Mavericks, encrypted sync stores, and Markdown

Sync iconWe have just released DEVONthink (all editions) and DEVONnote 2.7 with great new features and improvements. DEVONthink 2.7 now encrypts all metadata and all contents stored in remote sync locations such as Dropbox, WebDAV, or AFP. No other document management app on the Mac gives you so much flexibility and control over you data!

DEVONthink 2.7 also improves its support for Markdown and formatted notes. Take notes with a single keyboard shortcut also as Markdown or, via the separate Sorter, as formatted note. Formatted notes are based on HTML you can edit them like rich text but also view them in any web browser.

The update fixes some severe sync issues with DEVONthink To Go, too. Finally all editions got user interface refinements, improve the overall reliability and the compatibility to e.g. Safari 6.x, and, of course, fixes bugs. We recommend the update to all users. Click here to learn more.

Note: The new encryption makes it necessary to clean your remote sync locations, e.g. on Dropbox, and re-upload your data. To clean your sync locations select them in the Preferences, Sync tab, and choose “Clean location” from the action menu.

39 Responses to “Mavericks, encrypted sync stores, and Markdown”

  1. Eric says:

    may you please give us some more (technical) information about the “encryption”?

  2. eboehnisch says:

    All metadata and content files are encrypted using an AES 256 bit key unique to the database. Protect the database with a password to keep even us from possibly decrypting it.

  3. J. Scott says:

    I just did the update.

    Now when I sync I get an error!!!!!!

    “Could not read the receipt. The receipt may have been created with an outdated version of the sync plugin. Please clean the remote store and try again.”

    There is no documentation, help or other instructions on cleaning the remote store!


    Also where is the neat new “sync” button you show on the blog. I don’t have one.

    Frustrating morning!!!!!!

  4. Jim Mitchell says:

    I absolutely LOVE DEVONthink. That being said, without the ability to access the documents I forgot to put into a sync folder just kills it. Sometimes I don’t know ahead of time what all I may need for a meeting. I long for the day when iOS sync is more seamless.

  5. eboehnisch says:

    @ J. Scott: Select the sync location to clean, click the Action menu below the list or right-click the location. Choose “Clean”.

  6. J. Scott says:

    So cleaning the remote just deleted all of the remote files and will require syncing and sending them up again.

    I took me hours to upload my sync (large database, I use it a lot).

    Very frustrating.

    I too long for the day when I can sync my iOS to dropbox.

    I wish there had been some preparation and instruction on what to do or expect. I don’t have time this morning to fix this mess!


  7. J. Scott says:

    I sync my laptop and my desktop to the remote.

    What work flow do you recommend to fix the second computer?
    once I get at least on of them fixed?

  8. eboehnisch says:

    Yes, for encrypting all your data you have to reupload we’re afraid.

  9. eboehnisch says:

    Just remove the sync lication on the second one and re-add it. That should reconnect it properly. Make sure both sides use DEVONthink 2.7.

  10. Andriy K says:

    So if we use WebDav to sync all our data in route from machine to machine is AES 256 encrypted?

  11. M Lacroix says:

    I have the same problem than Scott

    I use the french version and I try to figure out what is the equivalent to “clean”

  12. dano says:

    Just updated to 2.7 and the associated extras. Updated browser extension Clip to Devonthink in Safari has quit working.

  13. Joel says:

    Any news when the promised update for DevonThink To Go will be available?

  14. eboehnisch says:

    @ Andriy: Yes, it is AES-256-encrypted on one machine and put them so on the WebDAV server. The other machine downloads the files and decrypts them.

  15. eboehnisch says:

    “Nettoyer l’emplacement” in the action menu.

  16. eboehnisch says:

    @ dano: Maybe the Finder has not yet picked up the new application or is confused by two versions of the app installed. Pleas make sure only one, the new version is installed and log out and in again. The extension itself has not changed (and is very primitive, the actual code is in the main app).

  17. eboehnisch says:

    @ Joel: There is a larger maintenance update for DEVONthink To Go coming that fixes iOS 7 issues. It’s on its way to Apple for App Store review. We’re still working on version 2.0.

