# Use Public Key Upload

The following are instructions for backing up an organization's private keys by uploading a public key.

To reduce the risk of compromise, you might want to use a backup key that has been created on an air-gapped machine. Create a public 2048-bit RSA key pair (private and public), then upload the public key in PEM format to Fordefi.

- To create the private key using openSSL use the following command:
`openssl genrsa -out key.pem 2048`
- To extract the public key:
`openssl rsa -in key.pem -outform PEM -pubout -out public.pem`


The backup process is performed in two phases:

- **In the Fordefi web console**: An admin uploads the public key file and specifies a backup email.
- **On admins' mobile devices**: The initiating admin verifies the backup and other admins approve it.


## In the Fordefi web console

1. In the side menu, click **Settings** and  then click the **Backup** tab.

2. In the list of backup methods, select **Public key upload**.
3. In **Upload public key**, choose the public key file. *Ensure that it is in PEM format*.
4. In **Set the backup email address**, enter a backup email address.
5. Click **Initiate backup process**.
An updated backup snapshot of the metadata and an encrypted copy of the organization's private keys is sent as a .json file to the backup email address.


## On admins' mobile devices

The initiator of the backup and the admin quorum continue the backup process inside the Fordefi mobile app.

### The initiator of the backup

The admin who uploaded the public key receives a mobile verify request. The request displays the following information:

- Creating user
- Date and time
- Email
- Public key
- Admin quorum approval list when applicable
- CTA: Verify or abort


Click **Verify**.

### Admin Quorum

The Admin Quorum receives a backup upload request approval with the same information as the initiator.

Click **Approve**.