User Guide
      Back to home
      1. io.finnet Help Center
      2. io.vault
      3. User Guide

      Disaster Recovery Process

      There are three possible scenarios involving some level of disaster recovery or business continuity procedures;

      • If a user has lost a signing device, but utilizes the iCloud syncing feature and possesses the signer passphrase it is possible to simply restore the signer on a new device by downloading the app, logging in, selecting the “restore signer” option and inputting their signer passphrase to decrypt the data on the new device.
      • Alternatively, If a users’ signing device is lost or misplaced and the user does not know the signer passphrase, so long as there are enough available shares to reach the vault threshold using other devices, then a reshare request can be created to issue new shares to a newly registered signing device;
      • Finally, If there are not enough shares available or the io.vault service becomes persistently unavailable for any reason, utilizing the offline disaster recovery process will be necessary.

      7.1 Responsibility

      Each user is responsible for retaining, for each of their registered signer’s: the signer passphrase, as well as downloading and storing an up-to-date encrypted device back-up file after participation in any vault creation or reshare and for the safe-keeping of their 24-word secret phrase in an offline and physically secure location.

      7.2 Process to recover access

      Process Ref.

      Process Step

      1

      Members of the signing party with devices containing enough secret shares to reach the vault threshold must obtain their corresponding up-to-date encrypted back-up files and device specific 24-word secret phrases.

      2

      The organization should then unencrypt and combine these files using the publicly available, open-source script (published here on github) on a secure offline computer to generate, for the first time, a valid private key for the desired vault.

      3

      Follow the step by step guide from github

      Please Note - This process must be used when funds cannot be withdrawn from a vault due to the inability to generate a signed transaction directly using the io.vault product. This can occur for example, by a critical software malfunction, a malicious DOS attack, a permanent service shutdown, or a critical loss of access to the secret shares by the user(s).