  18. Lee says:

    How do I stop DT 2.7 launching every time I turn my computer on and why can’t I see the Sorter on the side of the screen anymore? I thought it was supposed to make life easier?

  19. eboehnisch says:

    @ Lee: Maybe DEVONthink accidentally ended up on your list of launch items (you can check in System Preferences), or something else that requires DEVONthink?

    To bring the Sorter back check DEVONthink’s preferences, Sorter tab.

  20. Lee says:

    Re: Sorter – got it back. I had inadvertently disabled it when trying to resolve the other issue, I think.

    Re: autoboot. No. The first thing I looked at was Sys Pref. Not there. All I did was accept the upgrade and now every time I start the computer DevonThink Pro launches. I have two partitions and they both launch DTP when I open them. It’s not the end of the world but it is a pain in the bum.

  21. Lee says:

    Nah. Sorter’s gone again.

  22. eboehnisch says:

    @ Lee: So you checked the box “Start Sorter at login” in the preferences? Regarding further support: Please contact our support using the contact form; blog comments are not really suitable for technical support.

  23. Diana says:

    After the update I cannot sync with Devonthink To Go. I get the message: Bonjour Failed; Bonjour was unable to find computers. I don’t see the computer, only reset synchronizationsettings. When I push this action nothing happens. There is nothing wrong with the network. All other programs do fine with syncing over the network. I tied to reset, restart etc., but nothing happens.

    Please Fix this!

  24. eboehnisch says:

    @ Diana: Please try to restart your computer, your iOS device, and your router. Does this cure the problem?

  25. I’ve just looked at the sync store and found out that the file “metadata” seems to be a JSON file that contains an encryption key.

  26. eboehnisch says:

    @ Sasmito: It contains an encrypted encryption key. The encryption for this is known only to DEVONthink, individual to every database, and also secured in a way that it cannot be extracted from the app.

  27. Hans-Uwe Brackel says:


    since the recent (AppStore version) upgrade I can no longer put the database on a network share. Any attempt to sync with a syncStore on the network share crashes DevonThink. Dropbox and a directly connected external drive seem to work okay.
    Any suggestion on how to make this work?
    Thanks, Hans-Uwe

  28. Can you open a support ticket, please?

  29. Daniel says:

    @eboehnisch, does this correctly describe what you are saying?

    The database is encrypted using Key a.
    Key a is then encrypted with Key b and stored with the database.
    Key b is obfuscated and hard coded into DEVONthink

  30. eboehnisch says:

    @ Daniel: Key b is obfuscated and hard coded into the app if you don’t set a user name and password for the database. If you set a user name and password, key B is created from these.

  31. […] DevonThink apparently now automatically encrypts any database synced through the cloud provider, though DevonThink holds the encryption keys. They are working on a new version of the iOS app (hopefully, with fixes for some pretty […]

  32. […] do sync to the cloud through Dropbox, it offers the best consumer-level security option available: zero-knowledge 256-bit encryption (see Eric’s comments). In addition, if you sync to mobile devices (using DEVONthink To Go), […]

  33. nev says:

    I hope you don’t mind me re-visiting this somewhat old post, but does this mean that DTPO databases, when synced over Dropbox by the use of DTPO’s sync preferences, has end-to-end AES256 encryption ?

  34. nev says:

    … not only that, but zero-knowledge end-to-end encryption? Is this correct ?

  35. eboehnisch says:

    @ nev: Yes, the data is encrypted using the key you set. We ourselves don’t keep a secondary key or anything.

  36. Nate says:

    The password for the database is contained in clear text in the settings.plist file contained within the database. When syncing to a remote location, is this transferred with it? This would defeat the encryption.

  37. eboehnisch says:

    @ Nate: Yes, the database password is transferred with the sync. But the password for the sync store itself is, of course, not stored in clear text. So the sync store and the transport itself is secure.

  38. Nate says:

    Thank you! Can something be done about the password being contained in clear text within the plist?

  39. eboehnisch says:

    @ Nate: The password protection is a simple mechanism to keep the occasional snooper away. To make the database 100% secure you might want to keep it on a password-protected and encrypted disk image.