Recover Private Keys - Public Key Upload Method

The recovery-tool provided with your Fordefi account enables you to recover your organization's private keys, independently of Fordefi.

Suggest Edits

📘

Note

This page provides instructions for recovering private keys if you used the Public Key Upload method to create a backup.

To recover its private keys, an organization must possess the following (generated during the backup process):

  • The recovery tool (MacOS Intel, MacOS Apple silicon, Linux, Windows)
  • The private key that was generated on the air-gapped machine.
  • An encrypted copy of the organization’s private keys (.json file), extracted from the backup .zip file.

🚧

Recommendation

Recovering private keys should be performed on an external, offline device.

Recover private keys - MacOS and Linux

📘

Mac users

See more about opening apps from unidentified developers.

  1. Open a terminal and navigate to the directory where you have downloaded the recovery tool.

  2. At the command prompt, run the following command:

    ./recovery-tool public-key-recover -p '/path/to/backup.json' -k my_file/private_key.pem -o output.csv

    Options

    • -p specifies the path to the .json file that was generated during the backup process. Here, it is backup.json.
    • -b can be used instead of -p. It lets you input the contents of the .json file through stdin.
    • -o (optional) specifies the output file. In the example,output_file.csv contains the recovered private keys. If this option is not used, the output will be displayed in stdout.
    • -k is the path to a file that lets you provide the private key in PEM format.
    • --export-electrum-dir (optional) A directory. If provided, Fordefi exports into this directory private keys that can be easily imported into an Electrum Bitcoin wallet. Fordefi creates one file per vault with all the vault's keys in both legacy and SegWit formats.

  3. Output file:

  • For vaults of most types, the output consists of private keys for each of the vaults created in your Fordefi workspace. For example:

  • For Bitcoin vaults, Fordefi recovers multiple keys per vault -- in Bitcoin, there is one key per address and each vault can have many addresses. In the following example, there are three keys from first_bitcoin_vault and one key from second_bitcoin_vault. In the main CSV file for Bitcoin vaults, Fordefi provides the private key in WIF format in the Wallet Import Private Key column.

    📘

    Notes

    • Fordefi backs up Bitcoin mainnet vaults only.
    • A backup email is sent upon the creation of every new Fordefi vault.
      Because you are able to manually add addresses for any Bitcoin vault, Fordefi does not send an email message each time an address is added.
      If your organization has Bitcoin vaults, we suggest you manually download the latest backup file with all the vault addresses before recovering and exporting the keys. You can do this through the Settings > Backup screen.

👍

Next steps

See Further handling, below.

Recover private keys - Windows

  1. Open a command prompt.

  2. Run the following command:

    recovery-tool.exe public-key-recover -p '\path\to\backup.json' -k my_file/private_key.pem -o output.csv

Options

  • -p specifies the path to the .json file that was generated during the backup process. Here, it is backup.json.
  • -b can be used instead of -p. It lets you input the contents of the .json file through stdin.
  • -o (optional) specifies the output file. In the example,output_file.csv contains the recovered private keys. If this option is not used, the output will be displayed in stdout.
  • -k is the path to a file that lets you provide the private key in PEM format.
  • -export-electrum-dir (optional) A directory. If provided, Fordefi exports into this directory private keys that can be easily imported into an Electrum Bitcoin wallet. Fordefi creates one file per vault with all the vault's keys in both legacy and SegWit formats.
  1. The output file consists of private keys for each of the vaults created in your Fordefi workspace (see examples, above).

Further handling

Once you have recovered the private keys, perform the procedures described below for EVM, Solana, and Bitcoin vaults.

EVM vaults

You will need to import the private key represented as a hex value for each vault, separately, into MetaMask.

Solana vaults

For Solana vaults, there is an additional procedure to perform. Once you have recovered the private keys using the procedures provided above, transfer funds to another wallet using the steps in Recover Solana.

Bitcoin vaults

Import the keys into an Electrum Bitcoin wallet.

Updated about 1 month ago