What is the passphrase?

The passphrase (also known as the encryption passphrase) is a critical element of your Private.Ki account. It is not the same as your login password. Instead, this passphrase encrypts your private key and therefore locks your mailbox’s contents. Think of it as the key to a safe that holds all your decrypted emails.

Key points about the passphrase:

  • It is set up when you created your account (unless you chose to skip it). From that moment, all your email data is encrypted with a key derived from this passphrase.

  • Every time you log in (after entering your username and login password), the system will prompt you for the passphrase to unlock your mailbox. Only by providing the correct passphrase can your device decrypt your stored emails and private key. If the passphrase is wrong, you can't access your account.

  • Why this extra step? Because Private.Ki’s security model ensures that even if someone got into your account, they still couldn’t read your mail without this second secret. It’s an extra wall of defense. It also means Private.Ki’s servers never see your actual email content unencrypted – the passphrase never leaves your device, so we can’t decrypt your data on the server side.

  • You can change your passphrase at any time (see Changing Your Passphrase). To do so, you must know the current passphrase (so that you can decrypt your data and re-encrypt it with a new passphrase).

  • If you skipped setting a passphrase: In that case, the system set up an "internal passphrase" which is derived from your password to protect your data. You won’t be prompted for a passphrase on login because you chose not to have that separate lock. This is more convenient but somewhat less secure (one fewer secret for an attacker to overcome). If you want to add a passphrase later, you can do so in settings (it will then encrypt your keys with the new passphrase).

  • It’s zero-knowledge: Private.Ki does not store your passphrase on the server. We can’t reset it for you if you forget it. It’s only used locally (on your device) to decrypt your keys. This is intentional; it ensures only you can unlock your data. But it also means don’t forget it! If you do, we have no technical way to recover your existing encrypted emails.

  • How to manage it safely: Make it strong (long and unique), don’t share it, and consider using a password manager to keep track of it if it’s too complex to memorize. You might have chosen a passphrase distinct from your login password – that’s good practice. If you use a phrase, ensure it’s not something easily guessable or associated with you. Treat it with the same level of secrecy as you would the key to your house, because it effectively is the key to your private communications vault.