diff --git a/backend/src/auth/CustomJwtPayload.ts b/backend/src/auth/CustomJwtPayload.ts
index 2b52c3cea..7966b413e 100644
--- a/backend/src/auth/CustomJwtPayload.ts
+++ b/backend/src/auth/CustomJwtPayload.ts
@@ -1,5 +1,5 @@
 import { JwtPayload } from 'jsonwebtoken'
 
 export interface CustomJwtPayload extends JwtPayload {
-  pubKey: Buffer
+  gradidoID: string
 }
diff --git a/backend/src/auth/JWT.ts b/backend/src/auth/JWT.ts
index e32e68223..8399c881b 100644
--- a/backend/src/auth/JWT.ts
+++ b/backend/src/auth/JWT.ts
@@ -11,8 +11,8 @@ export const decode = (token: string): CustomJwtPayload | null => {
   }
 }
 
-export const encode = (pubKey: Buffer): string => {
-  const token = jwt.sign({ pubKey }, CONFIG.JWT_SECRET, {
+export const encode = (gradidoID: string): string => {
+  const token = jwt.sign({ gradidoID }, CONFIG.JWT_SECRET, {
     expiresIn: CONFIG.JWT_EXPIRES_IN,
   })
   return token
diff --git a/backend/src/graphql/resolver/TransactionResolver.ts b/backend/src/graphql/resolver/TransactionResolver.ts
index 594039cfd..18adcb5c8 100644
--- a/backend/src/graphql/resolver/TransactionResolver.ts
+++ b/backend/src/graphql/resolver/TransactionResolver.ts
@@ -26,7 +26,7 @@ import { Transaction as dbTransaction } from '@entity/Transaction'
 import { TransactionLink as dbTransactionLink } from '@entity/TransactionLink'
 
 import { TransactionTypeId } from '@enum/TransactionTypeId'
-import { calculateBalance, isHexPublicKey } from '@/util/validate'
+import { calculateBalance } from '@/util/validate'
 import { RIGHTS } from '@/auth/RIGHTS'
 import { User } from '@model/User'
 import { communityUser } from '@/util/communityUser'
@@ -317,10 +317,6 @@ export class TransactionResolver {
 
     // TODO this is subject to replay attacks
     const senderUser = getUser(context)
-    if (senderUser.pubKey.length !== 32) {
-      logger.error(`invalid sender public key:${senderUser.pubKey}`)
-      throw new Error('invalid sender public key')
-    }
 
     // validate recipient user
     const recipientUser = await findUserByEmail(email)
@@ -349,10 +345,6 @@ export class TransactionResolver {
       logger.error(`The recipient account is not activated: recipientUser=${recipientUser}`)
       throw new Error('The recipient account is not activated')
     }
-    if (!isHexPublicKey(recipientUser.pubKey.toString('hex'))) {
-      logger.error(`invalid recipient public key: recipientUser=${recipientUser}`)
-      throw new Error('invalid recipient public key')
-    }
 
     await executeTransaction(amount, memo, senderUser, recipientUser)
     logger.info(
diff --git a/backend/src/graphql/resolver/UserResolver.test.ts b/backend/src/graphql/resolver/UserResolver.test.ts
index d8472fba9..411cd277a 100644
--- a/backend/src/graphql/resolver/UserResolver.test.ts
+++ b/backend/src/graphql/resolver/UserResolver.test.ts
@@ -137,12 +137,8 @@ describe('UserResolver', () => {
               firstName: 'Peter',
               lastName: 'Lustig',
               password: '0',
-              pubKey: null,
-              privKey: null,
-              // emailHash: expect.any(Buffer),
               createdAt: expect.any(Date),
               // emailChecked: false,
-              passphrase: expect.any(String),
               language: 'de',
               isAdmin: null,
               deletedAt: null,
diff --git a/backend/src/graphql/resolver/UserResolver.ts b/backend/src/graphql/resolver/UserResolver.ts
index 752c585fd..b28cb7c4b 100644
--- a/backend/src/graphql/resolver/UserResolver.ts
+++ b/backend/src/graphql/resolver/UserResolver.ts
@@ -297,11 +297,6 @@ export class UserResolver {
       // TODO we want to catch this on the frontend and ask the user to check his emails or resend code
       throw new Error('User has no password set yet')
     }
-    if (!dbUser.pubKey || !dbUser.privKey) {
-      logger.error('The User has no private or publicKey.')
-      // TODO we want to catch this on the frontend and ask the user to check his emails or resend code
-      throw new Error('User has no private or publicKey')
-    }
 
     if (!verifyPassword(dbUser, password)) {
       logger.error('The User has no valid credentials.')
@@ -333,7 +328,7 @@ export class UserResolver {
 
     context.setHeaders.push({
       key: 'token',
-      value: encode(dbUser.pubKey),
+      value: encode(dbUser.gradidoID),
     })
     const ev = new EventLogin()
     ev.userId = user.id
@@ -443,7 +438,6 @@ export class UserResolver {
     dbUser.language = language
     dbUser.publisherId = publisherId
     dbUser.passwordEncryptionType = PasswordEncryptionType.NO_PASSWORD
-    dbUser.passphrase = passphrase.join(' ')
     logger.debug('new dbUser=' + dbUser)
     if (redeemCode) {
       if (redeemCode.match(/^CL-/)) {
@@ -633,34 +627,12 @@ export class UserResolver {
     const user = userContact.user
     logger.debug('user with EmailVerificationCode found...')
 
