End-to-end encryption is now enabled by default on all new journals created after updating to version 4.2. Your journals are completely private and secure. End-to-end encryption utilizes a private key to encrypt all your journal entries before they reach Day One servers. With possession of the encryption key held only by the you, the end user, you can be sure your journals are protected with maximum security.
The encryption key is stored securely using CloudKit through your Apple ID. Users can also save or print their key to be stored securely in your possession. Please keep this somewhere safe.
Journals cannot be switched back from end-to-end encryption to standard.
Open Settings > Journals. Any journal with a shield icon is end-to-end encrypted. Tap any journal and then tap Advanced for the encryption setting.
As of version 4.2, encryption is enabled by default and a private key is generated automatically. It is stored securely in CloudKit. You can also access it at any time if you are logged in by selecting "Show Encryption Key" in the Sync setting.
If enabling encryption manually on previously synced journals the standard encrypted journal is deleted from the server and new encrypted entries are uploaded from the device that turned it on. Please allow the sync process to complete before making changes on this or other devices.
Enabling end-to-end encryption on the Mac is very similar. Open Preferences > Journals. If needed, generate an encryption key first. Then click the "i" icon next to the journal you wish to encrypt and change the encryption option.
If you have already enabled encryption from iOS, you will be prompted on Day One Mac to input your encryption key. You can enter the key manually, use the on-screen scanner to scan the PDF you have saved, or use the front-facing camera on your Mac to scan the key from your iOS device.