How backup encrypted notes??

[jimbee 5]

Apologies if this has been discussed but couldn't find a solution by searching...

I have around 900 notes and probably at least 10% of them contained encrypted information. What I want to do is to create a backup of all notes, but when I do that via .html e.g. the encrypted notes remain encrypted. Is there any way to export notes and "unencrypt" notes?

[DTLow 5,736]

I also use html export as an Evernote backup

I don't use Evernote's encryption feature - I don't want to be locked into Evernote   
I use encrypted attachments (pdfs, office/iwork documents, ...)   
The encryption is valid outside the Evernote platform

[jimbee 5]

14 minutes ago, DTLow said:

I also use html export as an Evernote backup

I don't use Evernote's encryption feature - I don't want to be locked into Evernote   
I use encrypted attachments (pdfs, office/iwork documents, ...)   
The encryption is valid outside the Evernote platform

Sounds like a good approach. Don't want to go that route myself hence looking for a way to export encrypted notes. Might not be possible I guess...

I've been using EN for many years and one of these days (famous last words) I need to sit down and go through all my notebooks that contain notes that have long since become useless. 

[xaa 18]

To backup your encrypted notes you should export as enex format instead of html. 

 I agree with you  this is a pita that there is no solution (or even a simple alert on the export html screen) during encrypted notes export attempt.

ps: You can use "encryption:" in the search field to list all encrypted notes. 

Hope it helps 

[gazumped 11,663]

Just as an observation - IMHO tidying curating databases in Windows is an incredibly satisfying,  time-consuming,  and largely pointless process.  Having a smaller database does mean it occupies less disk space - but you need to clear megabytes of notes for that to be a significant saving.  You're not improving your upload status - what's hit the server is old news.  It's what you process in future that affects your score,  and for premium subscribers (IME) you really have to push to get close to any limits.  Better to spend time actually doing work.

I speak as the proud possessor of 50K+ notes going back probably 50 years (I converted the paper I saved before I got to Evernote).  I delete old stuff if it leaps out at me,  but that's about it.  Storage is cheap - even my backups are less than 100GB on a multi-terabyte external drive. 

'Work' time is for getting things done. 'Me' time is unrepentant selfish indulgent hedonism. (Ideally....)

[jimbee 5]

On 7/17/2020 at 9:40 AM, xaa said:

ps: You can use "encryption:" in the search field to list all encrypted notes. 

 

Hmmm... that doesn't seem to work for me. Perhaps I'm missing something? 

[jimbee 5]

On 7/17/2020 at 10:55 AM, gazumped said:

Just as an observation - IMHO tidying curating databases in Windows is an incredibly satisfying,  time-consuming,  and largely pointless process.  Having a smaller database does mean it occupies less disk space - but you need to clear megabytes of notes for that to be a significant saving.  You're not improving your upload status - what's hit the server is old news.  It's what you process in future that affects your score,  and for premium subscribers (IME) you really have to push to get close to any limits.  Better to spend time actually doing work.

I speak as the proud possessor of 50K+ notes going back probably 50 years (I converted the paper I saved before I got to Evernote).  I delete old stuff if it leaps out at me,  but that's about it.  Storage is cheap - even my backups are less than 100GB on a multi-terabyte external drive. 

'Work' time is for getting things done. 'Me' time is unrepentant selfish indulgent hedonism. (Ideally....)

Yep, we're pretty much on the same page when it comes to effort vs. reward with respect to data management. When the old stuff does "leap out at me" it's like looking at a time machine in some respects. Sometimes pleasant, other times almost frightening. 😄

[CalS 5,280]

2 hours ago, jimbee said:

Hmmm... that doesn't seem to work for me. Perhaps I'm missing something? 

[PinkElephant 8,100]

Well, about the initial question:

If you use the build in encryption feature, it will encrypt parts of a note, containing text. EN does not allow for the encryption of a complete notebook or note, or attachment - just text content. Pretty restricted, and I agree to @DTLow sort of a lock-in. It gets close to be useless when you use the same key / password on all of them. Better from a security aspect would be to use an own key for each, but this is a nightmare in key handling.

To be able to decrypt all of them in one go during export makes the encryption tight as a sieve. That sounds to me as a full security breach, because it probably exposes the password / key in the program used to decrypt.

If you have 900 notes, 10% of them encrypted, makes a total of 90 encrypted notes. I use 1Password to manage my confidential information. It has a feature called "Private notes" that could easily take the (text) content of 90 notes, store them in a much better protected place, and allow for the encrypted notes to be purged from EN once and for all.

As long as EN does not massively improve on the encryption feature, I would discontinue using it.

[jimbee 5]

4 hours ago, CalS said:

Aha-- got it. That works. Thanks. 

[jimbee 5]

2 hours ago, PinkElephant said:

Well, about the initial question:

If you use the build in encryption feature, it will encrypt parts of a note, containing text. EN does not allow for the encryption of a complete notebook or note, or attachment - just text content. Pretty restricted, and I agree to @DTLow sort of a lock-in. It gets close to be useless when you use the same key / password on all of them. Better from a security aspect would be to use an own key for each, but this is a nightmare in key handling.

To be able to decrypt all of them in one go during export makes the encryption tight as a sieve. That sounds to me as a full security breach, because it probably exposes the password / key in the program used to decrypt.

If you have 900 notes, 10% of them encrypted, makes a total of 90 encrypted notes. I use 1Password to manage my confidential information. It has a feature called "Private notes" that could easily take the (text) content of 90 notes, store them in a much better protected place, and allow for the encrypted notes to be purged from EN once and for all.

