Comment on Selfhostable notes app that encrypts the files on Disk?
mark@infosec.pub 2 months ago
if you’re encrypting at rest you also have to consider where there encryption key is being stored.
if you’re storing the encryption key plaintext on the same drive as the data, there’s not much of a point in encrypting.
a TPM/HSM could solve the issue, depending on how far down the rabbit hole you need to go.
HamalaKarris@lemmy.world 2 months ago
In my mind at least this would be solved by the “vault” needing to be decrypted with a password every time notes are accessed saved with the password acting as the key? I’m not terribly well educated on encryption though.
aurelian@lemmy.ml 2 months ago
The problem is how many random characters can you remember in your head?
A good encryption key would be around 32 characters to form a 256 bit encryption key.
You can do a fun game of encrypt the encryption key with a password but that’s just another vulnerability in the chain.
I recommend getting a PGP key stored on a yubikey and then encrypt all your notes with it since it’s all in markdown, I store my notes on Google drive and keep them decrypted in memory so that I can still use Obsidian.
mark@infosec.pub 2 months ago
if you want to type the key yourself each time this could work. I’m not aware of an app that does this but it wouldn’t be too hard I don’t think.