Encryption

Bug #319423 reported by Zivago Lee on 2009-01-21
102
This bug affects 14 people
Affects Status Importance Assigned to Milestone
RedNotebook
Wishlist
Jendrik Seipp

Bug Description

Is there a way to have an option to enable encryption for the diary?

Jendrik Seipp (jendrikseipp) wrote :

At the moment there is no direct way to encrypt your diary. You could use Truecrypt to encrypt your data folder, but I haven't tried that, yet. If you succeed, please tell me how you did it.

Changed in rednotebook:
assignee: nobody → jendrikseipp
importance: Undecided → Wishlist
status: New → Confirmed
Zivago Lee (z-ziff) wrote :

How about adding in GPG encryption possibly using seahorse as a mechanism?

Jendrik Seipp (jendrikseipp) wrote :

I will look into the possibilities to add encryption, but it will take some time, since I want to add other features first.

Hello,

It would be really nice to protect his diary with encryption and a password to open as lifeograph or almanah...

Rednotebook is better than these two programs but it is the only one not offered the opportunity to protect his diary.

it's a shame.

Thanks.

Jendrik Seipp (jendrikseipp) wrote :

I'd like to quote a RedNotebook user who sums up the current state quite nicely (taken from https://answers.launchpad.net/rednotebook/+question/182174):

"
Note I'm just a fellow user, not involved in development.

--------------------
Re encryption:

I think this feature is often requested, IMO because for many people the use-case for RN is associated with the old dead-tree format "diaries", and therefore imply keeping confidential information.

However this is a very challenging area of coding to get right, and IMO better to have none at all (at least **within** the program) than to have something like Zip files, or Word or Acrobat that **appears** to give security but turns out to be easily broken, giving the users a false sense of security.

My recommendation is to get to know the existing tools out there to provide filesystem-level encryption and then keep your RN data in a container managed by the tool that suits your needs.

The ones that are easiest to use and come with support aren't free, but IMO if it's not open-source it isn't really secure - but that might not matter to you.

For me, TrueCrypt strikes a good balance, and is very popular - once you get it set up it should basically be transparent to you in daily use.

A bit of a kludge, but much easier and apparently "secure enough" for most people, is 7-zip's native format encryption, just requires un/re-zipping the folder before/after each working session.

I would suggest someone researching and doing this taking good notes, and then coming back here to post a step-by-step "HowTo Encrypt Your RedNotebook" in this thread, and the developer could then put that in the documentation.

Such contributions are an alternative way to "give back" to the open-source community that don't require programming skills.
"

HansBKK (hansbkk) wrote :

Note that the apps available are usually platform-specific, mine were assuming windoze.

You Linux guys know what you're doing already anyway 8-)

Andre D (andre-ca) wrote :

Working on a branch with AES encryption using pyCrypto. The back-end crypto stuff is all done now and I just need to add the gui front-end elements (enter password/etc). It works by encrypting/decrypting the individual journal files with a password when accessed (and giving them the extension .aes) When a user is loading a journal folder with encrypted files in it (or when encryption is enabled to begin with), it will ask the user for a password to use. The password is then hashed and salted using either multiple (2000 right now *shrugs*) iterations of sha512 or a secure KDF implementation depending on which is available to the user. Users who have an older version of pyCrypto (no windows binaries for 2.5 yet) will be forced to use the less secure sha512 implementation using hashlib rather than the shiny PBKDF2 in pyCrypto 2.5. Anywho, this generates a key and then it is used in with AES (512bit recommended just in case) in CBC mode for the encryption/decryption. What all this adds up to is the ability to have individual encrypted-passworded journal files with no mess. This implementation is not (easily) crack-able via brute-force and most definitely secure.

Very interesting! I had a quick look at the code and it looks very
promising. Please keep us updated on the progress.

Very interesting. Looking forward to this feature (and a Mac installer)!

summary: - encryption with rednotebook
+ Encryption
Benjamin J Norton (leomcsnarf) wrote :

Still waiting for encryption or at the very least password protection. Maybe?

Yusuf Akbulut (hodanli) wrote :

i think this should be in your top priorities. a journal without protection? i use allmyjournals for windows and migrate to the rednotebook the day password protection lands. thanks.

This is good, but not that good. I'd rather an internal password. After
all, this is not so hard to break, but of course better than no password at
all.
On May 11, 2014 1:30 PM, "Tony" <email address hidden> wrote:

> simple password protection without encryption would be enough, I mean I
> don't want my relatives to click the shortcut "diary" and open my
> private files
>
> I've come up with such a script, it creates password protected zip and
> deletes data folder every time you close RedNotebook
>
> 1. Create file "openred.sh" on your desktop
> 2. Open it and paste:
>
> #!/bin/sh
>
> cd ~/.rednotebook
> unzip data.zip
>
> rednotebook
>
> #change 'secretpassword' to password you would like to have
> zip --password secretpassword -r data.zip data
> #delete data folder
> rm -rf data
>
> 4. Change secretpassword in line starting with "zip --pas..." to your
> password
> 5. Save and close "openred.sh"
> 6. Right click on "openred.sh" -> Properties -> Permissions and check
> "allow execution" at the bottom
> 7. To run RedNotebook open terminal (Ctrl + Alt + T) and write
> "./Desktop/openred.sh" in the terminal
>
> --
> You received this bug notification because you are subscribed to a
> duplicate bug report (1279543).
> https://bugs.launchpad.net/bugs/319423
>
> Title:
> Encryption
>
> Status in RedNotebook - A Desktop Journal:
> Confirmed
>
> Bug description:
> Is there a way to have an option to enable encryption for the diary?
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/rednotebook/+bug/319423/+subscriptions
>

