DynaCrypt: End-To-End Encryption via Chrome Plugin

Yes. Say I decided to change password to a stronger one, I was hoping the extension performs updating all existing encrypted text prior to password change, to match the latest password.

A good point!

It’s tricky because in order to make it secure I would have to copy all your documents in order to discard the version history. In principle I could do that using the API - but it will be a bit of work.

@CHIANG_E @Steffen I have updated the interface


The little lock icons are a bit hacky right now though (basically using css rules) and I think it might slow down the client too much.
Maybe I can try to dig into the core Dynalist code to make it more efficient, otherwise I might have to remove them again.
EDIT: I think I found a more performant way of doing it.

image

As usual the update is on github https://github.com/timediv/DynaCrypt/releases/tag/1.1
https://github.com/timediv/DynaCrypt/releases/tag/1.2

I updated, but now i cant decrypt my lists anymore. the new ones

Yes I had to upgrade the encryption algorithm. I hope this won’t be necessary again but during these initial stages I have to make sure there are no vulnerabilities.
You can use the old version to save your document as opml or copy the data. Then insert it with the new plug in version.

Guess DC1.2 has somewhat solved performance of 1.1.


Anyway, I tested both, with none of the 1.0-1.2 unloaded.
Okay, testing of 1.1 (activated alone): I was required to reenter my password.
Testing of 1.2 (activated alone): Password needed no re-enter. Duplication of encrypted nodes retained the encryption status.

Love the padlocks. Is 1.2 final for pre-release?

Risk assessment: In what circumstances could the encryption be unrecoverable, other than lost of password and “tampered” encrypted nodes (as in my previous reply)?

I think it is quite stable now. There are still a few features missing for convenience, but it certainly is usable already:

  • Automatic initial encryption of all documents (can be done manually by copying documents)
  • Changing the password (automatic decryption + reencryption, again, in principle can be done manually)
  • Using no or a different key for shared documents (one can also disable the plugin while editing those for now)
  • Support for dates in google calendar
  • Bookmarks & Document names are unencrypted but I guess that is less of a concern

In principle you could always recover by using an old version of the plugin / running the js decryption manually on one of your backup files or downloaded opmls. I think there are two modes of inconvenience that could happen

  • Dynalist changes their code base so radically that it breaks my plugin (I only interface with the networking so this is not too likely) – then I would have to adapt the extension
  • I have to adapt the encryption mechanism because there is a weakness (will make sure to chat with a security expert soon). Right now I don’t provide an auto re-encrypt upgrade process, so if this happens again you have to use the old version, export the files as opml unencrypted, and reupload them with the new version.

@Louis_Kirsch
Appreciate your time and efforts, keep the forum posted please. Also some level of documentation such as recovery guide at the Github (?) would be nice and life-saver.

That’s a good idea. I might just add a script that takes the encrypted backup files and outputs an unencrypted backup for Dynalist independent recovery.

Yes!

Wish that it could auto download the working Dynalist document (my guess) in multiple opml files at fixed intervals in the background, given that there is no control over when the user will turn off CRX (assuming selective encryption) or even close the browser. File names to have date-time stamps & doc name.

I’m not entirely sure what you are asking for. Can you please clarify?

Dynalist has a backup feature already which you can access in the menu or setup auto backups. These backups will be encrypted (as they are downloads directly from the server) so it would be useful to have an additional option in the extension to decrypt such a backup independent of whether the extension still works for Dynalist (as Dynalist might go down at some point or otherwise make the extension incompatible).

When you export a file to opml within Dynalist (not the backup feature) then you actually get the unencrypted copy that the client has in-memory.

That was functionality I wish you could add to the script in the reply from you earlier:

script that takes the encrypted backup files and outputs an unencrypted backup for Dynalist independent recovery

I need the script to download the “unencrypted backup” (i assumed opml file) at an interval say every 5 mins.

EDIT:
I guess my request is not valid when “the script” component of DynaCrypt is capable of decrypting the Dynalist routine-backup (local copy downloaded from GDrive/Dropbox; encrypted) in OFFLINE mode.

Yes I think we shouldn’t reinvent the backup mechanism, just allow the encrypted backups to be decrypted offline without relying on Dynalist.

1 Like

Wait is this version history a hidden feature of DynaList?

It’s a Dynalist Pro feature - right click the document

1 Like

Pointless semantics but, is this “end-to-end encryption” if both ends are one in the same? Or is it just “encryption”? All encryption has one decrypt end. I think of end-to-end as Signal app, 2+ people, so the title confused me making me think the other end was dynalists AWS storage, decrypted in plain text, and it only encrypted the transit, because how else would it be “end-to-end” but nevermind that’s not the case. Cool nonetheless. Anything to get corporate jobs to accept dynalist into their high security IT whitelists is nice.

Thanks for the feedback! You are right ‘client side encryption’ or so might be a better description.

Wow!

But I sadly can’t risk my data. So external vetting is important to me. But this is a really nice plugin. Thanks for all the work.

Of course I can’t promise you a costly official review process but I will have people with security education and security research look over it.

1 Like

Hopefully since your made this open source it can be vetted by our DynaGods too :wink: