How is the private key stored?

Your ProtonMail private key is generated in your browser. Then it is encrypted with AES-256 before it is sent to our server. Because it is encrypted with your ProtonMail password (or Mailbox password if you use two-password mode), which never gets sent to the server, we are unable to decrypt your private key. When you log in on a different device, the encrypted private key is sent to that device and then your password decrypts the private key.

Rate This Article

(5 out of 12 people found this article helpful)
Post Comment

23 comments

  1. Sandeep

    In theory someone else who breaks in to my laptop and uses the browser could access this private key. Where is this private key stored in the brower’s local files, and is it recommended to delete this key manually after a Protonmail web mail session?

  2. ProtonMail Support

    Logging out will delete it.

  3. ewhylie

    If logging-out deletes a private key, why is this factoid not included in the ‘LOG OUT’ button ?? Eg:
    ” LOG OUT (Deletes session’s priv key for your safety) ?
    My guess is that less than 1% of users might understand that this is done…

  4. ProtonMail Support

    Closing your browser without logging out will also delete your key.

  5. Pedro

    What if I just “X” out of the window without using the Logoff method, will the will still be deleted?

  6. ProtonMail Support

    Yes, closing the window using “X” will also delete the key.

  7. Lori Pelletier

    I have a recovery code to reset my password and it is not working.

  8. ProtonMail Support

    Please contact our support team at contact@protonmail.com or using the support form at https://protonmail.com/support-form.

  9. Marvin Switzer

    I had a phone crash and cannot access my account. I had two factor authentication installed and can’t seem to use the authentication programs to receive an authentication code. My alternative email is (hidden).

  10. ProtonMail Support

    Please contact our support team at contact@protonmail.com or using the support form at https://protonmail.com/support-form.

  11. Anonymous

    Are my password and encrypted private key stored on ProtonMail servers?
    If so, is my password encrypted as well?
    Would it be possible for a hacker to get my password so he/she could access to my private key?

  12. Rick

    Had to reinstall win7, now I cannot log in.

  13. ProtonMail Support

    Please contact our support team at contact@protonmail.ch, via the report bug button or using the support form at https://protonmail.com/support-form.

  14. scpskr

    Can a private key be downloaded for addition to another key chain?

  15. ProtonMail Support

    No, for now only public keys can be downloaded.

  16. Denis English

    Does my recipient need either key to open emails I send them from proton mail. Someday I am going to understand all this.

  17. ProtonMail Support

    If sending to another ProtonMail user, the message is automatically encrypted with the recipient’s key and there is no need for any further action.
    If sending to a non-ProtonMail user, you can either send an unencrypted message (not end-to-end encrypted, but encrypted with TLS) or you can use the “Encrypt for outside” option: https://protonmail.com/support/knowledge-base/encrypt-for-outside-users/.

  18. meliflous

    What prevents private key being stored by the key creator elsewhere? Can I regenerate the key or upload my own where only I know the password (aside from NSA’s RSA backdoor)?

  19. ProtonMail Support

    The ability to upload your own private keys will be available once full PGP support is added to ProtonMail.

  20. Timoteo

    My mailbox password is rendered invalid (error message drop-down box) each time it gets used. This happened to the real recipient and to my other address within another email provider. The password works once, then it’s deleted(?), even when proton mail has not been shut down/interrupted.

  21. ProtonMail Support

    Can you please contact our support team using the support form: https://protonmail.com/support-form, at contact@protonmail.ch or support@protonmail.ch with more details?

  22. Anonymous

    How was the proper UID added to my pub key(s) i recently downloaded? If i remember correctly, at the beginning of ProtonMail when the service came alive, the one pub key had only a UID like user@protonmail.ch, now i have two pub keys with my surname.name@protonmail.ch or surname.name@protonmail.com

  23. ProtonMail Support

    The public keys are meant for sharing, and this is why the email address is included in the filename. You can always rename the file after you download it.

Leave A Comment?