jrnl icon indicating copy to clipboard operation
jrnl copied to clipboard

Published 20 hours ago verified publisher icon jrnl-org

Add GPG as an option for encryption

Open insanerwayner opened this issue 5 years ago • 8 comments

Came to look for this feature. I think it would great to have the option to use GnuPG for us users that are already using it. It would definitely be a good way for easy decryption if someday the jrnl project were somehow lost or broken. PGP is a standard that has stood the test of time.

Originally posted by @insanerwayner in https://github.com/jrnl-org/jrnl/issues/262#issuecomment-521679403

insanerwayner avatar Aug 21 '19 14:08 insanerwayner

I'm open to this as an idea, but want to be sure the experience is as seamless as possible for users that opt to use the encryption feature.

Specifically, I would like to hear about what this new option add that isn't currently part of the feature set.

Also, you mention very valid concerns about what happens to an encrypted journal if/when jrnl becomes in accessible. Have you looked at the encryption page in our docs? There's an example small script there for manual decryption, in case the project should ever disappear. Do you have any concerns about the efficacy of this approach?

wren avatar Aug 24 '19 18:08 wren

There's an example small script there for manual decryption, in case the project should ever disappear. Do you have any concerns about the efficacy of this approach?

I have seen that. That would be fine if we don't lose access to that documentation, however the drawback here is that it does require a special script or finding a program that will decrypt the form of encryption. You would also need to remember what form of encryption was built in to the program originally. Maybe if that info were included in a man page, which is another thing I think should be added.

I still think the existing encryption method should be included with jrnl, but I think having the option to use something that is built into many systems (ie GnuPG), would be a nice feature, maybe even other encryption methods would be welcome. Give the user a choice of options to use.

insanerwayner avatar Aug 26 '19 21:08 insanerwayner

@insanerwayner It's worth noting that OpenSSL (a tool/library bundled and built into many systems) supports command line based decryption of AES in CBC mode. The only issue would be getting the IV from the file, which can be done with other unix tools such as head, cat, xxd, etc. The form of encryption described is not unique, obscure, or unknown.

To GnuPG's credit however, it would allow for creating new journal entries and automatically encrypting them/the journal, meaning the decryption only needs to occur when trying to read the journal.

larssorenson avatar Sep 19 '19 18:09 larssorenson

Hi, @insanerwayner. To clarify, the script in our docs is only an example. One could make similar scripts in many languages to decrypt their journals if/when our documentation ever goes away. I also know of a few users that have copy/pasted our example script into their password vaults along with their journal passwords, for even easier access. And to be clear, I'm not against GPG, and I'm for giving users choice, I just want to be sure I understand the pros and cons of any given choice before committing to it.

@larssorenson Hi, that's an interesting prospect. I'm not as familiar with GPG, so forgive me if this is incorrect. Are you saying that with GPG we can write to an encrypted journal without unencrypting it?

wren avatar Sep 27 '19 23:09 wren

Hey @wren. It's possible, I would need to understand the structure/format of the journal itself to give you a firm answer. If you are required to read the whole journal before adding an entry and writing to file, it wouldn't solve that problem but if the format was multiple files or a list, with each entry individuall encrypted, this could be the case.

larssorenson avatar Oct 03 '19 21:10 larssorenson

A major advantage of using PGP is ease of keeping up with cryptographic standards. It also completely removes requirement for you to maintain cryptographic code.

I can't code myself out of a toilet, but I'm sure there's a simple method to call GPG-agent and let it do the cryptography.

ParaplegicRacehorse avatar Nov 27 '19 20:11 ParaplegicRacehorse

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Jan 26 '20 21:01 stale[bot]

I'm into this idea, and want to sketch out some of the steps to implement this:

  • The program needs additional command line interface parameters and/or configuration fields to specify the flavor of encryption to use. Something into keep in mind as we refactor CLI (#707) and/or look into allowing the user to modify configuration from the CLI
  • There's the matter of actually selecting and implementing GPG, which has some additional concerns:
    • Selecting a Python library vs. some sort of system call
    • Cross-platform support (a concern for both of the above approaches, as lots of GNU libraries have issues with Windows and/or various Python distributions in Windows)

micahellison avatar Feb 01 '20 19:02 micahellison