Operating system
Android
Joplin version
3.6.14
Desktop version info
No response
Current behaviour
Reproduction steps:
- On a new profile (profile A), setup file system sync
- Enable encryption using password aaa
- Sync the changes
- Create a new profile and open it (profile B)
- Setup file system sync to the same directory and click sync
- Tap the banner to go to encryption config
- Enter password bbb save it, the password will be saved onto the key, but it will ask for the master password above it
- Enter password aaa and save it, then trigger sync
- Go to the note list and observe that the notes from profile A were still not decrypted
- Create a new profile (profile C) and open it
- Setup file system sync to the same directory and click sync
- Tap the banner to go to encryption config
- Enter password aaa save it, then trigger sync
- Observe that the notes from profile A were decrypted, but the notes from profile B are not, and there is a banner saying some items cannot be synchronized
- Create a new profile (profile D) and open it
- Setup file system sync to the same directory and click sync
- Tap the banner to go to encryption config
- Enter password bbb save it, then trigger sync
- Observe that notes from 2 profiles now cannot be decrypted, which means both password aaa and bbb is unable to decrypt items where the wrong encryption password was entered, and the key is therefore corrupted or missing
See video:
https://github.com/user-attachments/assets/7b6d6c9f-4dc2-4331-a2e0-2628d537252c
Also, for a profile which already has encryption enabled in the mobile app, if you disable encryption, then re-enable it with a different password, this will also result in the same issue, without any kind of validation to validate against an existing master password.
This problem was mentioned in the comment here #14659 (comment)
Expected behaviour
It should not be possible to encrypt local notes with a corrupt or non-existent encryption key. All password entry fields (for initial encryption enablement, for entering password on an individual key, and for entering the master password) should all be validated to present an error if the password or not correct or does not match the existing master password when one exists, in the same way as the desktop app handles this
Logs
No response
Operating system
Android
Joplin version
3.6.14
Desktop version info
No response
Current behaviour
Reproduction steps:
See video:
https://github.com/user-attachments/assets/7b6d6c9f-4dc2-4331-a2e0-2628d537252c
Also, for a profile which already has encryption enabled in the mobile app, if you disable encryption, then re-enable it with a different password, this will also result in the same issue, without any kind of validation to validate against an existing master password.
This problem was mentioned in the comment here #14659 (comment)
Expected behaviour
It should not be possible to encrypt local notes with a corrupt or non-existent encryption key. All password entry fields (for initial encryption enablement, for entering password on an individual key, and for entering the master password) should all be validated to present an error if the password or not correct or does not match the existing master password when one exists, in the same way as the desktop app handles this
Logs
No response