Day One Encryption

TL;DR the Day One local database is not encrypted.

After my last post on querying the Day One database, I was asked the question: what happens if you have your journals encrypted?

Before we get into that, let’s look at the Day One encryption options. You can turn on encryption on a journal-by-journal basis and it is on by default. This must have changed at some point as my original journal is not encrypted and newer ones are. Despite being able to choose which journals are encrypted and which aren’t selectively there is only one encryption key meaning that it is account rather than journal based.

This is what Day One has to say about encryption.

End-to-end encryption utilizes a private key to encrypt all entries before they reach Day One servers.

Nowhere does it say anything about data being encrypted at rest, i.e. in the local Day One database.

Doing a Test

In order to test out whether the local database was encrypted I created a new journal (see above) and then created one entry (below).

Accessing encrypted entries in the Day One database

Once I’d added the new entry I waited for it to sync and then made a copy of the database. I had a quick prod around and the “encrypted” entry and several other recent entries didn’t seem to be in the db. This transpired to be as I still had the application open and, I guess, the entries hadn’t been committed to the database. Not sure what would happen if my machine had crashed before they were committed but the moral is to close the app regularly and definitely before copying the database.

Once I’d got an up-to-date database I could see the entry and, it was not encrypted as you can see from the screenshot from the ZENTRY table below.

So what is going on here?

I assume that Day One feel that if someone had your device they would have access to the app and so would be able to read the entries so there’s no real need to encrypt locally. I assume and I hope that they are encrypted in the cloud!

So, in short, you can quite happily use the database scripts shown in the previous article even if you have an encrypted journal and they will work as the local content isn’t encrypted.

Leave a Reply

Your email address will not be published. Required fields are marked *