What is the passphrase?

The passphrase (also known as the encryption passphrase or PGP passphrase) is a critical element of your Private.Ki account.

It is not the same as your login password. Instead, this passphrase encrypts your private key and therefore locks your mailbox’s contents.

Think of it as the key to a safe that holds all your decrypted emails.

Key points about the passphrase:

  • It is set up when you created your account (unless you chose to skip it). From that moment, all your email data is encrypted - and you can only unlock the key to decrypt your data with the passphrase.

  • Every time you log in (after entering your username and login password), the system will prompt you for the passphrase to unlock your mailbox and decrypt all your messages. Only by providing the correct passphrase can your device decrypt your stored emails and private key. If the passphrase is wrong, you can't access your account.

  • Why this extra step? Because Private.Ki’s security model ensures that even if someone got into your account, they still couldn’t read your mail without this second secret. It’s an extra wall of defense. It also means Private.Ki’s servers never see your actual email content unencrypted – the passphrase never leaves your device, so we can’t decrypt your data on the server side.

  • You can change your passphrase at any time. To do so, you must know the current passphrase (so that you can decrypt your data and re-encrypt it with a new passphrase).

  • If you skipped setting a passphrase, the system set up an "internal passphrase" which is derived from your password to protect your data. You won’t be prompted for a passphrase on login because you chose not to have that separate lock. This is more convenient but somewhat less secure (one fewer secret for an attacker to overcome). If you want to add a passphrase later, you can do so in settings.

  • Private.Ki does not store your passphrase on the server. We can’t reset it for you if you forget it. It’s only used locally (on your device) to decrypt your keys. That's a feature, not a bug: it ensures only you can unlock your data. But it also means: don’t forget it! If you do, we have no technical way to recover your existing encrypted emails.

  • How to manage your passphrase safely: Make it strong (long and unique) and don’t share it! You might have chosen a passphrase distinct from your login password – that’s good practice. If you use a phrase, ensure it’s not something easily guessable or associated with you. Treat it with the same level of secrecy as you would the key to your house, because it effectively is the key to your private communications vault.