MarketingMax/content/blog/building-solid-scribe.md

---
title: "Creation of Solid Scribe"
description: "How I created, encrypted note taking application, solid scribe."
icon: "/solidscribe.png"
date: "2023-10-1"
---

![Solid Scribe Logo](/covers/solidscribeicon.svg){.banner}

[www.SolidScribe.com](https://www.solidscribe.com/) is a live application. You can sign up for free and use it right now.

Solid Scribe is a zero-access encrypted note taking application. Created for convenience and privacy.

### Why it was created

I created solid scribe because I was tired of all my data being scraped and put into a giant marketing profile. Daily notes contain a lot of private information, giving all that data to google or facebook made me uncomfortable. I encouraged my friends to use SolidScribe because all their private data was being read by big corporations.

One of my friends argued "I would rather have google read my notes than someone I know." This lead me to note encryption. Without a password, all notes are unreadable.

### How it works - Security

When a note is made, a database entry is created with note text and random noise. This noise is encrypted with the note text to increase entropy. No two notes are the same. When a user access this not, their encryption key decrypts the text and they can edit it. All encryption keys are stored on the server, encrypted with the users password. This is to prevent users from losing them or attempting to falsify their data for access to other users information.

### Zero Access Encryption

Note data is stored on the server encrypted. If someone leaked the database and took all the information, note data would not be readable. Without the users password for decryption, nothing can be read. All requests send a json web token with a session id and a session key. This session key is used to decrypt your session on the server. Yes, even the session data stored on the server is encrypted. These sessions tokens expire and are renewed every 100 requests. If a session token does not decrypt properly, all sessions for that user are revoked. Even if an attacker gained access to all the data on the server and your computer browser information, they would only have a small window for an attack.

### Tech Stack

-   Solid Scribe is hosted on linode, using NGINX and Express router.
-   The backend is a fully custom Node.js server without an ORM and minimal frameworks to support maintainability and minimize attack vectors.
-   The frontend Vue.js using Vue-CLI, Socket.io and Sematic UI for the styles.

### Current Major Features

-   User accounts/login - Two Factor Authentication
-   Revoking active sessions from other browsers
-   Color themes and Dark mode
-   Note tags, tag searching
-   Note Searching, using Encrypted search index
-   Encrypted Notes with text editing, formatting, color themes
-   Todo lists with sorting and removing completed tasks
-   Link scraping from notes, with image capture and search
-   Inserting of link metadata into note
-   Secure sharing of notes with other users using public-key encryption
-   Synchronous note editing across open note instances
-   Securley pushing URLs from browser to your account using a bookmarklet

### Source Code

https://git.maxg.cc/max/SolidScribe
Adding project to github 2023-11-22 10:23:48 -08:00			`---`
			`title: "Creation of Solid Scribe"`
			`description: "How I created, encrypted note taking application, solid scribe."`
			`icon: "/solidscribe.png"`
			`date: "2023-10-1"`
			`---`

Bunch of updates 2024-02-25 10:10:30 -08:00			`![Solid Scribe Logo](/covers/solidscribeicon.svg){.banner}`
Adding project to github 2023-11-22 10:23:48 -08:00
Bunch of updates 2024-02-25 10:10:30 -08:00			`[www.SolidScribe.com](https://www.solidscribe.com/) is a live application. You can sign up for free and use it right now.`
Adding project to github 2023-11-22 10:23:48 -08:00
Bunch of updates 2024-02-25 10:10:30 -08:00			`Solid Scribe is a zero-access encrypted note taking application. Created for convenience and privacy.`
Adding project to github 2023-11-22 10:23:48 -08:00
			`### Why it was created`

Bunch of updates 2024-02-25 10:10:30 -08:00			`I created solid scribe because I was tired of all my data being scraped and put into a giant marketing profile. Daily notes contain a lot of private information, giving all that data to google or facebook made me uncomfortable. I encouraged my friends to use SolidScribe because all their private data was being read by big corporations.`
Adding project to github 2023-11-22 10:23:48 -08:00
Bunch of updates 2024-02-25 10:10:30 -08:00			`One of my friends argued "I would rather have google read my notes than someone I know." This lead me to note encryption. Without a password, all notes are unreadable.`
Adding project to github 2023-11-22 10:23:48 -08:00
Bunch of updates 2024-02-25 10:10:30 -08:00			`### How it works - Security`

			`When a note is made, a database entry is created with note text and random noise. This noise is encrypted with the note text to increase entropy. No two notes are the same. When a user access this not, their encryption key decrypts the text and they can edit it. All encryption keys are stored on the server, encrypted with the users password. This is to prevent users from losing them or attempting to falsify their data for access to other users information.`

			`### Zero Access Encryption`

			Note data is stored on the server encrypted. If someone leaked the database and took all the information, note data would not be readable. Without the users password for decryption, nothing can be read. All requests send a json web token with a session id and a session key. This session key is used to decrypt your session on the server. Yes, even the session data stored on the server is encrypted. These sessions tokens expire and are renewed every 100 requests. If a session token does not decrypt properly, all sessions for that user are revoked. Even if an attacker gained access to all the data on the server and your computer browser information, they would only have a small window for an attack.
Adding project to github 2023-11-22 10:23:48 -08:00
			`### Tech Stack`

Bunch of updates 2024-02-25 10:10:30 -08:00			`- Solid Scribe is hosted on linode, using NGINX and Express router.`
			`- The backend is a fully custom Node.js server without an ORM and minimal frameworks to support maintainability and minimize attack vectors.`
			`- The frontend Vue.js using Vue-CLI, Socket.io and Sematic UI for the styles.`
Adding project to github 2023-11-22 10:23:48 -08:00
			`### Current Major Features`

			`- User accounts/login - Two Factor Authentication`
			`- Revoking active sessions from other browsers`
			`- Color themes and Dark mode`
			`- Note tags, tag searching`
			`- Note Searching, using Encrypted search index`
			`- Encrypted Notes with text editing, formatting, color themes`
			`- Todo lists with sorting and removing completed tasks`
			`- Link scraping from notes, with image capture and search`
			`- Inserting of link metadata into note`
			`- Secure sharing of notes with other users using public-key encryption`
			`- Synchronous note editing across open note instances`
Bunch of updates 2024-02-25 10:10:30 -08:00			`- Securley pushing URLs from browser to your account using a bookmarklet`
Adding project to github 2023-11-22 10:23:48 -08:00
			`### Source Code`

			`https://git.maxg.cc/max/SolidScribe`