My personal setup to have encrypted notes (and sync them between android and windows devices)

Hello obsidian users, with this post I want to share with you the solution I came up to resolve one of obsidian’s biggest luck. I want to do this because searching on the Internet to find a solution I discovered that lot of people had the same necessity that I have: be reasonably sure that no one can access their written thoughts without their authorization. So I’m not talking about “military grade encryption”, “Swiss privacy standard” or other things like that, no. I’m just talking about that with this setup curios people will be no longer a problem for you.

Let’s do it. You will need:

  • the tasker app, to encrypt the files. Unfortunately for this purpose you can’t use the play store version of the app, because that version can’t crypt files (I think because of USA laws). You will need to buy the app directly from the developer, on patreon. If you’re not a tasker user and find it difficult to use feel free to ask for help in the comments; now I will no go into depths with details for the sake of brevity.

  • a synchronization app, both on your smartphone/tablet and your pc. I’m using ‘syncthing’ but a valid alternative could be using the ‘autosync’ app on android and ‘one drive’/‘google drive’ on your pc. Obsidian sync works too, but be aware of the file version history.

As you can imagine the idea is very simple. Since I bring always my smartphone with me (I think I’m not the only one here) I use it to encrypt my notes, both if I’ve written them with my smartphone or with my pc (since the vault is synchronized). The same is true for decryption too, since tasker encrypt files in .tec format and I’ve not found a way to decrypt this format on windows.

PROS:

  1. You can use automation
  2. Time consuming but easy to setup method
  3. Low budget method

CONS:

  1. With tasker you can’t encrypt subfolders, so if you want to encrypt /folder1 and it has a subfolder the task will result in an error
  2. You have to manually add the path for each folder you want encrypt
  3. The name of the files are not encrypted

I think the project is highly improvable and highly adaptable to your needs. For example, I have a ~700 Mb vault, but I encrypt <1 Mb data.
I tried to do the same thing using gpg via shell commands, but I didn’t know the right syntax; conceptually I think it is possible tough.

I’m sharing the description of the tasker project with you. Please note:

  • you will need to adjust the paths of the folders to crypt/decrypt, but remeber that for each folder you will need to setup a different action and that the folders can’t contain subfolders;
  • in the decrypt task please insert the path of your obsidian vault in the ‘run shell’ action. It is required to delete the previously encrypted notes.
  • I’ve set the default password to ‘12345678’. Of course you can change it and I suggest you to do so.
  • the variables in the project are not strictly necessary.
  • I’ve inserted the ‘start/stop syncthing’ action just as an example of what automation can do for you.
  • I personally activate the crypt/decrypt action via the secondary app. You can set a profile a profile triggered by the lunch of the obsdian app for example.

Let me know what you think about it and please help me to improve this project :slight_smile:

Tasks
Task: Encrypt The Notes

    A1: If [ %Crypted ~ 0 ]
    
        A2: Set Key [
             Name: obsidian
             Key: 12345678 ]
    
        A3: Encrypt Dir [
             Directory: Syncthing/Obsidian/Folder
             Key: obsidian
             Leave Key: On
             Shred Original: On ]
    
        A4: Flash [
             Text: Encrypted 
             Continue Task Immediately: On
             Dismiss On Click: On ]
    
        A5: Variable Set [
             Name: %Crypted
             To: 1
             Structure Output (JSON, etc): On ]
    
        A6: Vibrate [
             Time: 200 ]
    
    A7: End If
    
    

    Task: Decrypt The Notes
    
    A1: If [ %Crypted ~ 1 ]
    
        A2: Enter Key [
             Title: Password
             Key: obsidian
             Background Image: Sfondi/w.jpg
             Layout: Enter Key
             Timeout (Seconds): 600
             Show Over Keyguard: On ]
    
        A3: Decrypt Dir [
             Directory: Syncthing/Obsidian/Folder
             Key: obsidian ]
    
        A4: Vibrate [
             Time: 200 ]
    
        A5: Run Shell [
             Command: find "/storage/emulated/0/Syncthing/Obsidian" -type f -maxdepth 6 -iname "*.tec" -delete
             Timeout (Seconds): 0
             Use Global Namespace: On ]
    
        A6: Variable Set [
             Name: %Crypted
             To: 0
             Structure Output (JSON, etc): On ]
    
        A7: Flash [
             Text: Decrypted
             Continue Task Immediately: On
             Dismiss On Click: On ]
    
    A8: End If
    
    

    Task: Syncthing Start
    
    A1: Send Intent [
         Action: com.nutomic.syncthingandroid.action.START
         Cat: None
         Package: com.nutomic.syncthingandroid
         Target: Broadcast Receiver ]
    
    

    Task: Synthing Stop
    
    A1: Send Intent [
         Action: com.nutomic.syncthingandroid.action.STOP
         Cat: None
         Package: com.nutomic.syncthingandroid
         Target: Broadcast Receiver ]