Illustrates the encryption steps in Joplin, showing how a master password encrypts the master key and how the master key encrypts notes/resources before sy
graph LR;
pwd[Master<br/>Password]
mk[Master Key]
emk[Encrypted<br/>Master Key]
enc_1(("EncryptionService<br/>.encrypt()"))
sync[(Sync Target)]
pt[Notes/Resources]
enc_2(("EncryptionService<br/>.encrypt()"))
ct[Encrypted<br/>Notes/Resources]
mk-->enc_1
mk-->enc_2
subgraph Master Key Encryption
pwd-->enc_1
enc_1-->emk
end
subgraph Data Encryption
pt-->enc_2
enc_2-->ct
end
emk-->sync
ct-->syncThis diagram illustrates the two-stage encryption process within Joplin. It details how a Master Password is used to encrypt the Master Key, and subsequently, how the Master Key is used to encrypt user data (notes and resources). Both the encrypted master key and encrypted data are then sent to a Sync Target.
Use this diagram to explain or document client-side encryption mechanisms, especially in applications where user data is encrypted before being stored or synchronized. It's useful for demonstrating security architectures, data protection flows, or explaining how master keys and data keys are managed.
This diagram can be adapted to include decryption steps, key rotation processes, or different encryption algorithms. You could add details about key derivation functions, salt usage, or integrate cloud-specific key management services. Expanding the 'Sync Target' to show specific cloud providers or storage types would also be beneficial.