As long as EN does not massively improve on the encryption feature, I would discontinue using it.

I've been using EN for a long while. Initially I just was saving personal notes that had no security implications. Various clips from the www, bookmarks, and such. Over time I began to use more for things like website logins to store names/passwords. For "public" kinds of sites-- forums, news, vendors, etc. I wasn't that concerned about security. 

I'm now at a point where I actually do have some notes containing much more sensitive information such as CCard sites and banks. At that point I began encrypting all of that information but I have to admit I never took an in-depth look at how "secure" EN's security is. A number of users here seem to express considerable concern when it comes to EN's security, questioning how vulnerable one's notes might actually be. Obviously I'll need to take a closer look and make a determination as to whether any risk is worth the convenience. 

Risk aside, it is very convenient having one's information available on multiple platforms. But... 

[DTLow 5,736]

10 minutes ago, jimbee said:

A number of users here seem to express considerable concern when it comes to EN's security, questioning how vulnerable one's notes might actually be.

I have no concern about Evernote security,    
however I recognize my notes are not encrypted on the server   
For this reason, my sensitive data is encrypted (attachments)

[CalS 5,280]

16 hours ago, jimbee said:

Aha-- got it. That works. Thanks. 

You are welcome.

[CalS 5,280]

19 hours ago, PinkElephant said:

Well, about the initial question:

If you use the build in encryption feature, it will encrypt parts of a note, containing text. EN does not allow for the encryption of a complete notebook or note, or attachment - just text content. Pretty restricted, and I agree to @DTLow sort of a lock-in. It gets close to be useless when you use the same key / password on all of them. Better from a security aspect would be to use an own key for each, but this is a nightmare in key handling.

To be able to decrypt all of them in one go during export makes the encryption tight as a sieve. That sounds to me as a full security breach, because it probably exposes the password / key in the program used to decrypt.

If you have 900 notes, 10% of them encrypted, makes a total of 90 encrypted notes. I use 1Password to manage my confidential information. It has a feature called "Private notes" that could easily take the (text) content of 90 notes, store them in a much better protected place, and allow for the encrypted notes to be purged from EN once and for all.

As long as EN does not massively improve on the encryption feature, I would discontinue using it.

I find encrypting some sensitive data in  notes so as to able to access on any platform is worth the risk for me.  It typically is something that is only pertinent to the note itself not a universal password or whatever.  Like a password to a file which is already behind a user name/password on a cloud service.  I use LastPass to control user name and password.

I agree a universal decrypt sounds a mite dangerous.  Don't know that it would expose the password any more than removing encryption from a single note, all in the EN world.  Speculation anyway.  IAC, horses for courses.

[PinkElephant 8,100]

Well, when using a script it usually contains the username and the password not encrypted - because it needs them to decrypt the content. This is what creates the vulnerability, if somebody finds the script and the login data it contains.

Don‘t discard this - it happened before that data like this was stored to run it on routine jobs, and was taken from there.

For me storing my passwords in EN is no option. Not because I would not trust the system, but because it means manual copy and paste, after decrypting the information. I use 1Password, because I can unlock it by Touch or Face ID, and it has an autofill-function that avoids putting sensitive information into the clipboard.

Because among vulnerabilities, the clipboard is among the worst problem. Since the beta of iOS 14 is out, there Are many reports about apps that copy ANYTHING that goes to the clipboard, just to have it ready if the user asks for it, and some even send it to their servers !!!

This is how you put your passwords to real threats, by putting it on to the clipboard ! 

[CalS 5,280]

No scripts here.

[PinkElephant 8,100]

Sure, if you backup the encrypted content, you don’t need any. Just grab the encrypted note, file it away, and be done.

The initial post asked explicitly for unencrypted storage of encrypted notes. To do this, you have to decrypt, and to do this in a backup job, you probably have to script it. At least I am not aware of any predefined backup software that would be able to do an uncrypting of EN notes, and then store them as clear text into a backup file.

[CalS 5,280]

15 minutes ago, PinkElephant said:

Sure, if you backup the encrypted content, you don’t need any. Just grab the encrypted note, file it away, and be done.

The initial post asked explicitly for unencrypted storage of encrypted notes. To do this, you have to decrypt, and to do this in a backup job, you probably have to script it. At least I am not aware of any predefined backup software that would be able to do an uncrypting of EN notes, and then store them as clear text into a backup file.

Same as you I'm hard pressed as to what sense it makes to encrypt something in your data and unencrypt it in your backup.  If one was exiting EN I suppose, but other than that??  Probably would have to be an EN option to do such a thing IAC. 

[jimbee 5]

On 7/21/2020 at 6:04 PM, CalS said:

Same as you I'm hard pressed as to what sense it makes to encrypt something in your data and unencrypt it in your backup.  If one was exiting EN I suppose, but other than that??  Probably would have to be an EN option to do such a thing IAC. 

It's understandable that by saying "backup" one is referring to saving data in a particular program's proprietary format (EN, Excel, InDesign etc.) that could potentially be used at some future date to restore data. Although I do perform such backups regularly, I also want a way to output notes to a format that can be read outside of EN-- including unencrypted material. A paper, hard copy even that can be safely stored and accessed by family members who don't use EN (as one example). 

 

[CalS 5,280]

Get it.  If one wants to export data to move to another platform an easy decrypt would help.