Encrypted Sync Service
Overview
- The Encrypted Sync Service (ESS) is the easiest way to sync your Everdo data across multiple devices.
- Each device still maintains a full local database of the data and is capable of working offline for any period of time.
- When online, each device sends data updates to the Sync Service, which keeps track of them and passes changes to other devices.
- The transmitted data gets encrypted on the client side and the encryption key is never shared with the Sync Service. See what data is encrypted and how to learn more.
Creating a sync account
To connect your devices to ESS, you will need a user account that will store the encrypted data. To create an account, go to sync.everdo.net/signup and complete the sign up process.
Make sure to verify your email address by clicking a verification link in your email inbox. You should see the Active status in your ESS account before trying to configure your devices.
Configuring sync in the desktop app - automatic setup
- Run Everdo and click Setup Sync at the top of the application window.
- Choose Encrypted Sync Service and proceed to sign in with your ESS username and password.
- Once signed in, follow the rest of the steps until you see a confirmation message saying that configuration is complete.
- If you need to setup a mobile device, press Pair Mobile Device and follow further instructions on then screen.
You can always pair another mobile device from Settings->Sync->Pair Device.
Configuring sync in the desktop app - manual setup
The following manual steps are equivalent to the automatic setup described earlier.
First, sign in.
- Open Everdo, go to Settings->Sync.
- In Mode, select
Encrypted Sync. - Enter your ESS account credentials to sign in.
- Optional: In Device Name, enter a label for this computer that will make sense to you later on.
- Click Sign In.
Once you have signed in, the next step is to set up an encryption key for your data.
Note
You only need to generate an encryption key on one of your computers. All other devices must use the exact same key in order to work with shared encrypted data.When in Sync Settings, notice that an encryption key (passphrase) has already been generated for you. You can see it in the Encryption Key textbox. This key was chosen randomly, so it is safe to use. However you can also modify it if needed.
Setting your own encryption key is possible as well. You must create a 16-word passphrase using the Niceware list. If you use a word that is not in the list, or a different number of words, then the key will not pass validation, because a 256-bit key is required.
Warning
You must configure all your devices to use the exact same encryption key. Otherwise, ESS will refuse to sync in order to avoid data corruption.Once you have set the encryption key, click Sync to initiate sync. You should then see the Status label change to Synced in a few seconds. Finally, press Apply to save the configuration.
Warning for users transitioning from local network sync to ESS
If you have been using local network sync before, you must perform this step.
Once ESS sync is working, press Push once in Settings->Sync in order to copy all of your existing data to ESS. Otherwise some of your previously synced data may be missing from ESS resulting in inconsistencies. This step is not needed for devices that have never synced before.
Quick pairing of mobile devices
Once your desktop computer is syncing successfully, you can use it to easily configure your mobile devices.
- In the desktop app, go to Settings -> Sync -> Pair Device -> Begin.
- Follow the instructions until you see a QR code.
- In the mobile app, go to Settings, change Sync Mode to
Encrypted ServiceorESS Integration, press Quick Pairing. - Scan the QR code, confirm the pairing request and wait until you see a success message in the mobile app.
After the pairing process your device will be syncing automatically.
Configuring ESS sync on a second/third computer
To configure a second computer you need to bring the encryption key from your first computer, as opposed to generating a new one.
- Sign in to ESS, as described earlier on this page.
- Enter the Encryption Key.
- Press Sync and make sure that the
Syncedstatus appears. - Press Apply to apply and save the configuration.
Configuring ESS sync in the Android app - manual setup
- Go to Settings
- Tap Sync Type, select
Encrypted Service - Tap Encrypted Service: Manual Setup, then Sign in to sync
- Use your ESS username and password to sign in.
- Tap Encryption Key and enter the correct encryption key.
- Exit settings and try to trigger sync by swiping down the view.
Once you have have verified that sync is working, you can enable Auto Sync in settings.
Configuring ESS sync in the iOS app - manual setup
- Go to Settings
- In Sync Mode, select
ESS Integration - Tap Manual Setup->Connect
- Use your ESS username and password to sign in.
