Private.Ki Encryption Overview: What Is Encrypted and Where (in detail)

Private.Ki secures your data with strong encryption at every stage. Different parts of the service use different encryption methods, but everything – from email contents to chat messages and even metadata – is always stored in encrypted form.

Email

Email Content Encryption

This is how the content of your emails is encrypted:

  • Outgoing Internal Emails (Private.Ki to Private.Ki): These are always end-to-end encrypted with PGP using the recipient’s public key, and digitally signed by the sender. There is no way to send an internal email unencrypted or unsigned – encryption and signing are always enforced.

  • Incoming Internal Emails (Private.Ki to Private.Ki): When you receive an email from another Private.Ki user, it arrives PGP-encrypted with your public key. It’s decrypted only on your device when you open it. Once you’ve opened it, the email is re-encrypted with AES for secure storage in your mailbox.

  • Incoming External Emails (already encrypted): If someone outside Private.Ki sends you a PGP-encrypted email (using your public key), Private.Ki adds a second layer of PGP encryption on top of the message (using your public key again). This means the email is double-encrypted with PGP while stored on our servers. When you open the email, the PGP encryption is replaced with AES encryption for storage.

  • Outgoing Emails to External Recipients (encrypted): When sending a PGP-encrypted email to an external recipient (not on Private.Ki), the outgoing message is encrypted with the PGP public key of the recipient. Your copy of the email (in the Sent folder) is encrypted with AES.

  • Incoming External Emails (non-encrypted): If you receive an unencrypted email from outside, Private.Ki encrypts the content with PGP, using your public key, on arrival. The message is never stored in plain text on any permanent storage. When you open the email, your device will decrypt the PGP layer so you can read it, and will replace it with AES for storage.

  • Outgoing Emails to External Recipients (non-encrypted): If you send an email to someone not using encryption (i.e., the email leaves Private.Ki unencrypted so that the external recipient can read it), Private.Ki still protects your copy. Any such outgoing message stored in your Sent folder is encrypted with AES. In other words, even if the external recipient gets a plaintext email, your saved copy is never stored in plaintext within Private.Ki.

Email Storage Encryption

This is how we encrypt the data that we store in your account:

  • General storage: All our servers use full disk encryption.

  • Inbox: All unread emails in the inbox are encrypted with PGP, using your public PGP key. (In this case, unread means that the message has not been opened once.) All read emails in your inbox are encrypted with AES. Already PGP-encrypted external mails are stored with a second PGP layer, additionally to the original PGP encryption, as long as they are unread; after opening once, they are stored with AES encryption.

  • Drafts: Whenever you pause typing an email, the draft is auto-saved and encrypted with AES.

  • Folders (Sent, Archive, custom folders): All messages in folders are encrypted with AES.

  • Email Signatures: Your saved email signature blocks (the personal sign-off text you append to emails) are stored with AES encryption.

Email Metadata Encryption

  • General Metadata Encryption: Email metadata (subject, from, cc/bcc, dates, message‑ids, thread ids, sizes, routing labels) follows the same encryption as the message content and is encrypted in the same way.
  • Recipient exception for incoming emails: In our databases, we are able to identity the recipient email address = the Private.Ki account to which the email is addressed, so the system can route to the correct mailbox, whereas the sender address is stored encrypted. This means that from storage we cannot reconstruct who is communicating with whom.
  • Metadata for external messages (encrypted and non-encrypted): Outgoing external messages are delivered through SMTP which requires standard headers (dates, times, subject, from/to, message‑id) to for every external email to be transmitted in a non-encrypted way. There is no technical possibility to deliver an external email without this public non-encrypted metadata. This applies only for the transport of the email - on our servers, also these messages' metadata is stored encrypted (with AES).

Messenger Encryption

  • Internal messenger communication (Private.Ki to Private.Ki): All messages are PGP-encrypted and signed with PGP. There is no option to send non-encrypted or non-signed messages.

  • Metadata: All messenger metadata is stored AES-encrypted.

  • Chat Request (Private.Ki user chats with an external user): A PGP key pair is generated for the external user. All messages are encrypted and signed with PGP. There is no option to send non-encrypted or non-signed messages. The email address of the external chat user is stored AES-encrypted. If the external user signs up to Private.Ki, he's becoming a regular Private.Ki user, and encryption will not be treated differently.

  • Chat Request Invitation Email: If you send the chat request invitation to an external user through Private.Ki, this invitation will be sent from Private.Ki as a normal, non-encrypted email to the user's external email address. All data in this invitation email is non-encrypted.

Your Account Data

  • Display name: Your display name is encrypted with AES. So we don't even know your name.

  • Password: We never store your password anywhere. In fact, your password is never transmitted to the server. We use OPAQUE authentication to check if the password you type in matches your account password - but we don't know your account password.

  • Passphrase: Your passphrase is not stored at all, neither on your device, nor on our servers. It's never stored anywhere. We also don't store if you use a custom passphrase or the questions challenge. We only store the fact if you have skipped the passphrase or not.

  • Recovery Email Data: If you set up a recovery email address for account recovery, the recovery email address and any recovery-related information is stored encrypted with AES.

  • Your private key: Your private key are encrypted with your passphrase. They are never stored anywhere non-encrypted. While they are unlocked (after you have entered your passphrase), they are in the memory of your device, but they will never be stored anywhere permanently.

  • Your public key: Your public key is public knowledge, as all your incoming encrypted emails are encrypted with your public key. You can also to send it to anyone you like outside of Private.Ki, in order to receive external encrypted messages. There is no need to protect your public key - the only thing it reveals is your Private.Ki email address, nothing more.

  • Imported keys: Public keys of other non-Private.Ki users that you have imported to your account are stored with AES. These keys are bound to your account, and only your account can use them. For performance reasons, we also store the email address and other information taken from the key (e.g. fingerprint) separately - irreversibly hashed with HMAC.