fz0x1/jrnl
1
0
Fork 0
mirror of https://github.com/jrnl-org/jrnl.git synced 2025-05-10 08:38:32 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Improve privacy, security, and encryption documentation #896 (#925)

Browse source 
* Improve privacy, security, and encryption documentation #896
* Use gentler language and ensuring documentation does not read like legal advice
This commit is contained in:
Micah Jerome Ellison 2020-05-06 18:14:44 -07:00 committed by GitHub
parent b2c7d29909
commit 4df4e56a96
3 changed files with 83 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
docs/encryption.md
View file

@ -31,40 +31,20 @@ your journal.
If you dont initially store the password in the keychain but decide to If you dont initially store the password in the keychain but decide to
do so at a later point or maybe want to store it on one computer but do so at a later point or maybe want to store it on one computer but
not on another you can simply run `jrnl --encrypt` on an encrypted not on another you can run `jrnl --encrypt` on an encrypted
journal and use the same password again. journal and use the same password again.
## A note on security ## A note on security
While jrnl follows best practises, true security is an illusion. While `jrnl` follows best practices, total security is an illusion.
Specifically, jrnl will leave traces in your memory and your shell There are a number of ways that people can at least partially
history its meant to keep journals secure in transit, for example compromise your `jrnl` data. See the [Privacy and Security](./security.md)
when storing it on an documentation for more information.
[untrusted](http://techcrunch.com/2014/04/09/condoleezza-rice-joins-dropboxs-board/)
services such as Dropbox. If youre concerned about security, disable
history logging for journal in your `.bashrc`:
``` sh ## No password recovery
HISTIGNORE="$HISTIGNORE:jrnl *"
```
If you are using zsh instead of bash, you can get the same behaviour by There is no method to recover or reset your `jrnl` password. If you lose it,
adding this to your `zshrc`: your data is inaccessible.
``` sh
setopt HIST_IGNORE_SPACE
alias jrnl=" jrnl"
```
If you are using `fish` instead of `bash` or `zsh`, you can get the same behaviour by
adding this to your `fish` configuration:
``` sh
abbr --add jrnl " jrnl"
```
To delete existing `jrnl` commands from `fish`s history, run
`history delete --prefix 'jrnl '`.
## Manual decryption ## Manual decryption

74
docs/security.md Normal file
View file

@ -0,0 +1,74 @@
# Privacy and Security
`jrnl` is designed with privacy and security in mind, but there are some
limitations to be aware of.
## Password strength
`jrnl` doesn't enforce password strength requirements. Short or commonly-used
passwords can easily be circumvented by someone with basic security skills
and access to your encrypted `jrnl` file.
## Shell history
Since you can enter entries from the command line, any tool
that logs command line actions is a potential security risk. See
below for how to deal with this problem in various shells.
### bash
You can disable history logging for jrnl in your `.bashrc`:
``` sh
HISTIGNORE="$HISTIGNORE:jrnl *"
```
### zsh
Disable history logging by adding this to your `zshrc`:
``` sh
setopt HIST_IGNORE_SPACE
alias jrnl=" jrnl"
```
### fish
Add this abbreviation to your `fish` configuration to run jrnl with
a space before it, which prevents `fish` from logging it:
``` sh
abbr --add jrnl " jrnl"
```
To delete existing `jrnl` commands from `fish`s history, run
`history delete --prefix 'jrnl '`.
### Windows Command Prompt
Windows doesn't log history to disk, but it does keep it in your command
prompt session. Close the command prompt or press Alt+F7 to clear its
history after journaling.
## Files in transit from editor to jrnl
When creating or editing an entry, `jrnl` uses a plain text temporary file on disk
to give your editor access to it. `jrnl` deletes the temporary file when it
saves the entry back to your journal.
If you save an entry but haven't closed your editor yet, and your computer shuts
off or the `jrnl` process is killed, the entry remains on your disk as a
temporary file. You can mitigate this issue by only saving with your editor
right before closing it.
## Plausible deniability
You may be able to hide the contents of your journal behind a layer of encryption,
but if someone has access to your configuration file, then they can figure out that
you have a journal, where that journal file is, and when you last edited it.
With a sufficient power imbalance, someone may be able to force you to unencrypt
it through non-technical means.
## Notice any other risks?
Please let the maintainers know by [filing an issue on GitHub](https://github.com/jrnl-org/jrnl/issues).

1
mkdocs.yml
View file

@ -18,6 +18,7 @@ nav:
- Quickstart: installation.md - Quickstart: installation.md
- Basic Usage: usage.md - Basic Usage: usage.md
- Encryption: encryption.md - Encryption: encryption.md
- Privacy and Security: security.md
- Import and Export: export.md - Import and Export: export.md
- Advanced Usage: advanced.md - Advanced Usage: advanced.md
- Recipes: recipes.md - Recipes: recipes.md