Tutorial 012: Encryption

Security

In an environment where the boundaries of privacy are constantly redefined, you should be able to keep some information to yourself. If this is your productivity environment, then you should have control over your content’s security.

Consol begins by establishing a secure network connection using your browser to keep your activities in Consol hidden from the public eye. If you want more information about this, click the lock icon next to the https web address.

In addition to this, Consol offers secure data storage and transfer, also known as end-to-end encryption, through its Limited End-to-End Encryption (E2EE) service.

Limited E2EE is a separate add-on feature. If you subscribe to the Encryption component and designate an item to be encrypted, Consol will use your browser encrypt the item before it is sent back to the database. Upon arrival in Consol’s database, your content will remain encrypted. When you want to view that content again, it is decrypted by your browser after your browser establishes a secure network connection.

Currently, you can choose to encrypt notes, code blocks, and images. If you wish to know more about Consol’s encryption, visit the encryption page under settings. To do this, click your email in the top right corner of the browser, and then click on “Encryption.”

How to use encryption

To enable encryption for your account, navigate to the encryption page using the instructions above or click the “Crypto” button on an item’s pageview.

If encryption has not been enabled for your account, you should see a pop-up.

The encryption page looks about the same.

Using either method, click “Enable Encryption.” The card you registered with your account will be billed for encryption once you enable it.

Then you will be prompted to create an encryption specific password (ESP).

To ensure greater security, make the password at least twelve characters long and completely different from your Consol login password.

This password is not transmitted to or saved by Consol. Do not forget it. The Consol Operators cannot recover your password for you.

Once encryption is enabled for you account you may encrypt as many notes, code blocks, or images as you wish. Click the encryption button on the item’s pageview to encrypt it. To encrypt, view, or decrypt and item you must enter your ESP.

The list view will show a lock icon on encrypted items.

Entering your ESP is necessary once per session. Once you log out the session resets and you will need to reenter your ESP to view those items again.

Sharing

At this time, encrypted items cannot be shared with other users. You must decrypt the item first. Click the lock in the item’s pageview again to decrypt an item.

Then you will be able to share and send copies of items like normal.

Remember!

  • Do not forget your ESP
  • The Consol Operators are unable to recover your ESP
  • A stronger ESP equals more security for your content
  • Encryption works best in newer browsers

The ESP

Consol does not have access to your naked ESP. So if you cannot remember your ESP then your content cannot be decrypted, it will be lost and so will the data that you have encrypted with it.

If you do ever forget your ESP, you can obliterate the old ESP and create a new one. Again, the content you encrypted with the old ESP will be lost. To reset your ESP, navigate to the encryption page in settings, or click on the link in the ESP pop-up.

Limitations

Consol does not yet encrypt an item’s title. Whatever you title an item will be stored as such in Consol’s database. We hope to improve upon this in the future.

Once you encrypt an item, Consol immediately overwrites the original unencrypted version in our database and discards the old data. Consol does not actively or intentionally store a previous copy of an unencrypted item.

However, know that if you encrypt an item after you have created and added content to it, there may be a period of time in which your item’s body content is not encrypted while being stored in our database. To ensure the greatest security currently available in Consol’s system, you should, where possible, encrypt an item before you begin adding content to it. Thus, when you create a note or a code block, it is better practice to encrypt it first and only then begin work by adding content.

This means there will be at least a short period of non-encryption of your images because images must be linked via URL or uploaded before Consol provides you the interface to select encryption. We hope to improve upon this in the future.