Amplenote Help: Shared Notes & Security


How do I share notes with others?

You can share a note with individuals in by clicking the Share icon

cloud_upload
on the right-hand side of the note header.

  • Enter the email address of the person(s) you wish to share the note with.

  • To share with multiple people, separate email addresses by a comma.

  • You have the option to allow shared users to edit and/or share the note with others.

  • To share with indiduals as view-only, deselect the "Edit" and "Share" options before sharing the note with others.

  • We'll send an email including any optional context submitted to the address(es) you've entered.


cloud_upload


After a note is shared, you'll see the number of people who have received the note next to the Share icon in the note header.


cloud_upload


You can review an individual's share settings and remove people from shared notes by clicking the share icon and using the "X" to the right of the person's email address.

cloud_upload

If you delete a shared note, anyone you shared it with will still be able to view it unless you remove them from the shared note prior to deleting.




How do I publish notes to the web?

Notes can be published to the internet and shared with others using a public link. To go public, click the Share icon and select the "Public links" tab, then click "Create public link." Click the link to open the page on your browser. You can then copy the URL to share with others.


cloud_upload


To remove a public link, click the Share icon and select the "Public Links" tab, then click the "X" to the right of the public link you wish to remove.


cloud_upload



How do I create a secure note?

Secure notes are notes that have been encrypted with your secure password, which is never sent to our servers. You must enter the password each time you wish to view a secure note. Additionally, secure notes:

  • Cannot be shared with other users

  • Cannot be made public

  • Will not display preview content in your notes list

  • Will not match the content of the note in searches

To make a note secure, click the note settings icon

cloud_upload
on the right-hand side of the note header, then select "Secure note" from the menu.

cloud_upload

Review the details regarding secure notes, then enter your password. The content of this note cannot be recovered if you forget your secure password. You must check the box indicating that you understand the note cannot be restored in the event you forget the password, then click the "Secure note" button to secure the note.

cloud_upload

To remove security from a note:

  • Click the note settings icon

  • Select "Remove security" from the menu

  • Enter your password

  • Click the "Remove Note Security" button

cloud_upload



How secure is Amplenote?

Amplenote takes security very seriously. Amplenote provides the following security features:

  • Authentication and authorization required to access your notes

  • Option to enable two-step authentication to provide an extra level of security

  • Encrypted note content

  • Encrypted key storage and delivery

  • Option to create Secure Notes using a secure password which is never sent to Amplenote servers


"Security by obscurity" isn't a viable end-game. Learn more about the Amplenote Security Design.



What kind of encryption is used?


Note content is encrypted and decrypted in client applications using AES-256-CBC with a Note Key. The Note Key is encrypted using one of the user's account-wide encryption keys: either their Standard Key or their Secure Key. The user's Standard Key is encrypted at rest with AES-256-GCM (using a key that the database server does not have access to) and a randomly generated Initialization Vector, while the user's Secure Key is never transmitted to the Amplenote servers. Note Keys remain encrypted in transit, only getting decrypted once they reach the client application.


Encryption Key Storage

  • Each user's copy of the Note Key is encrypted using that user's Standard Key or Secure Key and a randomly generated Initialization Vector to produce a Standard Note Key or a Secure Note Key.

  • A unique Initialization Vector is used for each combination of user and note.

  • The encrypted Standard Note Key or Secure Note Key is stored in the database along with the Initialization Vector.


Standard Encryption Key

  • The user's Standard Key is stored encrypted using AES-256-GCM with a randomly generated Initialization Vector

  • The key used to encrypt the user's Standard Key is not accessible to the database server


Secure Encryption Key

  • A random 256-bit Secure Key Salt value is generated and stored in the database encrypted with AES-256-GCM using an encryption key that is not available to the database server and a randomly generated Initialization Vector

  • The Secure Key Password entered by the user and the Secure Key Salt are used with PBKDF2-HMAC-SHA256 to produce the 256-bit Secure Key

  • A Secure Key Verifier is stored on the server, allowing for a zero-knowledge proof to ensure that the same Secure Key Password is used for all Secure Notes


Encryption Key Delivery

The encrypted Note Key is delivered to the client application in the Encryption-Key response header for any request that responds with encrypted note data.

  • Since the Encryption-Key header value is the encrypted Note Key, clients may cache the response in less secure storage.