Forcing to re-enter encryption key for an encrypted database?

I am using an encrypted database to protect my data across a number of machines. One of those machines is a shared computer. I’d like to make sure my data is protected on this computer when I’m not using it.

Ideally, when I open DT3, I’d be prompted each time for the encryption key, and when I close DT3, the database would stay encrypted at rest. However, this doesn’t appear to happen…I think DT3 is caching the key somewhere.

Is there a way to force this behavior?

Thanks!

No, DEVONthink does not cache encryption keys for encrypted databases.
I’m guessing you may have save it to your keychain.
Check Apple’s Keychain Access application. Search for encryption.

Thanks. I see the keys in the attached image. I assume you are referring to those labeled “DEVONCloudy Encryption”.

However, I’m also using Dropbox and CloudKit for syncing. Will removing these break encryption for those?

No. Those are for sync locations.
Hang on a second…

Search for disk image or sparseimage instead.

Oddly, nothing comes back searching for either string. Any other ideas?

Thanks!

If the password was stored in the Keychain, you’d see it listed like so…

Post a screen capture of the Navigate sidebar with the database open. If this is private info, open a support ticket via our bug reporting mechanism, and attach the screen capture.

Ok, I created a new local encrypted database and DT3 prompts me for a password each time. The database I’m having trouble with was synced from a remote encrypted database (created the encrypted database on another machine with DT3). I assumed that syncing it down locally would maintain it’s encrypted nature. I’m assuming one of two things:

  1. I made a mistake when creating the remote, encrypted database, and it’s not encrypted (will verify tonight)
  2. I misunderstood the sync feature when working with encrypted databases, and it’s working as designed.

I’ll check the other database when I get home tonight. Thank you!

And if you were wondering about the navigation panel because of the key icon which shows beside encrypted databases…it’s there beside the local test database I created today, but not beside the one I synced from the remote location.

Thanks!

You walked right down the path I was heading onto. :slight_smile: Glad to see you understood the situation and got it figured out.

Cheers!

So I able to get home early. The database I synced from was an encrypted database (see Granite in this screenshot):

Screen Shot 2021-06-09 at 2.54.10 PM

However, at the other computer, when I chose to sync this database, it was synced in unencrypted form.

Can you point me to the appropriate docs on syncing encrypted databases? I’m missing where I’m getting it wrong.

Thanks!

Hi there @BLUEFROG. Any ideas on this?

Thanks in advance.

Yes. You imported the database unencrypted.

  1. Delete it.
  2. Select the remote database in the sync preferences.
  3. Click the action button (gear icon) and choose Import Encrypted Database.

And yes, this behavior is by design as there are situations where a database may be encrypted on one machine and not another.

1 Like

That makes total sense and I actually think it’s a great feature. Thank you!

You’re very welcome and glad it makes sense to you too :slight_smile:

@BLUEFROG, any idea why both “Import Database” and “Import Encrypted Database” would both be grayed out? How might I troubleshoot this?

Thanks in advance!

Never mind…think I figured it out. User error :slight_smile:

I sync on a thumb drive because I value my privacy. It’s an encrypted file system. It’s safe. Otherwise, on a non-encrypted file system, all databases are in plain text, aren’t they?