Secure and encrypted note taking: Difference between revisions

From Public wiki of Kevin P. Inscoe
Jump to navigation Jump to search
 
(7 intermediate revisions by the same user not shown)
Line 17: Line 17:
==Security enhancement==
==Security enhancement==


I then started using MediaWiki for all of my notes private and public and began to realize the security holes in doing such. I looked into to making MW more secure but found the database seemed to be the weakest link. I thought of encapsulating a VM with an encrypted file system which would seem to solve my worries about losing the files to theft (laptop) but I became more and more concerned about man in the middle attacks on using TLS (https) connections with corporate proxies (most notably Blue Coat). For more on this issue see https://security.stackexchange.com/questions/8145/does-https-prevent-man-in-the-middle-attacks-by-proxy-server
I then started using MediaWiki for all of my notes private and public and began to realize the security implications in doing such. Since all wikis are written with collaboration and sharing of information in mind not much effort has gone into this. I looked into to making MW more secure but found the database seemed to be the weakest link. I thought of encapsulating a VM with an encrypted file system which would seem to solve my worries about losing the files to theft (laptop) but I became more and more concerned about man in the middle attacks on using TLS (https) connections with corporate proxies (most notably Blue Coat). For more on this issue see https://security.stackexchange.com/questions/8145/does-https-prevent-man-in-the-middle-attacks-by-proxy-server and https://blog.cloudflare.com/introducing-strict-ssl-protecting-against-a-man-in-the-middle-attack-on-origin-traffic/. Is was this reason I decided to move away from HTTPS based solutions and look at local solutions with a secure way to synchronize between desktops (I use three regularly).
 
==My goals==
 
*Off-line: works completely off-line. No cloud storage.
*Self-contained: program and files in a single collection to make secure replication possible.
*Multimedia: notes and attachments are stored in a single encrypted vault in a single nosql database file and rendered inline. Similar to IBM Notes NSF files.
*Private: intended for a single individual. Non collaborative notes and articles of a personal or private nature. Sharing of notes possible via export. Access and and authenticated is strongly encrypted and secure. 2FA a possible future.
*Encrypted: end to end even while editing. Note that while editing a text blob the in memory is possible accessible in a shared memory system. This is difficult to get around.
*Desktop: GUI oriented and not client server. command line editing, mobile app or cell device is not a design goal.
*Organization: notes organized by drawer/folder with tags or other semantics. Links between documents possible.
*Editor: support for any editor. edited files stored in secure blobs.
*Rendering: TBD but likely RTF, MD or HTML a mode that supports multi-media.
*Reliable: journal of revisions to documents and document recovery.
*Replication: of documents (similar to Lotus Notes NSF) to other vaults (hosted else where or on local disk).
*Searchable: Notes are searchable, indexed (if plain text) and tagged.
*Cross platform: Mac, Linux and Windows.


==Solutions sought==
==Solutions sought==


Software and tools I tried bu ultimately they didn't satisfy my desires.
Software and tools I tried but ultimately rejected since they didn't satisfy my desires.


*https://laverna.cc/
*https://laverna.cc/

Latest revision as of 18:29, 19 April 2020

The following pages may be of interest: How I work | Journaling | Kevins Values System Decision Matrix | Writing | Time Management | Docbook notes as well as old and ancient article https://kevininscoe.com/ke3vin/pmwiki.php/Main/About maybe of interested as well.

Background

I have long been interested in note taking. I used to use red composition ledger notebooks in the 80's for note taking.

In the mid 90's I moved to using Franklin Quest planners which would become Franklin Planner.

The in 1998 I discovered Palm Pilot! My first was a Palm IIIx which at the time had the largest memory and capacity. Then later I moved up to a Palm Vx.

At around this time also work was using Lotus (which became IBM) Notes and I came to like the multimedia, replication and security nature of Notes Storage Facility (.nsf) files. This would be the beginning of my thinking of secure note taking storage.

After the new Millennium I used a variety of PDA's such as the Palm Centro and the Sharp Zaurus which I would synchronize to my desktop (Linux and Windows) to varying success.

Then around 2003/2004 I discovered wikis. Since I hosted my own web servers this was a natural fit. My first wiki was MoinMoin but then moved to PmWiki after exhaustive research in 2008. I mainly liked it because it was quite extensible, written in PHP and was file rather than database based storage which meant I could use it with simple automation to update pages directly on the server rather than through human intervention and chaining or database hacking. Later because I thought it looked more professional and simply because I didn't want to have to maintain different types of wikis all the time I (mostly) switched over to MediaWiki.

Security enhancement

I then started using MediaWiki for all of my notes private and public and began to realize the security implications in doing such. Since all wikis are written with collaboration and sharing of information in mind not much effort has gone into this. I looked into to making MW more secure but found the database seemed to be the weakest link. I thought of encapsulating a VM with an encrypted file system which would seem to solve my worries about losing the files to theft (laptop) but I became more and more concerned about man in the middle attacks on using TLS (https) connections with corporate proxies (most notably Blue Coat). For more on this issue see https://security.stackexchange.com/questions/8145/does-https-prevent-man-in-the-middle-attacks-by-proxy-server and https://blog.cloudflare.com/introducing-strict-ssl-protecting-against-a-man-in-the-middle-attack-on-origin-traffic/. Is was this reason I decided to move away from HTTPS based solutions and look at local solutions with a secure way to synchronize between desktops (I use three regularly).

My goals

  • Off-line: works completely off-line. No cloud storage.
  • Self-contained: program and files in a single collection to make secure replication possible.
  • Multimedia: notes and attachments are stored in a single encrypted vault in a single nosql database file and rendered inline. Similar to IBM Notes NSF files.
  • Private: intended for a single individual. Non collaborative notes and articles of a personal or private nature. Sharing of notes possible via export. Access and and authenticated is strongly encrypted and secure. 2FA a possible future.
  • Encrypted: end to end even while editing. Note that while editing a text blob the in memory is possible accessible in a shared memory system. This is difficult to get around.
  • Desktop: GUI oriented and not client server. command line editing, mobile app or cell device is not a design goal.
  • Organization: notes organized by drawer/folder with tags or other semantics. Links between documents possible.
  • Editor: support for any editor. edited files stored in secure blobs.
  • Rendering: TBD but likely RTF, MD or HTML a mode that supports multi-media.
  • Reliable: journal of revisions to documents and document recovery.
  • Replication: of documents (similar to Lotus Notes NSF) to other vaults (hosted else where or on local disk).
  • Searchable: Notes are searchable, indexed (if plain text) and tagged.
  • Cross platform: Mac, Linux and Windows.

Solutions sought

Software and tools I tried but ultimately rejected since they didn't satisfy my desires.

My solution

I finally decided to embark on writing my own so Self Contained Notes Repository Manager was born.