Notes containing other types of attachments can’t be encrypted, and unsupported attachments can’t be added to secure notes.
Attachments that support encryption include images, sketches, tables, maps, and websites. After the new records are created, the original unencrypted data is deleted. New records are created in Core Data and CloudKit to store the encrypted note, attachments, tag, and initialization vector. The note and all of its attachments are encrypted using AES with Galois/Counter Mode (AES-GCM). When a user secures a note, a 16-byte key is derived from the user’s passphrase using PBKDF2 and SHA256. Each iCloud account (including “On my” device accounts) can have a separate passphrase. Secure notes are end-to-end encrypted using a user-provided passphrase that is required to view the notes on iOS, iPadOS, macOS devices, and the iCloud website.
The Notes app includes a secure notes feature that allows users to protect the contents of specific notes.