-    // Generate Passphrase if needed
-    if (!user.passphrase) {
-      const passphrase = PassphraseGenerate()
-      user.passphrase = passphrase.join(' ')
-      logger.debug('new Passphrase generated...')
-    }
-
-    const passphrase = user.passphrase.split(' ')
-    if (passphrase.length < PHRASE_WORD_COUNT) {
-      logger.error('Could not load a correct passphrase')
-      // TODO if this can happen we cannot recover from that
-      // this seem to be good on production data, if we dont
-      // make a coding mistake we do not have a problem here
-      throw new Error('Could not load a correct passphrase')
-    }
-    logger.debug('Passphrase is valid...')
-
     // Activate EMail
     userContact.emailChecked = true
 
     // Update Password
     user.passwordEncryptionType = PasswordEncryptionType.GRADIDO_ID
-    const passwordHash = SecretKeyCryptographyCreateKey(userContact.email, password) // return short and long hash
-    const keyPair = KeyPairEd25519Create(passphrase) // return pub, priv Key
-    const encryptedPrivkey = SecretKeyCryptographyEncrypt(keyPair[1], passwordHash[1])
     user.password = encryptPassword(user, password)
-    user.pubKey = keyPair[0]
-    user.privKey = encryptedPrivkey
     logger.debug('User credentials updated ...')
 
     const queryRunner = getConnection().createQueryRunner()
@@ -771,30 +743,14 @@ export class UserResolver {
         )
       }
 
-      // TODO: This had some error cases defined - like missing private key. This is no longer checked.
-      const oldPasswordHash = SecretKeyCryptographyCreateKey(
-        userEntity.emailContact.email,
-        password,
-      )
       if (!verifyPassword(userEntity, password)) {
         logger.error(`Old password is invalid`)
         throw new Error(`Old password is invalid`)
       }
 
-      const privKey = SecretKeyCryptographyDecrypt(userEntity.privKey, oldPasswordHash[1])
-      logger.debug('oldPassword decrypted...')
-      const newPasswordHash = SecretKeyCryptographyCreateKey(
-        userEntity.emailContact.email,
-        passwordNew,
-      ) // return short and long hash
-      logger.debug('newPasswordHash created...')
-      const encryptedPrivkey = SecretKeyCryptographyEncrypt(privKey, newPasswordHash[1])
-      logger.debug('PrivateKey encrypted...')
-
       // Save new password hash and newly encrypted private key
       userEntity.passwordEncryptionType = PasswordEncryptionType.GRADIDO_ID
       userEntity.password = encryptPassword(userEntity, passwordNew)
-      userEntity.privKey = encryptedPrivkey
     }
 
     const queryRunner = getConnection().createQueryRunner()
diff --git a/backend/src/util/communityUser.ts b/backend/src/util/communityUser.ts
index 298348f0f..98279db15 100644
--- a/backend/src/util/communityUser.ts
+++ b/backend/src/util/communityUser.ts
@@ -16,8 +16,6 @@ const communityDbUser: dbUser = {
   emailId: -1,
   firstName: 'Gradido',
   lastName: 'Akademie',
-  pubKey: Buffer.from(''),
-  privKey: Buffer.from(''),
   deletedAt: null,
   password: BigInt(0),
   //  emailHash: Buffer.from(''),
@@ -26,7 +24,6 @@ const communityDbUser: dbUser = {
   language: '',
   isAdmin: null,
   publisherId: 0,
-  passphrase: '',
   // default password encryption type
   passwordEncryptionType: PasswordEncryptionType.NO_PASSWORD,
   hasId: function (): boolean {
diff --git a/database/entity/0053-change_password_encryption/User.ts b/database/entity/0053-change_password_encryption/User.ts
index 2a3332925..c511a98c8 100644
--- a/database/entity/0053-change_password_encryption/User.ts
+++ b/database/entity/0053-change_password_encryption/User.ts
@@ -34,21 +34,6 @@ export class User extends BaseEntity {
   })
   alias: string
 
-  @Column({ name: 'public_key', type: 'binary', length: 32, default: null, nullable: true })
-  pubKey: Buffer
-
-  @Column({ name: 'privkey', type: 'binary', length: 80, default: null, nullable: true })
-  privKey: Buffer
-
-  @Column({
-    type: 'text',
-    name: 'passphrase',
-    collation: 'utf8mb4_unicode_ci',
-    nullable: true,
-    default: null,
-  })
-  passphrase: string
-
   @OneToOne(() => UserContact, (emailContact: UserContact) => emailContact.user)
   @JoinColumn({ name: 'email_id' })
   emailContact: UserContact
diff --git a/database/entity/0053-change_password_encryption/UserContact.ts b/database/entity/0053-change_password_encryption/UserContact.ts
index 97b12d4cd..c101fba4c 100644
--- a/database/entity/0053-change_password_encryption/UserContact.ts
+++ b/database/entity/0053-change_password_encryption/UserContact.ts
@@ -40,9 +40,6 @@ export class UserContact extends BaseEntity {
   @Column({ name: 'email_resend_count' })
   emailResendCount: number
 
-  // @Column({ name: 'email_hash', type: 'binary', length: 32, default: null, nullable: true })
-  // emailHash: Buffer
-
   @Column({ name: 'email_checked', type: 'bool', nullable: false, default: false })
   emailChecked: boolean