Recovery Kit vs Account Kit

Hi all, the First setup page in the user guide tells you to download and store your recovery kit in a safe place. Is the recovery kit the same as the account kit you can download from the ‘Desktop app setup’ page?

Cheers, Scott

Hello @ScottMeikle and welcome to the forum!
They are not the same. The recovery kit is used if you forget your passphrase or want to log in to a new computer/browser.
The account kit is used only to log in to the Windows desktop app

Hey @ScottMeikle,

The recovery kit downloaded during setup contains only the user’s private key and is currently the file required to restore your account on a new browser.

The account kit downloaded to set up the desktop application contains more details and is currently only used by the desktop application. Future development should align them both, and the account kit will serve both cases. For now, the recovery kit (edited: not the account kit) is the one that needs to be backed up in case of any issues.

Note that in both cases, users need to remember their passphrase. Mechanism to recover an account without a passphrase exist though in the Cloud and Pro version. Checkout this blog article if you want to know more about it: Introducing the upcoming “Account Recovery” functionality

Thank you both for the help and advice. Requiring just the account kit sounds like a great idea. I’m trying to write a note for our users explaining what file(s) they need to backup and the fewer the better. Particulary since some of them have already mislaid their recovery kit :slight_smile:

Hey @ScottMeikle, edited my previous answer, the second paragraph could be misleading. To clarify, the recovery kit downloaded when installing the browser extension is for now the one that need to be backed up.

Thanks for the clarification Cedric. Can the recovery kit be downloaded or re-created after the initial setup? I’m thinking about those people that have already managed to lose their recovery kit.

yes, just go to https://<YOUR_PASSBOLT_URL>/app/settings/keys and download the private key on top

Brilliant, thanks for the update Max.

1 Like

Apologies, but I do have another question. Is the downloaded private key encrypted?

The help page says:
’ DANGER The recovery kit also known as your private PGP key associated to your passphrase is something that could grant access to your account if for any reason the passphrase is corrupted, it is really important to keep this downloaded file somewhere safe and encrypted if possible.’ Which kind of implies it isn’t?

I confirm to you that the private key is encrypted using the passphrase of the user.

That’s great, thanks for confirming that Cedric.

1 Like