Your encrypted messages are protected by a private key. In its turn, the private key is protected by your passphrase.
To be able to read encrypted messages on more than one device, you need a way to manage a backup of your private key. You can manage your backup:
- Automatically: FlowCrypt will store your passphrase-protected key in your inbox.
- Manually: you save a file and take care of it yourself.
- Through your own key management system if you’re an enterprise customer.
Default backup methods
If you’ve imported your private key from another OpenPGP software, it’s assumed you’ll do your own private key management, and FlowCrypt won’t perform any backups unless you explicitly ask it in the FlowCrypt Settings ⮕ Additional Settings ⮕ Backup section.
If you let FlowCrypt create a key for you, the default option is to back up a protected key in your inbox, so that you can use FlowCrypt on another device just with your secret passphrase. You can click Show Advanced Settings during the setup process for more options.
This is detailed in the Handling of Private Keys section of our Privacy Policy.
Enterprise customers can customize or entirely disable key backup for their users.
Where can I find my Private Key?
For security reasons, we don’t show your private key explicitly in the settings section. You can download it following FlowCrypt Settings ⮕ Additional Settings ⮕ Backup ⮕ Save private key as a file steps.
Where does FlowCrypt store my private key?
Depending on which product you use, your private key can be stored in various ways:
| Product type | Storage |
|---|---|
| FlowCrypt Browser Extension | Browser local extension storage (Chrome , Firefox ) |
| FlowCrypt Android and iOS Apps | Encrypted database in your app storage, Database Encryption Key in OS Key Chain. |
| FlowCrypt Email Key Manager (enterprise) | Encrypted fields in a database, Database Encryption Key in the properties file, stdin, sysargs, KMS, or HSM. See Enterprise Server Databases. |
Depending on how you set up FlowCrypt, there might also be a backup, see the default backup methods above. Enterprise users can use the Email Key Manager to manage their organization keys on the premise.
Import a private key from GnuPG
If your private key is currently in GPG and you’d like to use it in FlowCrypt, you can export it with the following command:
gpg --output private-key.asc --armor --export-secret-key your@email.com
You can then import this key into FlowCrypt, either during setup by choosing Import Private Key, or after setup by going to FlowCrypt Settings ⮕ Additional Settings ⮕ My Keys ⮕ Add Key.