Protected notes are encrypted using AES encryption algorithm where encryption key is generated using Scrypt key derivation function from user entered password.

You can either protect individual notes or whole subtree by right clicking on an item in the tree pane. In such a case it's still a case of all of the notes being encrypted individually. One consequence is that you can still create unprotected notes under protected notes.

In protected notes, only note title and note text are encrypted. All metadata like date of last modification, note structure etc. are not encrypted and can be visible even without entering protected mode.

When you try to perform action which requires protected session (e.g. reading protected notes or making note protected), you'll be asked to enter password. After successful authentication, protected session is established for limited period of time (by default 10 minutes). If protected session is not refreshed during this time, protected session expires and user needs to authenticate again to start new protected session.