Comment by katspaugh
9 days ago
Thanks! Exactly, client encrypts before syncing. Decryption keys are wrapped/encrypted with your password. If you change the password, only the decryption keys are re-encrypted, not your notes.
9 days ago
Thanks! Exactly, client encrypts before syncing. Decryption keys are wrapped/encrypted with your password. If you change the password, only the decryption keys are re-encrypted, not your notes.
Smart approach with the key wrapping. Re-encrypting every note on a password change would be brutal at scale. Do you have a recovery path if someone forgets their password, or is it truly zero-knowledge where the data is just gone?
Assuming the user still has access to their browser, the data would be still accessible locally (and I’m planning to add an export function too).