Frequently Asked Question

The private key is only stored in encrypted form, using PGP symmetrical encryption(1). In August 2017 we also added another layer to protect the private keys. They are now stored anonymously, this means that we are unable to determine which private key belongs to a specific user, you can read more here about this new layer.

(1) The user-password is converted to a AES-256 key using OpenPGP's Iterated and Salted S2K (2), the iteration code is set to 192, which equals to approx. 4 MB of data to hash (password+salt iterated), for a single password. This makes the password very slow to bruteforce(3). All decryption is done on the users own computer, the password is never sent to our server.

Read more about OpenPGP symmetrical encryption here:
https://tools.ietf.org/html/rfc4880#section-5.7
https://tools.ietf.org/html/rfc4880#section-3.7.2.1

(2) Read more about OpenPGP S2K here:
https://tools.ietf.org/html/rfc4880#section-3.7.1.3

Read below how to create strong memorable passwords:
https://support.countermail.com/kb/faq.php?id=191


keywords: private key protect select password strong password create password passphrase keyfile two factor authentication privatekey