What type of encryption does Evernote use?

Encrypted text supported

If you are using an Evernote desktop client, such as Windows Desktop and Evernote for Mac, you can encrypt any text inside a note to add an extra level of protection to private information. In February 2014, Evernote made a conscious effort to improve the security of in-note encryption and began using AES (Advanced Encryption Standard) with a 128 bit key.  Prior to that time, Evernote used RC2 encryption with a 64 bit key, derived from a passphrase you chose.

Evernote derives your AES key from the passphrase you enter and does this using a well recognized method called PBKDF2 (Password Based Key Derivation Function 2). Your passphrase, along with a unique salt, runs through a HMAC/SHA-256 hashing function 50,000 times. The result is a 128 bit AES key. This key, along with an initialization vector, is used to encrypt your data in CBC (Cipher Block Chaining) mode.

Evernote never receives a copy of this key or your passphrase and doesn’t use any escrow mechanism to recover your encrypted data. This means that if you forget your passphrase, your data cannot be recovered.

Notes previously encrypted using RC2

Any note content you encrypted prior to the encryption improvement will remain encrypted using RC2. If you want to increase the security of that content, you need to first decrypt and then re-encrypt the content on a desktop client. Be sure to update your Evernote client to the latest version and follow the instructions in the following section to re-encrypt your content.

The following table describes which clients support which versions of our encrypted text:


RC2 - 64 bit

AES - 128 bit

Evernote for Windows

Version 5.1.0 and lower

Version 5.1.1 (1/16/2014) and higher

Evernote for OS X

Version 5.4 and lower

Version 5.5 (2/4/2014) and higher

Upgrade the encryption for previously encrypted text

To upgrade the encryption strength of your previously encrypted text, you need to decrypt and re-encrypt that text using a desktop client by following these steps:

  1. Select an area of encrypted text and select Decrypt text permanently from the drop down list

  2. Enter a passphrase when prompted. If you plan to re-encrypt using the same passphrase, check the Remember passphrase until I quit Evernote checkbox.

  3. Click OK and your text will be decrypted.

  4. Select the text you’d like to re-encrypt, then right click, or use Ctrl + Click (on Mac) to bring up the pop-up menu, and select Encrypt Selected Text from the list.

  5. If you checked the “Remember passphrase until I quit Evernote” checkbox in Step 2, the text will be encrypted using that passphrase. If you did not do so, you will be prompted to enter a new passphrase to encrypt the text.

Encryption for data in transit

Evernote uses industry standard encryption to protect your data in transit. This is commonly referred to as Transport Layer Security (TLS) or Secure Socket Layer (SSL) technology. The SSL certificate for the Evernote website uses a 2048-bit RSA key. A mix of ciphers suites and TLS protocols provides a balance of strong encryption for browsers that support it and backward compatibility for legacy clients that need it. Evernote is committed to continually improving our TLS posture with the goal of exceeding industry standards.



Was this article helpful?

110 out of 186 found this helpful

Have more questions? Submit a request