edit
As of version 1.14.3 I have also introduced XChaCha20 encryption (used as default) to allow both symmetric and asymmetric encryption types.
Hi all!
Just wanted to give an update as it’s been about two months since the last post I made about Jotty - see it here
We are approaching end of year and I just want to thank this amazing community for the huge support I have received, it has sincerely given me an amazing escape from a lot of shit stuff I had going on in my life (and still, unfortunately, do).
For anyone not knowing about Jotty, the tl;dr is this little snippet here from the readme:
A self-hosted app for your checklists, tasks and notes.
jotty·page is a lightweight alternative for managing your personal checklists and notes.
It's extremely easy to deploy, keeps all your data on your own server with your own file
structure (no databases!) and allows you to encrypt/decrypt your notes for your personal
peace of mind.
Last thing I want is people thinking this post is AI, so I won’t give a full on sales pitch, but a bit of context is always needed I suppose lol
You can read about it more on the repo: https://github.com/fccview/jotty
And here’s the website with the demo in case you want to play around with it before installing it: https://jotty.page/
Anyhow, PGP encryption has been a much requested feature, for a few months actually, but I didn’t want to rush something as delicate as that, so I took my time and I think it’s working pretty neatly, passphrase is never stored on the server, private/public key can be generated straight from Jotty or you can import your own/mount them from whatever folder you want on your system on read only.
There’s also a ton of new features since the last post two months ago, but this is the one I’m the most excited about.
Let me know what you all think about the feature and Jotty in general and I’ll see you in the comments <3
You must log in or register to comment.
If I understand the Encryption Markdown page, it appears the public/private key are primarily to protect the data at-rest? But then both keys are stored on the server, although protected by the passphrase for the keys.
So if the protection boils down to the passphrase, what is the point of having the user upload their own keypair? Are the notes ever exported from the instance while still being encrypted by the user’s keypair?
Also, why PGP? PGP may be readily available, but it’s definitely not an example of user-friendliness, as exemplified by its lack of broad acceptance by non-tech users or non-government users.
And then, why RSA? Or are other key algorithms supported as well, like ed25519?
Hi! These are all very valid questions!
The protection boils down to your level of comfort, really, the way I built this is very modular, you can
- Simply generate a key pair by clicking on a simple button (for non power users)
- Import your own keys (if you feel comfortable enough to do it)
- Or simply encrypt with a public key and use your private key when prompted for decryption, this way keys are never stored on the server and all operations happen offline on the browser :)
When exporting notes, if one is encrypted it’ll stay encrypted, of course.
Lastly, the simple answer is because I know the tech fairly well and understand it enough to comfortably implement it, I wouldn’t want to half ass something, PGP is an extremely valid form of encryption anyway, and can be very user friendly when implemented properly (as explained above there’s various levels of complexity in place)
Very valid feedback, makes me wonder if I should give people multiple choices of encryption algorithms in future updates ♥️