Client-side encryption poll

One solution is to provide a lightweight standalone HTML page that would take a .zip file, a key, and output the decrypted content.

Because this HTML page doesn’t need to have any of Dynalist’s functionalities, it can be quiet small and lightweight. It’s not prone to change either. You can download it once and store it in your Dropbox/GDrive for later use.

3 Likes

I would suggest to use a standardized encryption scheme so that third party apps (e.g. apps that operate over the api, say Quick Dynalist) also can use the respective decryption / encryption routines.

Of course, it’d likely be something like AES-128 which I believe is one of the most popular encryption schemes around for this kind of use-case.

Maybe look into keybase.io they have some awesome thoughts on how encryption should work.

It’s great to see that you are seriously considering adding encryption to Dynalist. Do you have any ETA for it?

2 Likes

i voted for encrypting all of dynalist with a key first because i was thinking that encrypting each document individually would mean having to have a separate key for each one… but maybe im reading that wrong? could you just use the same key to encrypt multiple documents?

that would be my use case anyway. i would probably encrypt most of my documents and leave the 2 or 3 documents i want to share unencrypted

i wouldnt be too worry about losing the encryption key myself. i would have it stored in my keepass database which is backed up to multiple locations!

For my needs of private journaling, the ability to password/PIN protect on a document-level(and encrypt the document with the same password) a great solution. I imagine it working the same way Apple Notes work, you can individually select which notes you want Locked and you can protect those with a PIN, and it syncs all the same on all devices requiring the PIN(separate from iCloud password) to view or edit Locked notes.

Right now the way I mitigate is by using Apple Notes for journaling and Dynalist for content I don’t mind being public, if PINs come to Documents on Dynalist, I see no use of using Apple Notes.

-Michael :slight_smile:

Lack of encryption is the only thing that’s holding me from migrating to Dynalist. Can you give us an ETA on this feature? So I don’t have false expectation. Thank you.

2 Likes

I would really like to use client-side encryption. If there is client-side encryption I can upgrade to Pro!

I can find a card on Trello Dynalist Roadmap about ‘end-to-end encryption’ but there could be a difference between end-to-end encryption and client-side encryption. Where can we vote for client-side encryption on the Trello Dynalist Roadmap?

@Erica You already have end-to-end encryption implemented for Obsidian, and if I understood correctly, you guys wrote the software during the lock-down. So would you please tell us why it’s so challenging to implement (End-to-end or client-side) encryption for Dynalist?

People are more privacy-aware than ever before and it has been years since asking for this feature and I am just curious about what is preventing you from implementing this feature.

It would be great to hear from you. Thank you so much!

Agreed. Personally I don’t even need encryption, I literally just need the ability to store the database locally without pushing it to a web service.

This one’s easy to answer: DynaList follows a different architecture. The Obsidian architecture has all processing occur on the client side, so sending to another client is as simple as encrypt-send-decrypt.

The DynaList architecture does most processing on a server database, so every operation that deals with text needs to have access to that text, and that will be on their server, not on a client end.

Try the moo.do desktop app. It’s another Workflowy clone but has implemented all this. For local docs press New Local. They never sync online. For encrypted sync make a New Synced and go to Settings>Desktop app>Client side encryption.

2 Likes

I am curious what happens server-side with Dynalist, considering you can firewall the desktop app and work for quite a while no problems. Seems like everything you need is using client-side javascript. But I haven’t extensively tested. Just curious what’s serverside.

+1 for client side encryption!!! It’s the one thing that really makes me hesitate about committing fully to Dynalist.

It looks like the Legend App (moo.do) forces you to use Google Drive for any attachments to sync, which will not be encrypted. That’s definitely a show-stopper for me.