Local encryption

Infinity · April 30, 2019, 9:04pm

Please, implement encryption of attachments and text messages while they are stored locally on the device. Apps with root access can read unencrypted text and see attachments. For instance, look how it is done in Signal and may be Threema (which is not open source). Is it possible?

r10s · May 1, 2019, 12:31pm

sure it is possible, however, it has to be done anyway however, afaik, there are also some issues filed for that.

wanted to note here that the “apps with root access” cannot be run on a “normal” unrooted phone. so it is not a general issue.

Mannshoch · May 2, 2019, 9:21am

I like this Idea, my personal problem is, that I need the Mails not encrypted on server because of Outlook and other Thunderbird Installation. If you plan to encrypt files on phone than they have to be per device without any effect on the situation inside the app.

gerryfrancis · January 2, 2020, 2:43pm

Another vote to encrypt the database, a simple password without use of PGP would do for me. Thanks!

enacting · January 31, 2020, 8:32am

Or ask your mail provider to improve remote content storage

zgzgng · February 5, 2020, 9:55am

Is TREES different than dovecoat plugin crypt

https://doc.dovecot.org/configuration_manual/mail_crypt_plugin/

link2xt · March 2, 2020, 1:29am

Rust crate Delta.Chat uses for SQLite supports SQLCipher.

For instance, look how it is done in Signal and may be Threema (which is not open source). Is it possible?

Signal uses SQLCipher: Signal >> Blog >> Storage management for Signal Android

Delta.Chat could probably migrate to SQLCipher too. However, attachments are currently stored outside the database, in so-called “blob directory”. It should be moved into the database to take advantage of encryption.

WofWca · May 14, 2025, 8:41am

For reference, Molly (Signal fork) on Android does implement database encryption:

AFAIK its entire purpose is to be a more secure Signal.

WofWca · May 14, 2025, 8:53am

Also another option, that a user could try to implement by hand, is using a “Vault” software like Cryptomator. It mounts a virtual drive that you can access as a regular drive, but the data is stored in encrypted form.
So, one could set the accounts dir to be inside that drive, thus requiring you to unlock the vault before you can use Delta Chat.

If this proves to work we could perhaps more tightly integrate it with Delta Chat, i.e. to manage locking / unlocking (as opposed to just saying “path does not exist” if the vault is not locked). But this is just me speaking my mind, maybe it’s better to see how others do it (I am not aware of much apps that implement local encryption, besides password managers).

DELTA_MAFIA · May 22, 2025, 5:42pm

And if you take Windows, then you don’t even need root there, haha, everything in the blob is open.

peppa · May 23, 2025, 3:44pm

Briar implements local encryption. I’m not sure what they use.