- Tap Update Key and enter the correct encryption key.
- Tap Sync Once and observe the status.
Once you have have verified that sync is working, you can enable Auto Sync.
Manual sync actions
In some cases it may be necessary to manually trigger a sync action to fix a data discrepancy between devices, particularly when transitioning between local network sync and ESS sync, or when switching to a different ESS account.
The manual actions described below are available in sync settings.
Push
Copy all items and tags from the device to ESS, making ESS data completely match the local data.
Force Push
Same as Push, but also forces ESS to accept data encrypted with a different encryption key. This is necessary after changing the encryption key, otherwise ESS will reject the sync request and report a key mismatch error.
Pull
Copy all items and tags from ESS to the device, overwriting any conflicts. A pull does not remove any items on the device, unless they have been explicitly removed on another device. This means that a pull does not necessarily bring the state of your device to exactly match the ESS data.
Clean Pull
Re-create the local database from scratch and pull all data from ESS. This action is useful to make the state on the device exactly match ESS data.
Warning
A Clean Pull will completely discard your existing local data. You need to be sure that ESS has a copy of all the data that you care about before triggering this operation.Proxy server settings
In order to specify an HTTP proxy for ESS connections, add the following line to config.json, which is located in the home directory. Replace user and password with correct values.
{
...,
"proxy": "http://user:password@1.2.3.4:12345",
}
Troubleshooting
The encryption key mismatch error
This means the device is not configured with the same encryption key that has been previously used to sync with ESS. ESS detects a change in encryption key and rejects such requests because they cannot be merged with existing data.
- Open Everdo on one of your computers that has complete data.
- Go to Settings->Sync, press Sync and notice the status.
- If the status indicates
encryption key mismatch, then press Force Push to override all data in ESS. - Press Show Key and transfer the key to your other devices.
SSL errors when trying to sync
If you are behind an SSL proxy on a trusted network, you may need to use the Ignore SSL Errors switch in the sync settings dialog.
Sync removes tags from items
ESS is missing some of the tags that you have on your device. This is probably because you have migrated from local network sync to the ESS sync. You need to perform a manual Push in order to fix this data discrepancy.
ESS sync FAQ
Q: Once I start using ESS, can I go back to local network sync?
Yes, it’s just a matter of re-configuring your devices. See local network sync guide.
Q: How does ESS know which encryption key is used or when it changes?
ESS never actually sees your encryption key. Instead, your devices compute a cryptographic hash of your key and send it with each sync request. This provides enough information for the Sync Service to tell one key from another. However such hash does not reveal the key itself and cannot be used to reconstruct the key.
Q: Which parts of the data get encrypted and how?
The title and description of all items and tags are encrypted with AES256-CBC. This is what an action’s title looks like when encrypted:
1.EoCd6AP5LeGP937S3Mi31g==.kFdPOGCP7e+Z8sAl4wcesADJY54TQULqmmUETq2QWHY=
The metadata properties such as modification timestamps, parent-child references and item types are not encrypted. These properties are necessary for conflict resolution and optimizing the syncing algorithm.
A 16-word random passphrase from a 65536-word list is generated on your computer and is used to represent a 256-bit encryption key. The passphrase is stored on each synced device so that it can work the encrypted data. The passphrase is never sent to ESS, but a cryptographic hash of the passphrase is tracked by ESS to avoid data corruption caused by mismatched keys on different devices.
Q: Is data stored in encrypted form on my devices?
Using ESS sync doesn’t change the way Everdo stores data locally. That is, the data only gets encrypted immediately before being sent to ESS. It does not make sense to store encrypted data on your own device since the encryption key is stored right next to it anyway.
Q: What happens if I lose the encryption key?
The encryption key is stored in the encryption-key file located in Everdo home directory. Even if you lose it somehow, it’s not a problem, as long as you still have the local Everdo database available. You can then generate a new encryption key on your computer, update all devices to use it and use the “Force Push” action to tell ESS to accept the new key.