The following are instructions in backing up an organization's private keys by uploading a public key.
To reduce the risk of compromise, you might want to use a backup key that has been created on an air-gapped machine. Create a public 2048-bit RSA key pair (private and public), then upload the public key in PEM format to Fordefi.
To create the private key using openSSL use the following command:
openssl genrsa -out key.pem 2048
To extract the public key:
openssl rsa -in key.pem -outform PEM -pubout -out public.pem
The backup process is performed in two phases:
- In the Fordefi web console: An admin uploads the public key file and specifies a backup email.
- On admins' mobile devices: The initiating admin verifies the backup and other admins approve it.
In the side menu, click Settings and then click the Backup tab.
In the list of backup methods, select Public key upload.
In Upload public key, choose the public key file. Ensure that it is in PEM format.
In Set the backup email address, enter a backup email address.
Click Initiate backup process.
An updated backup snapshot of the metadata and an encrypted copy of the organization's private keys is sent as a .json file to the backup email address.
The initiator of the backup and the admin quorum continue the backup process inside the Fordefi mobile app.
The admin who uploaded the public key receives a mobile verify request. The request displays the following information:
- Creating user
- Date and time
- Public key
- Admin quorum approval list when applicable
- CTA: Verify or abort
The admin quorum receives a backup upload request approval with the same information as the initiator.
Updated 20 days ago