Finding a Lost Encryption Key

End-to-end encryption keys in Day One are generated automatically the first time end-to-end encryption is set up on your account (typically when you create your first end-to-end encrypted journal). They only apply to end-to-end encrypted journals – Standard encrypted journals do not use a user-held key.

If you’re not sure whether your account has an encryption key, open Day One on any device where you’re signed in and look in:

• iOS/Android: Profile icon (upper-right corner) > Sync > Encryption Key
• Mac: Settings > Sync > Advanced > View Encryption Key
• Web: Settings > Account > Encryption Key

If Day One shows you an “Enter Encryption Key” prompt (enter key prompt, encryption key required, key not found on this device), it means your account already has an encryption key and encrypted journal data on our servers – the prompt is asking you to enter your existing key, not create a new one. Follow the steps below to find your existing key.

If the app is showing “Enter Key”

This prompt means Day One has detected encrypted data on your account but the encryption key isn’t stored on this device. It does not mean your key is missing – it is most likely on another device or in a backup.

Step 1: Check your other devices. If you have Day One on a Mac, iPad, or another iPhone, your key may already be there:

• iOS/Android: Profile icon (upper-right corner) > Sync > Encryption Key
• Mac: Settings > Sync > Advanced > View Encryption Key
• Web: Settings > Account > Encryption Key

Once you find the key, copy it and enter it on this device when prompted.

Step 2: Check for a saved backup. If you don’t have another device with Day One, look for a previously saved backup file (see “Searching for a downloaded key” below for filenames and locations). For a full list of backup methods by platform, see Keeping Your Day One Encryption Key Safe.

Step 3: Contact support. If you still can’t find the key, please contact our support team with your User ID and we can check whether a key was ever saved on your account.

Searching for a downloaded key

If you downloaded a PDF backup of your encryption key, you can search the file system on your device/computer for the default filename:

• Web/Windows: Day One Master Key Backup.pdf
• iOS: DayOneMasterKey.pdf
• macOS/Android: DayOneKey.pdf

Note that it’s possible to edit the filename when downloading the key, so these default filenames may not match if you saved the key under a different name.

To verify the Encryption Key is correct for your account, the first batch of numbers after D1 should match your User ID.

If only some of your journals are encrypted

If only some of your journals are encrypted and you are willing to lose the encrypted data, you do not need to create a new account. You can simply delete the encrypted journals and keep the rest of your data.

Before deleting, check if you can still read the entries. Open the encrypted journal and see if you can access its entries. If you can still read them, create a new (unencrypted) journal first, then move the entries from the encrypted journal to the new one. This way you won’t lose any data.

Once you’ve saved any entries you want to keep (or if the entries are unreadable), you can delete the encrypted journal. Your other journals will not be affected.

After deleting the encrypted journals, you can set up encryption again later with a new key if you choose to.

If all of your journals are encrypted and you still can’t find your key after checking all possible places, you may need to create a new account and generate a new encryption key. Note that this is a last resort – you won’t be able to use the new key to access entries encrypted with the old key.

Important: Never share your encryption key with anyone else, even when using shared journals.