fz0x1/jrnl
1
0
Fork 0
mirror of https://github.com/jrnl-org/jrnl.git synced 2025-07-05 07:56:14 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Explicit code blocks in docs

Browse source
This commit is contained in:
Manuel Ebert 2017-03-09 12:40:38 -08:00
parent 7003b3d13a
commit 7f5564c63c
7 changed files with 99 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

20
docs/encryption.rst
View file

@ -7,11 +7,15 @@ Encrypting and decrypting
-------------------------
If you don't choose to encrypt your file when you run `jrnl` for the first time, you can encrypt your existing journal file or change its password using ::
If you don't choose to encrypt your file when you run `jrnl` for the first time, you can encrypt your existing journal file or change its password using
.. code-block:: sh
jrnl --encrypt
If it is already encrypted, you will first be asked for the current password. You can then enter a new password and your plain journal will replaced by the encrypted file. Conversely, ::
If it is already encrypted, you will first be asked for the current password. You can then enter a new password and your plain journal will replaced by the encrypted file. Conversely,
.. code-block:: sh
jrnl --decrypt
@ -28,11 +32,15 @@ If you don't initially store the password in the keychain but decide to do so at
A note on security
------------------
While jrnl follows best practises, true security is an illusion. Specifically, jrnl will leave traces in your memory and your shell history -- it's meant to keep journals secure in transit, for example when storing it on an `untrusted <http://techcrunch.com/2014/04/09/condoleezza-rice-joins-dropboxs-board/>`_ services such as Dropbox. If you're concerned about security, disable history logging for journal in your ``.bashrc`` ::
While jrnl follows best practises, true security is an illusion. Specifically, jrnl will leave traces in your memory and your shell history -- it's meant to keep journals secure in transit, for example when storing it on an `untrusted <http://techcrunch.com/2014/04/09/condoleezza-rice-joins-dropboxs-board/>`_ services such as Dropbox. If you're concerned about security, disable history logging for journal in your ``.bashrc``
.. code-block:: sh
HISTIGNORE="$HISTIGNORE:jrnl *"
If you are using zsh instead of bash, you can get the same behaviour adding this to your ``zshrc`` ::
If you are using zsh instead of bash, you can get the same behaviour adding this to your ``zshrc``
.. code-block:: sh
setopt HIST_IGNORE_SPACE
alias jrnl=" jrnl"
@ -40,7 +48,9 @@ If you are using zsh instead of bash, you can get the same behaviour adding this
Manual decryption
-----------------
Should you ever want to decrypt your journal manually, you can do so with any program that supports the AES algorithm in CBC. The key used for encryption is the SHA-256-hash of your password, the IV (initialisation vector) is stored in the first 16 bytes of the encrypted file. The plain text is encoded in UTF-8 and padded according to PKCS#7 before being encrypted. Here's a Python script that you can use to decrypt your journal::
Should you ever want to decrypt your journal manually, you can do so with any program that supports the AES algorithm in CBC. The key used for encryption is the SHA-256-hash of your password, the IV (initialisation vector) is stored in the first 16 bytes of the encrypted file. The plain text is encoded in UTF-8 and padded according to PKCS#7 before being encrypted. Here's a Python script that you can use to decrypt your journal
.. code-block:: python
#!/usr/bin/env python3