diff --git a/.env.example b/.env.example
index f0beadf..c2238d2 100644
--- a/.env.example
+++ b/.env.example
@@ -1,3 +1,4 @@
 PORT=80 # port to listen on 
 MONGO_URI="your mongo uri" # "mongodb+srv://xxxx:yyyy@domain/zzzz?retryWrites=true&w=majority"
-MONGO_DB="anopaper" # database name
\ No newline at end of file
+MONGO_DB="anopaper" # database name
+ENC_KEY="test" # encryption key
\ No newline at end of file
diff --git a/changelog.md b/changelog.md
index b6756e5..cac0d10 100644
--- a/changelog.md
+++ b/changelog.md
@@ -28,7 +28,7 @@
 - [x] Migration notes storage to mongodb (#3)
 - [ ] Settings for publish notes, such as: delete after reading, number of reads before deleting, adding your own data (name, picture, status in the settings) to the note.
 - [x] Maintaining statistics on sent notes, the number of notes received, number of deleted notes (#8)
-- [ ] Encrypting notes in the database
+- [x] Encrypting notes in the database (#26)
 - [x] Local notes ids is ~~incremental~~ `Date.now()` instead of uuidv4 (238af9ad6957f72439a1a39f32662145dd2bdce8)
 
 # AnoPaper v1.0.0
diff --git a/core.js b/core.js
index 1a93480..e81a8ad 100644
--- a/core.js
+++ b/core.js
@@ -15,6 +15,8 @@
 
 const mongoClient = require("mongodb").MongoClient;
 const sha3 = require("js-sha3").sha3_512;
+const AES = require("crypto-js/aes");
+const cryptojs = require("crypto-js");
 
 class NotesCore {
   constructor() {}
@@ -33,6 +35,7 @@ class NotesCore {
     try {
       let note = await this.notes.findOne({ _id });
       if (note !== null) await this.incStats("receivedNotes");
+      note = await this.decryptNote(note);
       return note;
     } catch {
       return null;
@@ -61,6 +64,7 @@ class NotesCore {
       note._id = sha3(JSON.stringify(note));
       note.time = Date.now();
       note.pub = true;
+      note = await this.encryptNote(note);
       await this.notes.updateOne(
         { _id: note._id },
         { $set: note },
@@ -73,6 +77,22 @@ class NotesCore {
     }
   }
 
+  async encryptNote(note) {
+    note.name = AES.encrypt(note.name, process.env.ENC_KEY).toString();
+    note.text = AES.encrypt(note.text, process.env.ENC_KEY).toString();
+    return note;
+  }
+
+  async decryptNote(note) {
+    note.name = AES.decrypt(note.name, process.env.ENC_KEY).toString(
+      cryptojs.enc.Utf8
+    );
+    note.text = AES.decrypt(note.text, process.env.ENC_KEY).toString(
+      cryptojs.enc.Utf8
+    );
+    return note;
+  }
+
   async incStats(_id) {
     await this.stats.updateOne(
       { _id },