My Diary is a modern, offline-first journaling application for Android, built with security and privacy as its core principles. It demonstrates a robust, multi-layered encryption strategy to ensure that user entries remain confidential and accessible only to them, even across multiple devices.
-
Offline-First: All entries are stored locally on your device.
-
End-to-End Encryption: Every diary entry is encrypted at rest using AES-256-GCM.
-
Biometric Unlock: Conveniently access your journal using your device's fingerprint, PIN, or pattern.
-
Backup & Restore Ready: The encryption architecture is designed to allow for secure cloud backups and restoration on a new device.
-
Multi-Device Recovery: A secure flow allows you to regain access to your notes on a new device using your master password.
-
Modern UI: Built entirely with Jetpack Compose for a clean and responsive user interface.
-
Internationalization: Supports English, Spanish, and Brazilian Portuguese.
The application's security model is designed to provide both convenience and true data portability without compromising privacy.
-
Master Password: All diary entries are encrypted using a strong cryptographic key derived from a user-defined master password via PBKDF2. This is the ultimate key to the user's data.
-
Hardware-Backed Biometric Unlock: For daily convenience, the master password itself is encrypted using a separate key stored in the Android Keystore. This hardware-backed key is configured to require biometric authentication for any use.
-
On a daily basis, the user authenticates with their fingerprint.
-
This unlocks the key in the Android Keystore.
-
This key is used to decrypt the master password, which is held only in memory.
-
The master password is then used to decrypt the diary entries.
-
Device Migration: When restoring from a backup on a new device, the hardware-backed key is no longer available. The app detects this and prompts the user to manually enter their master password. Once verified, the master password is then re-encrypted using the new device's Keystore, seamlessly re-enabling biometric unlock.