Security Methods
Password Protection for Notes
When setting a password for notes, the note data on the device will be encrypted with the user's pre-set password. The encryption is based on the AES algorithm provided by the Web Crypto API.
The encryption flow is as follows:
- The user sets a password for notes in Settings > General > Set Note Password.
- The user clicks on the Note Menu > Lock Notes.
- Whenever accessed, the user needs to enter the correct password used to encrypt the notes.
If the password is compromised or the user wants to change the note password, the password change flow is as follows:
- The user changes the note password in Settings > General > Change Note Password.
- The user enters the old password and the new password, confirms the change.
- The application unlocks all notes previously locked with the old password and relocks them with the new password.
Note: During the password change process, the application should not be closed to avoid any unintended errors.
Synchronization Functionality
OpenNotas encrypts note data before storing it on the sync server.
It uses the AES two-way encryption algorithm based on the Web Crypto API, which is implemented in most modern web browsers.Note: Data is only encrypted when stored on the sync server, while the data on the device is stored as plain text.To encrypt the data, the user needs to provide a valid encryption key beforehand or rely on the application to generate a key for the initial setup.The encryption flow is as follows:- The user sets up synchronization.- The user provides an encryption key or asks the application to generate one.- The synchronization process begins.