This guide helps you recover access to your Signal Desktop messages after using Migration Assistant to transfer to a new Mac. This addresses the specific error:
Error while decrypting the ciphertext provided to safeStorage.decryptString
When using Migration Assistant to transfer Signal Desktop to a new Mac, the database and configuration files transfer correctly, but Signal can't decrypt the database. This happens because while Migration Assistant copies the encrypted database and configuration, the encryption keys in the system keychain don't transfer properly.
- Access to both your old and new Mac computers
- Signal working correctly on your old Mac
- Signal installed on your new Mac (but showing the decryption error)
Note: While the following process has been confirmed to work, it's possible that only Step 3 (updating the keychain entry value) is necessary. The full process is documented here for completeness, but future testing may show that Steps 1 and 2 can be skipped. If you're experiencing this issue and find that only Step 3 is required, please share your findings with the community.
First, back up your current keychain entry on the new Mac:
security export -k login.keychain-db -t certs -f pkcs12 -P "backup_password" -o ~/Desktop/signal_keychain_backup_new.p12 "Signal Safe Storage"On your old Mac (where Signal works):
security export -k login.keychain-db -t certs -f pkcs12 -P "temp_password" -o ~/Desktop/signal_keychain_backup.p12 "Signal Safe Storage"Transfer this file to your new Mac and import it:
security import ~/Desktop/signal_keychain_backup.p12 -k login.keychain-db -P "temp_password" -AOn your old Mac, get the keychain value:
security find-generic-password -l "Signal Safe Storage" -wOn your new Mac, update the keychain entry with this value:
security delete-generic-password -l "Signal Safe Storage"
security add-generic-password -l "Signal Safe Storage" -a "Signal Key" -s "Signal Safe Storage" -w "VALUE_FROM_OLD_COMPUTER"- Close Signal completely if it's running
- Launch Signal
- Your message history should now be accessible
- Signal uses a two-layer encryption approach:
- An encrypted key in the configuration file
- A keychain entry used to decrypt that key
- Migration Assistant preserves the configuration but not the keychain entry correctly
- The keychain entry's value must match the old computer exactly
- It's currently unclear whether the keychain entry's attributes (beyond the value itself) need to match the old computer
After confirming Signal works correctly, you can safely remove the backup files:
rm ~/Desktop/signal_keychain_backup*.p12- This process has been tested with Signal Desktop version 7.44.0 on macOS
- Always ensure you have backups before attempting any recovery process
- This method preserves your existing Signal installation and message history
- No re-linking or reinstallation of Signal is required
- Don't share your keychain values or backup files
- Keep your backup files secure until you confirm Signal is working
- Delete the backup files after successful recovery
If Signal still shows the decryption error:
- Verify the keychain entry was properly imported
- Double-check that the keychain value matches exactly
- Ensure Signal is completely closed before retrying
- Check Signal's logs for additional error messages