Use Public Key Upload

Copy

• Copy for LLM

  Copy page as Markdown for LLMs
• View as Markdown

  Open this page as Markdown
• Open in ChatGPT

  Get insights from ChatGPT
• Open in Claude

  Get insights from Claude
• Connect to Cursor

  Install MCP server on Cursor
• Connect to VS Code

  Install MCP server on VS Code

The following are instructions for backing up an organization's private keys by uploading a public key.

To reduce the risk of compromise, you might want to use a backup key that has been created on an air-gapped machine. Create a public 2048-bit RSA key pair (private and public), then upload the public key in PEM format to Fordefi.

• To create the private key using openSSL use the following command:

  openssl genrsa -out key.pem 2048

• To extract the public key:

  openssl rsa -in key.pem -outform PEM -pubout -out public.pem

The backup process is performed in two phases:

• In the Fordefi web console: An admin uploads the public key file and specifies a backup email.
• On admins' mobile devices: The initiating admin verifies the backup and other admins approve it.

In the Fordefi web console

1. In the side menu, click Settings and then click the Backup tab.

2. Choose Public Key Upload as your backup method.

   

3. In Public key file, choose the public key file. Ensure that it is in PEM format.

   

4. Click Next.

   

5. Specify an email address to receive encrypted backup snapshots. Click Edit email.

   

   You can choose whether or not the system sends you backup snaphots by email.

   • To opt in, toggle on Get the latest encrypted backup by email, then specify the email address of the person who will receive the backup.
   • To opt out, toggle off Get the latest encrypted backup by email.

   Click Save.

   Manually download backup

   If you have opted out, no encrypted backups are sent by email. You can still download the latest backup snapshot at any time by selecting Settings > Backup in the Fordefi web console.

6. Click Initiate backup process.

   An updated backup snapshot of the metadata and an encrypted copy of the organization's private keys is sent as a .json file to the backup email address.

On admins' mobile devices

The initiator of the backup and the admin quorum continue the backup process inside the Fordefi mobile app.

The initiator of the backup

The admin who uploaded the public key receives a mobile verify request. The request displays the following information:

• Creating user
• Date and time
• Email
• Public key
• Admin quorum approval list when applicable
• CTA: Verify or abort

Click Verify.

Admin Quorum

The Admin Quorum receives a backup upload request approval with the same information as the initiator.

Click Approve.