Frequently Asked Question

How is the private key protected?
Last Updated 2 months ago

The private key is only stored in encrypted form, using PGP symmetrical encryption (1).
The user-password is converted to a AES-256 key using OpenPGP's Iterated and Salted S2K (2), the iteration code is set to 192, which equals to approx. 4 MB of data to hash (password+salt iterated), for a single password. This makes the password very slow to bruteforce(3). All decryption is done on the users own computer, the password is never sent to our server.

(1) Read more about OpenPGP symmetrical encryption here:
https://tools.ietf.org/html/rfc4880#section-5.7
https://tools.ietf.org/html/rfc4880#section-3.7.2.1

(2) Read more about OpenPGP S2K here:
https://tools.ietf.org/html/rfc4880#section-3.7.1.3

Read below how to create strong memorable passwords:
https://support.countermail.com/kb/faq.php?id=191

Keywords: private key protect select password strong password create password passphrase keyfile two factor authentication privatekey

Please Wait!

Please wait... it will take a second!