Evernote Note Encryption

Perhaps my Internet Privacy article got you thinking or maybe you’re sticking around for more Evernote tips after reading my first Evernote article. This time I’m going to combine the two so that I can talk about leveraging a privacy in Evernote.

Secure Cloud Computing By FutUndBeidl - Creative Commons 2.0

Secure Cloud Computing By FutUndBeidl – Creative Commons 2.0

One of the first things I immediately began to do in Evernote was to store my passwords for various sites and accounts. It occurred to me a short time after I started doing this that anyone that was able to access my Evernote account now had complete access to anything on the web!

Just imagine, if you’re doing the same, and someone gets your credentials for Evernote they now have your credentials for everything! You might think that this wouldn’t apply to you, but did you really read my internet privacy post? All it takes is a little lapse of security on Evernote’s part to have millions of usernames and passwords out there for anyone to use. That is completely out of your control; it doesn’t matter to what level of security you used when creating your password. If it’s compromised and you have sensitive information in Evernote, which many people do, then you can say that all of those accounts are compromised!

Holy Crap! What Can I Do?!

The answer is actually kind of simple. Evernote supports encryption of notes. Using the native Evernote app you can highlight and encrypt strings of text.

  1. Have your note open and the text you want to encrypt highlighted.
  2. Right click the text to bring up the context menu.
    1. Find the menu item titled Encrypt Selected Text
  3. A popup will appear and prompt you to enter a password for encryption. Since we’re talking about security here, you should use a password that is not the same as your Evernote account password and is not reused across any of your other accounts. Once you enter this password it will be used to decrypt the text at a later point in time. Don’t forget this password!
  4. Depending on the version of Evernote you are using you may enter an optional hint. This helps in jogging your memory when entering the password later to decrypt the text.
Evernote Encryption Dialog

Encrypting Text – Ctrl+Shift+X Also Opens This Dialog

You Information is Now Encrypted!

Great! Now that you’ve encrypted your sensitive information you’ve protected a possible breach of sensitive information about your accounts. However, please note that after you’ve encrypted your text in Evernote with your password there is no way to recover that text if you are to forget that password! Evernote’s employees can’t even help you here.

There are things you can’t encrypt:

  • Images or PDFs
  • Any File Attachments
    • Doesn’t matter if it is a text document of something from Microsoft Office
  • Audio Clips
  • Encryption is limited to selected text within a note. Whole note encryption is not supported and neither is notebook encryption.

Also note that once you’ve encrypted some information you can no longer search for it. Naturally this is the case since the text is garbled into unreadable characters until you decrypt it.

How Do I Decrypt My Information?

So now you need that password for Facebook or your bank account, how do you get it back to its readable form in Evernote? It’s actually very simple.  You’ll see a lock icon followed by black squares. That represents your encrypted text.  Double clicking, right clicking and selecting Show Encrypted Text, or pressing Ctrl+Enter will bring up the decryption dialog box.

Decryption Dialog

Decryption Dialog

Enter your password and you text will appear in the note. Selecting the checkbox Remember passphrase until I quit Evernote will allow you to switch between notes and still have your encrypted content appear. Leaving the checkbox unchecked and leaving the note will cause the text to be encrypted when you return to the note. This is the safest method of using this feature.

Evernote will show you the decrypted text within a border. This is helpful to remind you that the text is sensitive and will be encrypted.

Can I Change the Password Used To Decrypt My Text?

The answer to that is yes. However, you must have the original password which you used to encrypt the text. To change the password used to encrypt the text do the following:

  1. Right click on the encrypted text and select “Decrypt Text Permenantly…”.
  2. Enter the current password so that the text becomes decrypted.
  3. Select the same text that was encrypted previously and follow the same procedure outlined above to encrypt your text with your new password.

Nerd Stuff

So, how does all this encryption stack up when compared to real world security? Well, the answer to that is complex. From the horse’s mouth:

If you encrypt text within a note, we derive a 64-bit RC2 key from your passphrase and use this to encryptthe text. This is the longest symmetric key length permitted by US Export restrictions without going through a complex process to gain export approval.

We do not receive any copy of the key or your passphrase, or any escrow mechanism to recover yourencrypted data. I.e., if you forget your passphrase, we can’t recover your data.

When accessing Evernote’s website to view your notes you can, of course, decrypt the content of a note. But doesn’t this expose me to someone looking at the transmission of the note over the internet! Again, here’s Evernote’s response:

User authentication (i.e. username + password) is always performed over SSL when you communicate with Evernote. This uses 1024-2048 bit RSA keys and a symmetric session key that’s negotiated between your client/browser and our server.

The data in user notes is also transferred via SSL.

It’s about as secure as you can get without going to 3rd party encryption. If you’re super worried about the content in your Evernote notes you could always get PGP and encrypt your text before placing it into your notes!

Tagged , , . Bookmark the permalink.

About Mike

I'm a software engineer. Look into the about page for more information about me.

Comments are closed.