Manage your Backup Snapshot

Overview

In addition to the backups that you initiate, Fordefi regularly sends you an encrypted backup snapshot over email. The backup snapshot contains the encrypted MPC shares and the data about all the vaults in your workspace. For each vault, the snapshot contains its name, address, and, most importantly, its derivation path.

Whenever you create a new vault, Fordefi generates an up-to-date backup snapshot, which contains the information of the new vault, and sends it to you. The encrypted MPC shares are the same in all your backup snapshots (apart from the case where you import new keys into your workspace).

When you run the recovery tool, the tool first reconstructs the master private key from the encrypted MPC shares, and then uses the additional vault information from the snapshot to derive the private key of each of the vaults in your workspace from the master key.

Use the latest backup snapshot

• On the one hand, having an up-to-date backup snapshot is recommended, since it allows automatic recovery of all your vaults. Therefore, we recommend that you store the updated snapshots files sent to you over email (as opposed to, for example, only downloading the backup snapshot once).
• On the other hand, having an up-to-date backup snapshot is not critical, in the sense that even if you only have an older version of the backup snapshot, you can still recover your private keys by manually providing the derivation path of each vault. Even if you don't have the derivation paths, they can be easily enumerated, since they follow a predictable pattern. Learn more about manually deriving vaults private keys.

Change the backup email address

From time to time, an organization may want to change the email address to which backups are sent.

When an organization creates a backup of its private keys, a recovery email address must be specified.

Follow these steps to change the email address:

1. Open the Fordefi web console.

2. In the side menu, click Settings, then click the Backup tab.

   

3. In the section Set the backup email address, click Change backup email.

4. Enter a new backup email address and click Save.

   The following result from the email change:

   • An updated backup snapshot of the data and an encrypted copy of the organization's private key is sent as a .json file to the new backup email address.

     Opening the .json file requires the combined recovery phrase of the designated admins.

   • A change backup email request is sent to the mobile device of the person who changed the backup email. When that person taps Verify, a message is displayed confirming that the backup email was successfully changed.