Client-side encryption poll

I personally would prefer to have per-document client-side encryption, but any encryption on top of what DigitalOcean is providing is a significant improvement. So I single encryption key would probably still meet my needs.

This is still mostly a work requirement right now, but that doesn’t mean I don’t want my files to always be available. I work on several laptops, a work desk, and from my home system. It’s not going to be a feasible solution to keep everything synced if it’s not client-side encryption.

The simple password protection mechanism is just not an improvement.

1 Like

I’m also worried about the load that encryption might make on both the server and the individual who has to maintain it. I hope that this would be optional so that those who don’t need it won’t be encumbered by it. I’m comfortable with the Evernote model of password protecting particular sections of cards.

Encryption will be optional for sure, if that’s what you mean.

I like the idea. Do you call that the public and private keys?

Public and private keys have a technical meaning that isn’t in view here, so no.

The description is just each document has a key. You can share any key, to whom you choose, if you choose.

In addition to this, I would want the document owner to be able to specify who is allowed in.

2 Likes

What Alan said was 100% correct. If you want to keep a document private, keep the key private. If you want to share an encrypted document, also share the key so that they can read and edit it.

Public key isn’t in view here because it’s not needed in our scenario. We can get into the technical details if anyone’s interested.

The problem with a single key is it would kill facility to collaborate. It would be nice to have the ability to choose to either:

  • encrypt a folder, AND/OR
  • encrypt a document.

THEN you can choose to either encrypt a single thing OR a group of things. So if you need to share a key it doesn’t become burdensome as docs and people relations may expand.

I’m new here, I am already having associates ask me about Dynalist’s encryption.
Just my two-Sense (Twohawks ;^)

2 Likes

Yeah, collaboration is something people need to trade off for if they want to encrypt everything with the same key, unfortunately.

Maybe encrypting folders is a good solution that would satisfy both needs : Fast and easy encryption of many documents while still being able to collaborate.

2 Likes

Great to see this being considered. A lack of proper end-to-end encryption is the one thing keeping me from going premium on Dynalist or Workflowy - I need some reassurance that compromised servers won’t also compromise my data!

2 Likes

I see the problems of encrypting all content with a single key, so I voted for encrypting each document individually.

However, it would still be nice to encrypt everything with a single key during export (both manual and automatic). This would reduce the number of possible breaches from three or more (Dynalist server, Google or Dropbox server and every single computer or medium containing a manual backup copy) to just one (Dynalist server). And it wouldn’t induce the problems of end-to-end encryption.

(I know that there is a feature request regarding encrypted automatic daily backup, but I think that the above might be beneficial to your poll.)

I feel the “just one” breach point (i.e. Dynalist server) is what people are most concerned about, therefore we’re only asking about end-to-end encryption vs simple password protection here.

For me, a backup needs to be useable outside of Dynalist. How does that happen if it’s encrypted. Is there a way if I know the key to decrypt it apart from DynaList?

Thanks for your answer – so do I.

It’s hard to explain why I wrote this. Maybe like this: I’m a developer myself, and it has always helped me when someone pointed out (seemingly) related things. :slightly_smiling_face:

The export key could simply be stored in Dynalist’s settings. But I did not want to hi-jack this topic and think that further discussion of this topic should happen in *Encrypted* automatic daily backup. Thanks!

I asked the same question there with no answer. I also disagree that this is an independent question. The purpose of backup is an independent copy of my data. Encryption secures my data from reading. Backing up my data unencrypted foils the security. Backing up my daa encrypted also must be decryptable by me or the backup feature becomes pointless. I assume these matters impact the poll.

One solution is to provide a lightweight standalone HTML page that would take a .zip file, a key, and output the decrypted content.

Because this HTML page doesn’t need to have any of Dynalist’s functionalities, it can be quiet small and lightweight. It’s not prone to change either. You can download it once and store it in your Dropbox/GDrive for later use.

1 Like

I would suggest to use a standardized encryption scheme so that third party apps (e.g. apps that operate over the api, say Quick Dynalist) also can use the respective decryption / encryption routines.

Of course, it’d likely be something like AES-128 which I believe is one of the most popular encryption schemes around for this kind of use-case.

Maybe look into keybase.io they have some awesome thoughts on how encryption should work.