External Key Method
Back up your end users device's key shares using an external key.
Following this method, your application must be able to create an encryption key that is used to perform the backup; then during recovery, the application must be able to provide a decryption key.
See also:
Encrypted Backup and Recovery - Cloud Provider Methods for information about backing up end-user mobile device key shares using a Cloud service.
Back up Organization Keys for information about organizational backup in case of disaster recovery.
Back up mobile device's key shares
To back up mobile device's key shares, Fordefi supports passing an AES 256-bit symmetric key that you generate into the backupKeys function. Once the function is used, an encrypted version of the end user's key share will be uploaded to Fordefi's cloud for storage.
Here's how:
const backupKeysFn = async (encryptionKey?: string) => {
try {
const backupOptions: ExternalBackupOptions = {
encryptionKeyType: EncryptionAES256,
encryptionKey: encryptionKey,
};
const result = await backupKeys(backupOptions);
console.debug(`Update Backup result ${result}`);
} catch (error: unknown) {
const sdkError = error as FordefiSdkErrorResult;
console.error(`Update Backup failed ${error}`);
}
};Recover the device key share
To recover the device key share, pass into the recoverKeys function the symmetric key used to encrypt the key share. Fordefi's SDK will download the encrypted share from the storage, decrypt, and load it into the SDK.
For example:
const recoverKeysFn = async (encryptionKey?: string) => {
try {
const backupOptions: ExternalBackupOptions = {
encryptionKeyType: EncryptionAES256,
encryptionKey: encryptionKey,
};
const result = await recoverKeyset(backupOptions);
console.debug(`Recover Keys result ${result}`);
} catch (error: unknown) {
const sdkError = error as FordefiSdkErrorResult;
console.error(`Recover Keys failed ${error}`);
}
};In future versions, additional backup methods will be supported.