Man-in-the-middle to modify file when Obsidian loads/saves it


I want to extend the Obsidian Encrypt plugin to be able to view encrypted notes using live preview. Instead of coding a new view, I thought to myself it might be possible to do as follows :

  1. When an encrypted file is loaded into the editor, the plugin plays a man-in-the-middle role and decrypts the loaded content before transmitting it to the editor
  2. When the editor wants to save the file, the plugin gets in the way once again, re-encrypts the contents of the file and then saves it to the disk

This ensures the decrypted content is never saved on the disk while maintaining a transparent experience for the user.

My question is, is there a way to play the man-in-the-middle role for when loading/saving files? I thought about an editor extension, but I’m not even sure it’s enough, since Obsidian’s the one to load and save files, not CodeMirror, right?

Any suggestion or information would be much appreciated. Thank you for your time !

I’m sorry, and should most likely read your post better, but are you wondering on how to do encryption using a man-in-the-middle aporoach?! What kind of safety would that be? If it was allowed, what is then to stop someone else from doing the same?

This sounds like locking the door, but leaving the lock pick set on the outside…

I believe you need to rethink your approach, and possibly reconsider what are the actual threats to your systems.

I agree that the title is misleading, maybe you’re right and it is a bad approach, but I’m not sure the approach is problematic in itself.

Let me try to clarify by reformulating. The motivation behind my question is the following :

  • I have sensitive notes I do not want to appear decrypted on the disk
  • There exists a plugin that encrypts notes on the disk
  • But this plugin only provides source view for the encrypted files, live preview is not available

Possible solutions I see are :

  • Re-implementing the features of live-preview in the custom view of the mentioned plugin (time-consuming and needs feels like re-inventing the wheel since live-preview already exists)
  • Find a way to use live-preview on encrypted files without decrypting them on the disk

Which brought me to the idea I explained poorly above :

Trick Obsidian live-preview into displaying the decrypted content without ever storing it decrypted on the disk.

To do this, I wondered if there was a way to intercept encrypted data loaded from the disk before live-preview gets it, decrypt it transparently and give the decrypted data to live-preview for display and editing. Then whenever the data needs to be saved, intercept it again, encrypt it and replace the file content on the disk with the new encrypted data.

This is what I meant by “man-in-the-middle”, but I agree it is misleading. This would allow the decrypted data never to be seen on the disk itself.

Hope that clarifies it !

Back in the days there were various cases of using memory based file systems. I’m wondering if that could be an approach for you somehow, but that would mean you would need to keep the entire vault in memory (with all indexes and cache and what not). And rebuild that stuff each time you open the vault

On the other hand I don’t really see the danger of having the unencrypted file on a local drive, or by using an encrypted file system like Bitlocker.

What I do see is that Obsidian is relying heavily on the continuous disc access, and I don’t think it’s very feasible to have a plugin implement a viewing mode without any of the metadata being generated being stored on disc.

All in all I would seriously reconsider what kind of security you gain from using such an elaborate system, versus using either the encrypted file system or living with the unencrypted file for some time when working with it.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.