Requires PowerShell 6 or higher, the built-in version of PowerShell 5 in Windows 10/11 will not work.
Signal Desktop stores all messages in a database encrypted with an installation-specific encryption key, which is protected using DPAPI on Windows. As a result, if you just copy the %APPDATA%\Signal directory to a new computer, Signal will be unable to decrypt it.
This PowerShell script generates a new Signal config file containing the equivalent plaintext encryption key instead of the DPAPI-protected key and returns it. To move the Signal Desktop installation to a different machine:
- Close Signal Desktop.
- Run
Unprotect-SignalConfig.ps1. It should return a PowerShell object containing the patched config. - Replace
%APPDATA%\Signal\config.jsonwith the output of the script:
.\Unprotect-SignalConfig.ps1 | ConvertTo-Json | Set-Content $env:APPDATA\Signal\config.json- Move the
%APPDATA%\Signaldirectory to the new machine. - Run Signal Desktop on the new machine. It should automatically replace the plaintext key with a DPAPI-protected version for the new machine.