RedNotebook - A Desktop Journal

Encryption

Reported by Zivago Lee on 2009-01-21
76
This bug affects 12 people
Affects Status Importance Assigned to Milestone
RedNotebook
Wishlist
Jendrik Seipp

Bug Description

Is there a way to have an option to enable encryption for the diary?

Jendrik Seipp (jendrikseipp) wrote :

At the moment there is no direct way to encrypt your diary. You could use Truecrypt to encrypt your data folder, but I haven't tried that, yet. If you succeed, please tell me how you did it.

Changed in rednotebook:
assignee: nobody → jendrikseipp
importance: Undecided → Wishlist
status: New → Confirmed
Zivago Lee (z-ziff) wrote :

How about adding in GPG encryption possibly using seahorse as a mechanism?

Jendrik Seipp (jendrikseipp) wrote :

I will look into the possibilities to add encryption, but it will take some time, since I want to add other features first.

Hello,

It would be really nice to protect his diary with encryption and a password to open as lifeograph or almanah...

Rednotebook is better than these two programs but it is the only one not offered the opportunity to protect his diary.

it's a shame.

Thanks.

Jendrik Seipp (jendrikseipp) wrote :

I'd like to quote a RedNotebook user who sums up the current state quite nicely (taken from https://answers.launchpad.net/rednotebook/+question/182174):

"
Note I'm just a fellow user, not involved in development.

--------------------
Re encryption:

I think this feature is often requested, IMO because for many people the use-case for RN is associated with the old dead-tree format "diaries", and therefore imply keeping confidential information.

However this is a very challenging area of coding to get right, and IMO better to have none at all (at least **within** the program) than to have something like Zip files, or Word or Acrobat that **appears** to give security but turns out to be easily broken, giving the users a false sense of security.

My recommendation is to get to know the existing tools out there to provide filesystem-level encryption and then keep your RN data in a container managed by the tool that suits your needs.

The ones that are easiest to use and come with support aren't free, but IMO if it's not open-source it isn't really secure - but that might not matter to you.

For me, TrueCrypt strikes a good balance, and is very popular - once you get it set up it should basically be transparent to you in daily use.

A bit of a kludge, but much easier and apparently "secure enough" for most people, is 7-zip's native format encryption, just requires un/re-zipping the folder before/after each working session.

I would suggest someone researching and doing this taking good notes, and then coming back here to post a step-by-step "HowTo Encrypt Your RedNotebook" in this thread, and the developer could then put that in the documentation.

Such contributions are an alternative way to "give back" to the open-source community that don't require programming skills.
"

HansBKK (hansbkk) wrote :

Note that the apps available are usually platform-specific, mine were assuming windoze.

You Linux guys know what you're doing already anyway 8-)

Andre D (andre-ca) wrote :

Working on a branch with AES encryption using pyCrypto. The back-end crypto stuff is all done now and I just need to add the gui front-end elements (enter password/etc). It works by encrypting/decrypting the individual journal files with a password when accessed (and giving them the extension .aes) When a user is loading a journal folder with encrypted files in it (or when encryption is enabled to begin with), it will ask the user for a password to use. The password is then hashed and salted using either multiple (2000 right now *shrugs*) iterations of sha512 or a secure KDF implementation depending on which is available to the user. Users who have an older version of pyCrypto (no windows binaries for 2.5 yet) will be forced to use the less secure sha512 implementation using hashlib rather than the shiny PBKDF2 in pyCrypto 2.5. Anywho, this generates a key and then it is used in with AES (512bit recommended just in case) in CBC mode for the encryption/decryption. What all this adds up to is the ability to have individual encrypted-passworded journal files with no mess. This implementation is not (easily) crack-able via brute-force and most definitely secure.

Very interesting! I had a quick look at the code and it looks very
promising. Please keep us updated on the progress.

Very interesting. Looking forward to this feature (and a Mac installer)!

summary: - encryption with rednotebook
+ Encryption
Benjamin J Norton (leomcsnarf) wrote :

Still waiting for encryption or at the very least password protection. Maybe?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers