This article has been updated in a newer post, How to Password-Protect Evernote, which shows an easier way to open an encrypted version of Evernote with a simple desktop shortcut.
Do you want to keep your Evernote data secure on a less-than-private computer? Right now there is no "built in" way to secure your Evernote data, aside from using your operating system’s user account features to set Evernote to be available only to certain user accounts on a machine. Fortunately, there are third party solutions which are even more secure. One such solution is to pair Everote with a third party program like TrueCrypt, so that your Evernote data is encrypted and protected from prying eyes.
TrueCrypt is a free open-source disk encryption program, and is available on Windows Vista/XP, Mac OS X, and Linux. TrueCrypt can be used a few different ways to encrypt data, such as encrypting an entire drive, encrypting a partition, or creating a virtual encrypted disk. This post will focus on using Evernote along with a virtual encrypted disk created by TrueCrypt.
Step 1 – Create a TrueCrypt container
Follow the instructions in the TrueCrypt Beginner’s Tutorial to download TrueCrypt and create a TrueCrypt Container. This tutorial is excellent, and will walk you through these steps with easy-to-follow screenshots in more detail than I could cover here. Think of a TrueCrypt container to be like a file that sits on your drive, doing nothing, until you tell TrueCrypt to transform it into a "make believe" drive, onto which you can store data just like you would with any other drive. When you’re done with your session, you tell TrueCrypt to "unmount" this make-believe drive, which transforms it back into a file. This file is just like any other file, and can be moved, copied, and deleted. The difference is that it is encrypted, and is worthless without the password that you set when creating it.
There is one important point to remember when creating the container. Specifically, you will need to decide on a file size for your container. To decide on the size, take a look at the size of your Evernote database, and then add in some room for growth. In the Windows 3.1 version of Evernote, you can view your database size by clicking on Tools > Account Properties, and then selecting the Database tab. You may also want to allow extra room if you want to save data other than Evernote data to your container.
Step 2 – Mount your TrueCrypt container
If you followed the Tutorial step-by-step, you will have already mounted the container, but if not, make sure your Container is Mounted using steps 13 through 18 of the tutorial. Take note of the drive letter you use, as you will need this when configuring Evernote in the next step. Also, you should hereafter ALWAYS mount your TrueCrypt container to that drive letter, since that is the location to which Evernote will look for its database.
Step 3 – Configure Evernote
Once your TrueCrypt Container is created, it is time to configure Evernote. If Evernote is already installed on your machine, you will need to move the database onto the virtual drive you created in Step 2 (i.e. where you mounted your container). In the current Windows version of Evernote, you can do this by selecting Tools > Options, and then clicking on the "Change . . ." button in the General tab. After clicking this button, simply navigate to and select the desired location on your virtual drive. If you’re installing Evernote for the first time, you can install Evernote with the default settings, and then relocate your database file as noted above.
Step 4 – Clean up when finished
When you’re done using Evernote, exit Evernote first, and then unmount the virtual drive that you created. You’ll find the "unmount" option if you right-click on the TrueCrypt icon in your task bar.
One thing I haven’t tried is starting Evernote prior to mounting the container, to see if that creates any havoc (because Evernote won’t be able to find the database). To avoid problems, and to remind myself to mount the drive first (Step 2, above), I’ve nested the Evernote start menu icon in a submenu of the True Crypt start menu folder, so that I have to see the True Crypt folder before starting Evernote.
Are any of you securing your Evernote data? If so, how?
Name says:
I've been using this combination for a few months now so that I could utilize the EverNote client on my work machine without compromising my data. I took it a step further and wrote a batch file that spawns TrueCrypt to mount my volume & then launch EverNote. Works great……a desktop shortcut launches the batch minimized, TrueCrypt password window appears for entry, and EverNote launches after that for logon & synch. The batch file (DOS window) stays open minimized until you exit EverNote ( I logout first & then exit). It closes out neatley & works nicely overall without exposing my EverNote data to 'prying' eyes.
September 1, 2009 — 7:40 pm
Evan says:
Very nice! Any chance you'd be will to share the batch file?
September 1, 2009 — 8:05 pm
Name says:
I've been using this combination for a few months now so that I could utilize the EverNote client on my work machine without compromising my data. I took it a step further and wrote a batch file that spawns TrueCrypt to mount my volume & then launch EverNote. Works great……a desktop shortcut launches the batch minimized, TrueCrypt password window appears for entry, and EverNote launches after that for logon & synch. The batch file (DOS window) stays open minimized until you exit EverNote ( I logout first & then exit). It closes out neatley & works nicely overall without exposing my EverNote data to 'prying' eyes.
September 1, 2009 — 8:40 pm
Evan says:
Very nice! Any chance you'd be will to share the batch file?
September 1, 2009 — 9:05 pm
miscbytes says:
This is EXACTLY what I need! I had wondered if I was just missing something as far as Evernote security – the Evernote notebooks are just sitting there readable by anyone who has the rights to the computer.. Thanks so much for this cool post.
September 2, 2009 — 11:35 am
Evan says:
It is a bit baffling that the Evernote team doesn't have something integrated to keep things private. Their response in the Evernote forums is that building a password requirement into the program would just provide a false sense of security, since it wouldn't do anything to encrypt the data. Still, I'll like something to keep just the casual snoopers out of my data, aside from locking my whole account.
September 3, 2009 — 4:39 pm
Kevin says:
How could one do this on a mac – I can't find the equivalent sqlite .exb file on the mac os x side. Seems like a very cool idea though!
September 6, 2009 — 5:30 pm
_J_ says:
This link gives you a way of achieving this on a mac:
http://forum.evernote.com/phpbb/viewtopic.php?f=38&t=10078&p=52414#p52414
hope this works for you too.
November 21, 2009 — 5:48 pm
Evan Kline says:
Awesome. Thanks J!
November 21, 2009 — 5:50 pm
Evan says:
I'm still waiting excitedly for the day when I have a Mac, so I'm not sure, Kevin. The best place to ask for the location of that file would be in the Evernote forums:
http://forum.evernote.com/phpbb/
It's a pretty friendly bunch over there, and the Evernote crew monitors it too. I'd bet they'd be able to tell you where the exb file is on a Mac in a heartbeat. Good luck!
September 6, 2009 — 9:40 pm
Marc says:
Hello,
I would be very interested in that batch file, could you please share??!!!
thanks
November 16, 2009 — 3:17 am
Evan Kline says:
I’d be interested in seeing that batch file, too. If I find one on the Evernote forums, I’ll post here, but I looked a while ago and was unsuccessful.
November 16, 2009 — 9:12 am
Marc says:
Just asked for this very feature to customer support.
regards
November 16, 2009 — 9:20 am
Barry says:
Sorry it took me so long to stumble back into here………
Once you’ve done everything detailed in the article above, you can create a batch file to automate it all. You’ll have to edit this file slightly in order to point it to your Evernote (EN) & wherever your Truecrypt (TC) volume is located. As you can see, I’m using the new 3.5 Beta EN & my TC volume is located in my ‘My Documents’ folder.
Create a 5-line batch file with the contents below & drop it somewhere on your machine. (this is supposed to be only 5 lines, but this comment editing window may break it up, so line 4 should end with evernote.exe”)
Create a new shortcut to start EN with this instead. Mine is called EN.BAT
Here’s what it’s doing:
–drop out to the C: drive in a DOS window
–change to the TC directory
–start TC volume located at “wherever” & auto-mount that as drive P: with TC hidden
–start EN & keep TC running until I exit EN
–dismount TC volume P: & quit the program & this batch file
I hope this helps!
~~start~~
c:
cd\”program files\truecrypt”
TrueCrypt /v “C:\Documents and Settings\USERNAME\My Documents\TC” /l p /auto /q
start /DC:\ “Program Files\Evernote\Evernote3.5\” /B /WAIT “C:\Program Files\Evernote\Evernote3.5\evernote.exe”
truecrypt /d p /q
November 23, 2009 — 2:10 pm
Evan Kline says:
Awesome Barry! Thanks for checking back. I’ll be giving this a try soon, once my new work PC arrives. This should make things MUCH easier.
November 23, 2009 — 7:59 pm
Evan Kline says:
Checking back with my results, Barry – this worked like a charm! I now can easily and quickly open Evernote, with my database protected. Thanks again.
November 27, 2009 — 4:01 pm
Sonja says:
One more free portable encryption application that will help you to keep Evernote secure is Rohos Mini Drive. Unlike TrueCrypt it works seamlessly even in traveller mode.
March 4, 2010 — 8:21 am
Evan Kline says:
Thanks, Sonja. I’ll have to check it out. I hadn’t heard of Rohos before.
March 4, 2010 — 8:00 pm
Bill Reddy says:
Hey thanks for this, and for Barry’s batch script.
June 9, 2010 — 2:37 pm
Marc says:
Hi,
I’m thinking of moving all my notes off the cloud and into secured containers (aka, TC containers). Can anybody explain what I might lose?
As far as I know, text recognition on images won’t be possible anymore… thanks
/k
August 11, 2010 — 2:17 pm
Evan Kline says:
Maybe I’m not understanding the question, Marc, but if you do it how I do it, then it depends on whether the container is mounted or not. The container has to be mounted for Evernote to even see what is in it. If it isn’t mounted, Evernote won’t even see that there is data there, and will ask you to see up your account. Once the container is mounted, then Evernote works how it works in a normal situation.
August 11, 2010 — 6:44 pm
Marc says:
Hi Evan,
after reading a little I think I’ve gathered that if your notes do not make it to the Evernote servers, most of the added value features offered by Evernote won’t work anymore…
As a matter of fact, if they can’t scrutinize the images attached to your notes, you will not be able to search for text across your photos.
Obviously, you won’t be able to access to your notes via web UI and of course neither would your smartphone…
Though my last two statements are abvious, I would like to know what other features like the aforementioned text recognition will be missing should my information won’t be travelling all the way to the Evernote farm…
Another alternative is to send the information to Evernote and after a while take it down and put it away locally into a TC container. This way, you allow Evernote to parse the info, they can create an index but your real information is not available anymore so you are not to blame.
Please, let me know if you want me to elaborate a little more on what I’m trying to say.
Regards,
August 12, 2010 — 4:39 am
Evan Kline says:
Ah, I understand your question now, Mark. You would need to designate your notebook (from within the Evernote client) as a “local” notebook to keep it from going to Evernote’s servers. Even if you put it in a TrueCrypt container, it would go to their servers whenever you mount the container, unless you prevent that by making it a local notebook.
A local notebook only resides on the computer on which you create it. It won’t sync to the servers, and won’t sync to any of your other computers or devices.
I did find this quote from one of the Evernote developers, in their blog:
“The Windows desktop client includes local image processing capabilities, so you can process text in images in Local Notebooks on Windows. The Mac client does not yet have local image recognition, so text in images on the Mac would not be recognized in Local Notebooks, although you could still organize and find these images through other features (tags, dates, contents, origin, etc.)”
So, it sounds like it really depends on your platform. On Windows, you’d get most of the functionality. On Mac, you wouldn’t. That quote was from 2008, though, so things may have changed. Your best bet might be to ask that question in the Evernote forums, or via support, as only they would know the current state of it.
Here is the post that I mentioned above (the quote was the second comment to the post):
http://blog.evernote.com/2008/04/15/evernote-privacy-and-security/
August 12, 2010 — 8:27 am
Marc says:
Hi Evan, I already asked yesterday
http://forum.evernote.com/phpbb/viewtopic.php?f=30&t=18177&p=74164#p74164
let’s see whay they say (if they ever say something).
I’ve I move all my notes off the cloud, I could just as well stop using evernote and settle for Google Desktop, right?
man, if they added encryption, Evernote would be the killer app.. don’t you guys think so?
August 12, 2010 — 10:03 am
Evan Kline says:
I do wish Evernote gave a simple way to encrypt an entire note’s contents, including files in the note. We’d lose the ability to have that note be searchable, plus OCR, but if you wanted your credit card statements, for example, to be in Evernote, that would make it much easier.
And yea, if you move everything off of the cloud, then you’d just need to see whether Evernote or some other service has the better desktop app for searching and organizing that data.
August 12, 2010 — 11:40 am
Barry says:
I do use the built-in EN encryption to protect data portions at times, but if I have a large amount of data that I want to be secured & still in EN, there are some additional options available. With the premium version of EN, you can attach files up to 50mb in size. I don’t think I have anything near that big attached, but that does gives you the freedom to create & attach encrypted file types such as PDF’s, ZIP libraries or even an attached TC container. Those files are not much good for your smart phone or the OCR & indexing already mentioned, but you can just drag & drop those protected files to the desktop to use on another PC. I confess that I still keep the originals stored away safely (just in case), and that I still do not put anything out there that would crush me if it got into the wrong hands.
While I certainly appreciate all the features that EN offers by storing data in the cloud, I think that I value the reality of having everything in one place & application just as much. With the tags & notebooks (local & cloud-storage) being utilized, it can also be a compact filing system & I only expect to see it improve as it continues to mature.
August 12, 2010 — 6:52 pm
Evan Kline says:
I do the same, Barry. We wrote about a few methods of encryption for Evernote a few months ago:
https://www.40tech.com/2010/05/02/3-free-tools-to-encrypt-individual-evernote-notes/
August 12, 2010 — 6:58 pm
Marc says:
Evan,
just updated the thread
http://forum.evernote.com/phpbb/viewtopic.php?f=30&t=18177&p=74257#p74257
if you guys consider that Evernote should provide a buil-in encryption I would truly ask you to update this thread as well. It is extremely unconfortable to fumble around with additional tools when, to my opinion, the product in itself should have to provide with full encryption.
August 13, 2010 — 5:49 am
Evan Kline says:
I just added to that thread with some thoughts of my own. I don’t even need full encryption- just the ability to encrypt the entire content of a note (not just the text), and the ability to password protect Evernote without going through the TrueCrypt method.
Also, in case you didn’t notice, this post was updated with a bit of an easier method:
https://www.40tech.com/2009/12/13/how-to-password-protect-evernote-updated/
August 13, 2010 — 9:40 am
Mel says:
Three problems I see with this. 1. If no database is present when Evernote opens it simply creates a new database in the default location and downloads the notes from the server. If you ever do forget to open the virtual drive first, you have an unencrypted database sitting on your drive that you may or may not remember to delete.
2. If you’re computer goes into hibernate while the Virtual drive is open isn’t your stuff unencrypted until you shut down? A. It will be open when the computer is turned on later (ie. if stolen and the win password is hacked.) B. If the disk is accessed through another OS like a boot disk would that leave the database unencrypted and vulnerable?
3. What is wrong with simply using Win7’s Bitlocker for encryption? Does it not allow the Evernote software to access the database file?
Oh, and 4: You still need to make sure you securely wipe the old database and any deleted data from the hard drive because it is simple to access normal “deleted” data in Windows.
These are just the things off the top of my head but, bottom line, I don’t know if I would be storing super classified information in Evernote — trade secrets, bank info, your schedule for your meeting with the President. :)
August 30, 2010 — 4:20 am
Evan Kline says:
Good points, Mel. If you follow the link at the start of this article to the updated article, it should reduce this concern. Either way, you actually get a “Welcome to Evernote” screen if it doesn’t find a database, and you have to manually type in your account info, or create a new account. This contrasts rather sharply with how it normally goes right to a notebook view. I’ve been using this method for about a year now, and have yet to create a new database by mistake.
Regarding #2, yes, the virtual drive stays open and unencrypted if you shut down. Again, though, if you use the procedure in the updated article (linked at the top of this one), then the virtual drive is automatically closed when you exit Evernote.
Regarding #3, I can’t speak to Bitlocker. I have Home Premium, and I understand you need Ultimate or Enterprise to do that. I could probably try it at work, but since I’m using the updated procedure (mentioned in the updated article) on 2 machines at home, I just used that same procedure on my office PC.
Good points on #4- before moving over to an encrypted drive, everyone should make sure they use a tool like AxCrypt to wipe the old database.
I’m actually more concerned about what happens to my data when it hits Evernote’s servers than here locally. Since my encrypted drive closes automatically when I close Evernote, it is almost always encrypted here. We did another post a while back on ways to encrypt data within Evernote, but that does make Evernote a bit less useful.
August 30, 2010 — 6:45 pm
David says:
If you work on a shared computer, just migrate database to a USB drive and your problem solved.
August 3, 2011 — 8:07 pm
Evan Kline says:
The problem with that for me is that I’m prone to lose thumb drives, and I forget to unmount external USB drives. But for someone who can hang on to a USB drive, that’s a good idea.
August 4, 2011 — 4:22 pm