Thu, 09 Jul 2020 11:05 UTC by AppSoftware
AppSoftware journal encryption is a feature aimed at IT professionals who need to maintain technical notes which may contain sensitive information, but also suits other use cases where the secure recording of sensitive information is require.
Once created, all data in encrypted journals is encrypted using strong AES encryption including the selection names, entry titles and entry data.
The process of setting up an encrypted journal is simple, flexible and robust.
Encryption of journals is a 'zero knowledge' process, which means we do not have, and cannot recover the user encryption key required to access and modify data in the encrypted journal. Only the user has this information.
Full text search is not enabled for encrypted entries as that would require holding an unencrypted index to facilitate the search.
While links to files and images can be included in encrypted entry markdown, they are not uploadable and linked to the journal it's self as file encryption is not implemented.
Entres in an ecrypted journal cannot be made publicly viewable.
Securing Encrypted Journals
When a user creates an encrypted journal, they set a 'user encryption key' that is used to encrypt a strong 'journal encryption key', which is in turn used to encrypt data for that journal. Only the hash of the 'user encryption key' and the encrypted version of the 'journal encryption key' are persisted to our database. This allows the 'user encryption key' to be changed as required (by decrypting and then re-encrypting the 'journal encryption key' with the new 'user encryption key'), while maintaining 'zero knowledge' of the 'user encryption key' on our part.
While editing an encrypted journal, the 'user encryption key' used to decrypt and write data is cached in memory in an encrypted form. The encrypted form 'user encryption key' is cached only in memory and requires both a server key and a randomly generated key stored in a secure client cookie before it can be decrypted for use in our application.
Additional Security Features
Journal lock and timeout is controllable per journal
View the settings for a journal to change the timeout for an encrypted journal, according to the time required before the UI auto locks and cached information relating to the session is expired.
Two Factor Authentication
Two factor authentication or 2FA is implemented across all AppSoftware services and can be turned on in settings
Encryption at rest
Encryption of data at rest is employed as standard across all AppSoftware services.