync data so that they can be available to each client. Each client will need to supply the user password to decrypt each key.

The application supports multiple master keys in order to handle cases where one offline client starts encrypting notes, then another offline client starts encrypting notes too, and later both sync. Both master keys will have to be decrypted separately with the user password.

Only one master key can be active for encryption purposes. For decryption, the algorithm will check the Master Key ID in the header, then check if it's available to the current app and, if so, use this for decryption.

diff --git a/readme/spec.md b/readme/spec.md index ad3f106ea..3f7555fad 100644 --- a/readme/spec.md +++ b/readme/spec.md @@ -32,7 +32,7 @@ Data | ("Length" bytes) (ASCII) ## Master Keys -The master keys are used to encrypt and decrypt data. They can be generated from the Encryption Service, and are saved to the database. They are themselves encrypted via a user password. +The master keys are used to encrypt and decrypt data. They can be generated from the Encryption Service and are saved to the database. They are themselves encrypted via a user password using a [strong encyption method](https://github.com/laurent22/joplin/blob/fb6dee32ac035b00153106273135fb16be4b4fa5/ReactNativeClient/lib/services/EncryptionService.js#L263). These encrypted master keys are transmitted with the sync data so that they can be available to each client. Each client will need to supply the user password to decrypt each key.