What type of encryption does Evernote use?
Encrypted text supported
If you are using an Evernote desktop client, such as Windows Desktop and Evernote for Mac, you can encrypt any text inside a note to add an extra level of protection to private information. In February 2014, Evernote made a conscious effort to improve the security of in-note encryption and began using AES (Advanced Encryption Standard) with a 128 bit key. Prior to that time, Evernote used RC2 encryption with a 64 bit key, derived from a passphrase you chose.
Evernote derives your AES key from the passphrase you enter and does this using a well recognized method called PBKDF2 (Password Based Key Derivation Function 2). Your passphrase, along with a unique salt, runs through a HMAC/SHA-256 hashing function 50,000 times. The result is a 128 bit AES key. This key, along with an initialization vector, is used to encrypt your data in CBC (Cipher Block Chaining) mode.
Evernote never receives a copy of this key or your passphrase and doesn’t use any escrow mechanism to recover your encrypted data. This means that if you forget your passphrase, your data cannot be recovered.
Notes previously encrypted using RC2
Any note content you encrypted prior to the encryption improvement will remain encrypted using RC2. If you want to increase the security of that content, you need to first decrypt and then re-encrypt the content on a desktop client. Be sure to update your Evernote client to the latest version and follow the instructions in the following section to re-encrypt your content.
The following table describes which clients support which versions of our encrypted text:
RC2 - 64 bit
AES - 128 bit
Evernote for Windows
Version 5.1.0 and lower
Version 5.1.1 (1/16/2014) and higher
Evernote for OS X
Version 5.4 and lower
Version 5.5 (2/4/2014) and higher
Upgrade the encryption for previously encrypted text
To upgrade the encryption strength of your previously encrypted text, you need to decrypt and re-encrypt that text using a desktop client by following these steps:
Select an area of encrypted text and select Decrypt text permanently from the drop down list
Enter a passphrase when prompted. If you plan to re-encrypt using the same passphrase, check the Remember passphrase until I quit Evernote checkbox.
Click OK and your text will be decrypted.
Select the text you’d like to re-encrypt, then right click, or use Ctrl + Click (on Mac) to bring up the pop-up menu, and select Encrypt Selected Text from the list.
If you checked the “Remember passphrase until I quit Evernote” checkbox in Step 2, the text will be encrypted using that passphrase. If you did not do so, you will be prompted to enter a new passphrase to encrypt the text.
Encryption for data in transit
Evernote uses industry standard encryption to protect your data in transit. This is commonly referred to as Transport Layer Security (TLS) or Secure Socket Layer (SSL) technology. The SSL certificate for the Evernote website uses a 2048-bit RSA key. A mix of ciphers suites and TLS protocols provides a balance of strong encryption for browsers that support it and backward compatibility for legacy clients that need it. Evernote is committed to continually improving our TLS posture with the goal of exceeding industry standards.