Adam (papapa909090) wrote :

simple password protection without encryption would be enough, I mean I don't want my relatives to click the shortcut "diary" and open my private files

I've come up with such a script, it creates password protected zip and deletes data folder every time you close RedNotebook

#!/bin/sh

cd ~/.rednotebook
unzip data.zip

rednotebook

#change 'secretpassword' to password you would like to have
zip --password secretpassword -r data.zip data
#delete data folder
rm -rf data

Arya (arya766) wrote :

As I said, that kind of password is not hard to break.
On May 11, 2014 1:50 PM, "Tony" <email address hidden> wrote:

> simple password protection without encryption would be enough, I mean I
> don't want my relatives to click the shortcut "diary" and open my
> private files
>
> I've come up with such a script, it creates password protected zip and
> deletes data folder every time you close RedNotebook
>
> #!/bin/sh
>
> cd ~/.rednotebook
> unzip data.zip
>
> rednotebook
>
> #change 'secretpassword' to password you would like to have
> zip --password secretpassword -r data.zip data
> #delete data folder
> rm -rf data
>
> --
> You received this bug notification because you are subscribed to a
> duplicate bug report (1279543).
> https://bugs.launchpad.net/bugs/319423
>
> Title:
> Encryption
>
> Status in RedNotebook - A Desktop Journal:
> Confirmed
>
> Bug description:
> Is there a way to have an option to enable encryption for the diary?
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/rednotebook/+bug/319423/+subscriptions
>

dx486 (dx486107) wrote :

Using Truecrypt for encryption is a possibility, yes, but being able to encrypt the diary within the program is better, because

a) Program may close diary file automatically after being idle for some time and protect the diary's secrecy. You may lose data if you try to accomplish this via Truecrypt (forcing unmount encrypted drive is not good)
b) this way you would not need extra tools
c) using Truecrypt may be complicated for many users
e) Truecrypt's reliability is in question these days (please check its website, strange things going on there)

Lifeograph has this ability, which is another open source project only for Linux users. Maybe its code would be useful for you if you take a look at it. It is already done there.

Developers know the best but I humbly agree others that this feature should be at top priority for a diary.

Thank you.

Benjamin J Norton (leomcsnarf) wrote :

This post is what I learned from a search on "how to encrypt files in dropbox" it's a little bit of a mashup... one part says "hit p when it asked for configuration" when it actually comes a little bit later... but it always works. Sorry I can't tidy it up... but there it is... I have my Documents folder linked to Private... where it's all encrypted in dropbox. My rednotebook config folder is also inside Private, so it's backed up, in dropbox, but it's backed up encrypted. Not exactly what the bug post is about... but this is what I got going.

2. Encfs

Encfs is a better solution than SecretSync because it stores the encryption keys on your local machine and it can work in Linux (natively), Windows (via BoxCryptor) and Mac (via MacFuse), which is great if you use Dropbox on more than one operating system.

In Ubuntu, open a terminal and type:

sudo apt-get install encfs
sudo addgroup <your username> fuse

To create an encrypted folder, type the command:
encfs ~/Dropbox/.encrypted ~/Private

The above command instructs encfs to create an encrypted hidden folder (with name .encrypted) in Dropbox and mount it in the Private Folder in your Home directory.

When it prompts you for the configuration option, press “p” follow by Enter.

Next, it will ask you to enter your password. Be very careful with what you type since it won’t appear in the screen.

That’s it. Whatever files you place in the Private folder will be encrypted and synced with Dropbox.

To get the encrypted folder to automount everytime you log in, you can use gnome-encfs.

1. Download gnome-encfs to your Home folder. Then cd into directory in a command terminal

2. Type the following command:

sudo install gnome-encfs /usr/local/bin
gnome-encfs -a ~/Dropbox/.encrypted ~/Private

Option 1. Delete Documents directory from home.

Option 2. Then, while in home directory, in terminal create symlinks...
  ex. ln -s ~/Private/Documents

Option 3. move .rednotebook to ~/Private/Documents, from inside your home ln -s ~Private/Documents.rednotebook

Jendrik Seipp (jendrikseipp) wrote :

I agree that encryption is an important feature and for quite some time I have thought that it should be added to RedNotebook. However, it takes time and experience to implement it correctly. Both of which I am currently lacking. If not done properly, users may assume their data is safe while in reality it isn't or users may lose their data just because the implementation is not thoroughly tested.

Secondly, I strongly believe in the unix philosophy that one tool should do one thing. Journalling is one feature, encryption is another. I think, we shouldn't pack encryption into RedNotebook if we can use other tools for this. This said, I know that using these other tools (e.g. encfs) is not straightforward for most users and maybe we can make using them easier, maybe even from inside RedNotebook.

For the time being I would suggest we collect and polish setup guides here that describe how to setup encryption on different platforms (e.g. boxcryptor on Windows, encfs on Linux). Maybe someone can confirm that the encfs setup guide from comment #19 works? Once we have the setup guides, we should include them in the RedNotebook help document.

Benjamin J Norton (leomcsnarf) wrote :

As per my previous, comment #19... Here is a post where I got my information.... after this, you basically just moving the hidden .rednotebook foler into the encrypted folder and sym linking to it...

http://www.addictivetips.com/ubuntu-linux-tips/encrypt-dropbox-files-with-encfs-in-ubuntu/

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers