Live Encryption Capabilities

Live Encryption

I understand that using Obsidian Sync, data is encrypted in transit (unencrypted locally, encrypted before, during and whilst in the cloud). It would be awesome to have live encryption, similar to competitors like Joplin, where a key manager is implemented to live encrypt and decrypt files during use and at rest. This would be hugely beneficial for people with stricter threat models. This would protect data from prying eyes who have a foothold on the host system (other local admins, corporate IT, bad actors). This would put the user in responsibility of managing their encryption keys and by affect, this would provider a higher level of trust that no parties upstream can access the data.

The goal would be to create a system designed to defeat any attempts of surveillance or tampering as no third party can decipher the data being communicated or stored.

Proposed Solution

I propose that every Obsidian Client has an added menu item in the options listed as ‘Live Encryption’. The users will have the ability to enable or disable encryption on their vaults. It would then prompt the user to create an encryption key and which cipher to utilise. The user will use this key on every other Obsidian client to then decrypt their notes. This may be manual method at first where the user must enter the decryption key on every client device configured. Potentially in the future we may be able to bind encryption keys to user accounts, similar to privacy respecting services like ProtonMail.
This would require key management tools being built into every client which I completely understand is cumbersome, however it would be greatly beneficial in regards to digital security and privacy.

Current Workarounds

Currently, users of Obsidian with stricter threat models rely on Veracrypt and other encryption tools to secure the Obsidian Local Files. This is only truely viable on a locally hosted instance and does not scale well into mobile operating systems. This has pushed some users to competitors who offer live-encryption on clients both desktop and mobile.

Thank you for your time!
-MaverickMidori

2 Likes

I want to add a side note here. Modern smartphones store user data in encrypted format with a key that is unlocked by your fingerprint/password/passcode/faceid/whatever you use. It’s a form transparent hardware encryption. Similarly, on windows you could use something like Bitwarden. I am sure there is something similar on mac.

Long story short: If you want, you can already have live encryption capabilities at rest using your OS.

1 Like

Also could be a plugin idea?