Skip to content
Pia Docs

Recovery codes

When you enable E2EE, Pia generates a single recovery code. It is the only way to recover access to your encrypted data if you lose every active device.

What the recovery code is

Section titled “What the recovery code is”

A Base32 string carrying 128 bits of entropy. It’s never transmitted to the server in cleartext. Internally it’s used to derive a Key Encryption Key (KEK) via Argon2id, which then unwraps your User Master Key (UMK).

Recovery code  ──Argon2id(salt, m, t, p)──►  KEK  ──AES-GCM-decrypt──►  UMK

The Argon2id parameters (salt, memory cost, time cost, parallelism) are stored on the server alongside the wrapped UMK so any new device can reproduce the derivation.

When to use it

Section titled “When to use it”

You need the recovery code when:

  • You’ve lost or wiped all active devices.
  • A new device can’t be approved by an existing one (because you have none).

You do not need the recovery code for:

  • Routine sign-in (your active devices keep working).
  • Adding a device when another device is online and reachable — that flow uses the device-to-device approval, not recovery.

Activation flow

Section titled “Activation flow”
  1. On a fresh device, sign in with your account credentials.
  2. When prompted, choose “Use recovery code”.
  3. Paste the code. The client derives the KEK via Argon2id.
  4. The client downloads the recovery-wrapped UMK from /api/e2ee/recovery/wrapped-umk and decrypts it locally.
  5. The client computes an HMAC-based proof of possession and POSTs it to /api/e2ee/recovery/activate.
  6. The server upgrades this device to Active and the client self-wraps the UMK for ongoing use.

The server only ever sees the proof, not the unwrapped UMK.

Rotating the recovery code

Section titled “Rotating the recovery code”

Generate a new recovery code from Settings → Recovery code in the desktop client. Rotation:

  • Generates a new salt and re-wraps the UMK with the new KEK.
  • Bumps RecoveryWrapVersion on PiaUser.
  • Invalidates the previous code immediately — old printouts no longer work.

Rotate the code if you suspect it’s been seen by someone else, or as periodic hygiene.

Storage advice

Section titled “Storage advice”

Treat the recovery code like a paper master key:

  • Print it and store the paper somewhere secure (a safe, a sealed envelope in a filing cabinet).
  • Or save it in a password manager whose own master password isn’t stored on a Pia-synced device.
  • Never email it to yourself or paste it into a chat — those services have copies.

What recovery does not restore

Section titled “What recovery does not restore”

The recovery code restores access to the encrypted records the server holds for you. It does not restore:

  • Local-only state on a wiped device (DPAPI-encrypted client cache).
  • Plaintext data that was never synced.
  • Account-level settings that are stored client-side.