Disaster Recovery

This article is relevant for all io.vault and io.network subscriptions.

Responsibility
Downloading the disaster recovery backup file
Process to recover access

Responsibility

Each user is responsible for retaining, for each of their registered signer’s: the signer passphrase, as well as downloading and storing an up-to-date encrypted device back-up file after participation in any vault creation or reshare and for the safe-keeping of their 24-word secret phrase in an offline and physically secure location.

Downloading the disaster recovery backup file

Please Note: To ensure all shares can be recovered from a device, the backup file must be re-downloaded each time the device participates in a request. Users will be prompted to download the backup file whenever this occurs

If you require to further back up your disaster recovery file, the following steps need to be completed:

Open the mobile app and log in
Once logged in, click on the settings button at the top right-hand corner of the app
Select “Download encrypted backup file” and then “Continue”
Specify the file name, select the destination you would like to save the file and then select “Save”
Verify that file was successfully saved to the selected location (preferably on the cloud)

Warning: For reliable disaster recovery, always back up your files to the cloud instead of storing them directly on the device. This way, if the handset is lost, you can easily access and recover your backup without needing the physical phone

Process to recover access

There are three possible scenarios involving some level of disaster recovery or business continuity procedures:

If a user has lost a signing device, but utilizes the iCloud or Google Drive syncing feature and possesses the signer passphrase it is possible to simply restore the signer on a new device by downloading the app, logging in, selecting the “restore signer” option and inputting their signer passphrase to decrypt the data on the new device;
Alternatively, If a users’ signing device is lost or misplaced and the user does not know the signer passphrase, so long as there are enough available shares to reach the vault threshold using other devices, then a reshare request can be created to issue new shares to a newly registered signing device;
Finally, If there are not enough shares available or the io.vault service becomes persistently unavailable for any reason, utilizing the offline disaster recovery process will be necessary.

What if I did not save the latest recovery file?

It is essential to maintain an up-to-date encrypted recovery file for your device.

If the file is not up-to-date you may not be able to recover the secret shares for recently created or updated vaults held on your device if it is lost or stolen.

Follow the steps below to recover access

Members of the signing party with devices containing enough secret shares to reach the vault threshold must obtain their corresponding up-to-date encrypted back-up files and device specific 24-word secret phrases
The organization should then decrypt and combine these files using the publicly available, open-source tool (published here on github) on a secure offline computer to generate, for the first time, a valid private key for the desired vault
Follow the step by step guide from GitHub and our online guide

Brief overview

To use the recovery tool file, you need to launch it via the terminal. Follow the steps below:

Download the recovery tool for your platform from here
- If you are using an Apple Silicon based Mac computer: recovery-tool-mac
- If you are using a Linux based computer:
  recovery-tool-linux
- If you are using a Windows based computer:
  recovery-tool.exe
- For other platforms, we recommend building the tool yourself from source, which requires an installation of the latest Go language compiler from https://go.dev.
Open Terminal or “Command Prompt”: Navigate to the folder where your recovery tool file is located. For example, if it's in your Downloads folder: cd ~/Downloads
Optional step: Use the sha256sum command to verify that the hash of the file you downloaded matches the hash shown on our GitHub releases page for the tool.
e.g. sha256sum recovery-tool*
Run the Recovery Tool: Run the recovery tool using one of the following commands in the terminal window. Be sure to replace <Backup Files> with a space-separated list of your backup file names taken from the io.finnet apps
If you are running from source, use
go run ./ <Backup Files>
in the git cloned repository directory.

For more detailed instructions on using the Terminal, refer to the Apple Terminal Guide or Windows Command Prompt guide.

The tool will recover a key that is usable for all existing supported coins in the following wallets: MetaMask (for Ethereum and EVM-based coins and tokens), Electrum wallet (for Bitcoin), and TronLink (for Tron).

For detailed information on the process, please visit our online guide.

Please note

This process must be used when funds cannot be withdrawn from a vault due to the inability to generate a signed transaction directly using the io.vault product. This can occur for example, by a critical software malfunction, a malicious DOS attack, a permanent service shutdown, or a critical loss of access to the io.finnet app by the user(s).

Common troubleshooting issues

Permission Denied Error: If you encounter a "permission denied" message when trying to run the recovery tool:
1. Run the following command in the terminal to grant execution permissions: chmod +x recovery-tool-mac
Security Popup Issue: If you see a security popup message preventing you from running the tool:
1. Go to your System’s Privacy & Security settings
2. Click on Allow Anyway for the recovery tool
3. Try running the recovery tool again

By following these steps, you should be able to successfully run and interact with the recovery tool file via the terminal.

Important note

For newer supported chains and coins not listed here, please contact us for further information on which app to use for recovery.