Encryption

[erikrose]

Since Apple holds the keys for all but a few bits of iCloud storage, I'd love it if FSNotes would (optionally) encrypt notes. Obviously, there would be considerable design work involved to keep things like listing and searching working. Would you consider accepting a proposal and later a patch?

[gingerbeardman]

I'm not sure what the goal is?

iCloud already encrypts notes in transit and on the server. You can have local macOS encryption by using FileVault.

[erikrose]

The threat model is government requests to Apple or persistent query systems like PRISM. Or bad actors within Apple itself. Or compromises.

[glushchenko]

I was thinking about it, it is a good proposal.

[gingerbeardman]

maybe sparse DMG is a good container for encryption of a single folder?

Though that would break compatibility with other editors, I guess the user would be aware of this trade-off

[glushchenko]

I think about OpenPGP

[erikrose]

It'll probably come down to whatever's easiest. AES probably has good support built into Apple OSes, not to mention hardware acceleration. There may be some interesting uses for PGP's asymmetric encryption, but I can't think of any in a single-user context.

[peavine]

I installed FSNotes 3.0 (242) and either the new security option doesn't work for me or I don't understand how it's supposed to work.

I did the following:

1. I set a master password and I enabled the option to "save master password in keychain."

2. I changed the master password just to make sure it was working OK.

3. I put check marks in all of the auto-lock settings.

4. I see the closed lock icon at the top of the editor window.

Despite the above, when I start, restart, wake, or exit screensaver mode, I am able to see and edit all notes. I'm not sure how this is supposed to work.

[gingerbeardman]

@peavine what do notes look like opened in another app?

[peavine]

With all security options enabled, I opened a note in TextEdit and then Pages. The note looked as expected and was fully editable.

[glushchenko]

@peavine you should lock selected notes before. Encryption not working system wide, only for selected notes.

[peavine]

Thanks for explaining that. This is actually very convenient, because I can have one note that contains confidential information (like passwords) that I want to lock but still leave other notes in the folder unlocked.

As far as the lock/encrypt commands go (if I understand correctly):

• The lock command both adds encryption to and locks the selected note.

• The unlock command leaves the encryption in place but makes the selected note readable/editable until the note is intentionally locked or FSNotes restarted.

• The "remove encryption" command completely removes encryption.

• The "lock all" command, which is in the FSNotes menu, locks all encrypted notes--not just the selected note.

I opened an encrypted note in TextEdit and the note was not readable (as expected).

Anyways, this seems to work great and will be very useful for me.

[glushchenko]

You are absolutely right, lock and unlock not very clear explained. And “Lock All” too, thats lock all encrypted notes only.

[peavine]

After using the new security feature, I had a few comments/issues.

Firstly, I created several notes and locked them using File > Lock/unlock and I noticed that all notes can use the same password or each note can have its own distinctive password. That makes sense. However, the dialog that prompts the user to enter a password contains the following:

Master Password
Please enter password for current note

The entered password doesn't work with any other note, so the use of Master Password would not seem to be the case. Perhaps something like:

Note Password
Please enter password for current note

Secondly, in FSNotes preferences in the Security tab, there is an option to "Change Master Password". The issue is that I don't know what this master password does. It isn't required to change Auto-lock and Touch ID settings, and it can't be used to unlock or remove encryption from individual notes.

Finally, it is not possible to remove encryption from a note when it is unlocked. Perhaps this works this way for security, but it would seem more convenient not to have this limitation.

Thanks.

FSNotes 3.0 (242)

[glushchenko]

@peavine master password is used for biometric unlock (TouchID). May be we should add pin for use it on computers without TouchID?

[peavine]

@glushchenko. Thanks for explaining that. I don't have touch ID on my computer and I'm not sure how it works. So, I'll stick with lock/unlock to secure notes.

[peavine]

When first locking/encrypting a selected note, I apparently mistyped the password and could not unlock the note. This made me wonder if:

• The user should be required to enter the password twice; or

• There should be a master password that unlocks all notes. Perhaps that's what the PIN would do for those without Touch ID?

Thanks.

[peavine]

I installed FSNotes 3.0.0 (244) and I am now able to remove encryption both when the note is locked and when it is unlocked. Thanks.

BTW, there is a menu item "Encrypt/unlock" which I found confusing at first. After a bit, I discovered that this is a toggle that locks or unlocks the selected note and, additionally, encrypts the note if it is not already encrypted. So, I wondered if this menu item should perhaps be "Lock/unlock". I think most users would assume that locking an unencrypted note adds encryption. Anyways, it works well either way.

[peavine]

I installed build 248 and noticed that the menu item Encrypt/unlock has been changed to Lock/unlock. That seems much better. Thanks.

[glushchenko]

Release in FSNotes v3