Hi all, the First setup page in the user guide tells you to download and store your recovery kit in a safe place. Is the recovery kit the same as the account kit you can download from the ‘Desktop app setup’ page?
Cheers, Scott
Hello @ScottMeikle and welcome to the forum!
They are not the same. The recovery kit is used if you forget your passphrase or want to log in to a new computer/browser.
The account kit is used only to log in to the Windows desktop app
Hey @ScottMeikle,
The recovery kit downloaded during setup contains only the user’s private key and is currently the file required to restore your account on a new browser.
The account kit downloaded to set up the desktop application contains more details and is currently only used by the desktop application. Future development should align them both, and the account kit will serve both cases. For now, the recovery kit (edited: not the account kit) is the one that needs to be backed up in case of any issues.
Note that in both cases, users need to remember their passphrase. Mechanism to recover an account without a passphrase exist though in the Cloud and Pro version. Checkout this blog article if you want to know more about it: Introducing the upcoming “Account Recovery” functionality
Thank you both for the help and advice. Requiring just the account kit sounds like a great idea. I’m trying to write a note for our users explaining what file(s) they need to backup and the fewer the better. Particulary since some of them have already mislaid their recovery kit 
Hey @ScottMeikle, edited my previous answer, the second paragraph could be misleading. To clarify, the recovery kit downloaded when installing the browser extension is for now the one that need to be backed up.
Thanks for the clarification Cedric. Can the recovery kit be downloaded or re-created after the initial setup? I’m thinking about those people that have already managed to lose their recovery kit.
yes, just go to https://<YOUR_PASSBOLT_URL>/app/settings/keys and download the private key on top
Brilliant, thanks for the update Max.
1 Like
Apologies, but I do have another question. Is the downloaded private key encrypted?
The help page says:
’ DANGER The recovery kit also known as your private PGP key associated to your passphrase is something that could grant access to your account if for any reason the passphrase is corrupted, it is really important to keep this downloaded file somewhere safe and encrypted if possible.’ Which kind of implies it isn’t?
I confirm to you that the private key is encrypted using the passphrase of the user.
That’s great, thanks for confirming that Cedric.
1 Like
Hi there, I am still confused by the different private keys and recovery kits.
I have seen 3 different phrases for files used to restore the account on another / new device:
- Recovery Kit
- Account Kit
- Private Key
Account Kit
As pointed out by this thread, this file is only for setting up a windows client. Alright.
Recovery Kit
I am the Administrator of a self hosted passport instance which I set up about a year ago. While setting up my own account, I have downloaded a file called passbolt-recovery-kit.asc
Today, on a new machine, I tried to setup the passbolt firefox add-on and log-in to my account there. I first had to enter my e-mail, then got a link for the account recovery by uploading a recovery file.
I then uploaded the passbolt-recovery-kit.asc file but only got the following error:
This key doesn’t match any account
I then found this page in the docs: https://www.passbolt.com/docs/admin/authentication/account-recovery/#enable-account-recovery
If my interpretation is correct, it does say:
- Account Recovery is disabled by default
- To enable Account Recovery, I need to be on a paid tier (Passbolt-Pro)
Private Key
As I still had access on another machine (also via Firefox add-on), I then downloaded my private key as file passbolt_private.asc
Although this page calls this private key also “Recovery Kit” 
: https://www.passbolt.com/docs/user/basic-features/browser/download-recovery-kit/
Nevertheless, with this file I was able to set up passbolt on my new machine.
Now I am confused …
- Are the “Recovery Kit” and the “Private Key” the same thing?
If yes:
- Why was the original “Recovery Kit” not working for me?
- Is there something that can render the recovery kit invalid (password change, passbolt update, …)
- Is the
passbolt-recovery-kit.ascfor the whole server, instead of my user?
If no:
- What’s the difference between “Account Recovery” and “using the private key to log-in on a new machine”?
- Why do the docs call the private key “Account Recovery Kit”?
- Is there any way to convert the recovery kit to the private key?
My aim with these question is to better understand what key files are required for all users to regain access to their passbolt accounts - as I was surprised that I was not able to log into my account with the account-recovery-kit.
Cheers
Simon