timo should the user be able to make up his own encryption password, or should the user have to remember/store an app-created password? The latter would generally be more secure (as the password is stronger) and easier to implement, but users would certainly have to somehow backup the password as it's almost impossible to remember it.
When you say "The latter would generally be more secure" do you mean it will be more secure simply because it will be a longer password length with special characters and numbers etc? if this is the case then arguably I could create a more secure password using my password manager (up to 100 characters with numbers and special symbols, if Diarium would support that long a password!) or do you mean that it would be more secure because of another reason?
Ultimately, the whole point of end to end encryption is privacy and security therefore I would like the MOST SECURE and the MOST PRIVATE option which is available.
timo Also, should users be able to see what password they have created and is in use after setting up the sync or not?
I would say no. There is no point in the user being able to do either of these. Your password should be so long and
unmemorable that even if you could see it, it just wouldn't be of any help to the user.
timo Most password apps (Bitwarden, Enpass, LastPass, 1Password) seem to allow user-created passwords while Day One only seems to support an app-created password that needs to be backed up.
What do you think?
A password manager which supports attachments is perfect for this. When I was with Day One and you turn on E2E encryption, it generates a "secret key" which is printable/salvable it has a QR code and your secret key (password) with instructions. I saved a copy of this in digital form inside my password manger, and printed a copy to keep in my safe and another copy was kept off-site at a family member's house.
Ultimately for me timo, the how it works is up to you, as a user the only thing I would ask for is the MOST SECURE and the MOST PRIVATE way you as a developer can think of - it is up to the user to remember their password/key/etc and the responsibility would rest entirely on the user with no onus or repercussions on you.