Description
Description:
Currently, the obsidian-encrypt plugin provides symmetric encryption for Markdown files in Obsidian. While this is a useful feature, it requires users to manually input a password each time they want to encrypt or decrypt a file. This can be inconvenient and may lead to security risks if passwords are not managed properly.
I propose adding support for asymmetric encryption using GPG keys as an alternative or complementary method to symmetric encryption. With GPG-based asymmetric encryption, users can leverage their system's keyring (key manager) to securely store private keys, eliminating the need to manually enter a password every time a file is decrypted. Files can be decrypted simply by clicking on them, provided the private key is available in the system's keyring.
This approach offers several advantages:
- Convenience: Users don't need to remember or type passwords repeatedly.
- Security: Private keys are stored securely in the system's keyring, reducing the risk of password exposure.
- Flexibility: Asymmetric encryption allows for more complex workflows, such as sharing encrypted files with others using their public keys.
Proposed Implementation:
-
Key Management:
- Allow users to specify their GPG public/private key pair.
- Integrate with the system's GPG keyring to automatically retrieve the private key when decrypting files.
- Provide an option to import/export GPG keys for backup purposes.
-
Encryption Process:
- When encrypting a file, the plugin should use the user's GPG public key to encrypt the file.
- The encrypted file should be stored in a format compatible with GPG standards, ensuring interoperability with other GPG tools.
-
Decryption Process:
- When opening an encrypted file, the plugin should automatically detect that the file is encrypted with GPG.
- The plugin should attempt to decrypt the file using the private key stored in the system's keyring.
- If successful, the decrypted content should be displayed in Obsidian as usual.
Example Workflow:
-
Encryption:
- User selects a Markdown file in Obsidian.
- User chooses "Encrypt with GPG" from the context menu.
- The plugin encrypts the file using the user's GPG public key and saves it as an encrypted file.
-
Decryption:
- User clicks on an encrypted file in Obsidian.
- The plugin detects that the file is encrypted with GPG and attempts to decrypt it using the private key stored in the system's keyring.
- If successful, the decrypted content is displayed in Obsidian.
Additional Considerations:
- Compatibility: Ensure that the encrypted files remain compatible with standard GPG tools, allowing users to decrypt files outside of Obsidian if needed.
- Performance: Asymmetric encryption can be slower than symmetric encryption, so consider optimizing the process for large files.
- Security: Ensure that sensitive data (e.g., decrypted content) is handled securely within the plugin to prevent accidental exposure.
Conclusion:
Implementing GPG-based asymmetric encryption would greatly enhance the usability and security of the obsidian-encrypt plugin. It would provide users with a more seamless experience, especially for those who already use GPG for managing their cryptographic keys. This feature would also align with modern security practices and offer greater flexibility for advanced users.
Thank you for considering this feature request! I believe it would be a valuable addition to the plugin and would benefit many users who rely on Obsidian for secure note-taking.
Activity