Signal Desktop uses the Signal application to encrypt locally stored messages. The encryption key for this database is automatically generated by the program when it is installed without any interaction by the user. This leaves the user’s database wide open to any attacker or malware that has access to the computer. Signal has not responded to BleepingComputer’s questions, and a Signal Support Manager at Signal responded to a user’s questions on the Signal forums: “At-rest encryption is not something that Signal Desktop is currently trying to provide or has ever claimed to provide”””
Source: https://www.bleepingcomputer.com/news/security/signal-desktop-leaves-message-decryption-key-in-plain-sight/