# Backup with External Key Back up your end users device's key shares using an external key. Following this method, your application must be able to create an encryption key that is used to perform the backup; then during recovery, the application must be able to provide a decryption key. See also: - [Encrypted Backup and Recovery - Cloud Provider Methods](/waas/end-user-backup-and-recovery/encrypted-backup-cloud) for information about backing up end-user mobile device key shares using a Cloud service. - [Back up Organization Keys](/user-guide/backup-and-recover-private-keys) for information about *organizational* backup in case of disaster recovery. ## Back up mobile device's key shares To back up mobile device's key shares, Fordefi supports passing an AES 256-bit symmetric key that you generate into the [backupKeys function](https://documentation.fordefi.com/react-native/functions/backupKeys.html). Once the function is used, an encrypted version of the end user's key share will be uploaded to Fordefi's cloud for storage. Here's how: React Native ``` const backupKeysFn = async (encryptionKey?: string) => { try { const backupOptions: ExternalBackupOptions = { encryptionKeyType: EncryptionAES256, encryptionKey: encryptionKey, }; const result = await backupKeys(backupOptions); console.debug(`Update Backup result ${result}`); } catch (error: unknown) { const sdkError = error as FordefiSdkErrorResult; console.error(`Update Backup failed ${error}`); } }; ``` Kotlin ``` import com.fordefi.fordefi.Fordefi import com.fordefi.fordefi.FordefiError import com.fordefi.fordefi.FordefiExternalEncryption import com.fordefi.fordefi.FordefiExternalEncryptionKeyType class MainActivity : ComponentActivity() { private var fordefi: Fordefi? = null private val encryptionKey = "" override fun onCreate(savedInstanceState: Bundle?) { super.onCreate(savedInstanceState) ... val encryption = FordefiExternalEncryption(encryptionKey, FordefiExternalEncryptionKeyType.AES256) fordefi!!.backupKeyset( keysetID, encryption) { error -> handleBackupKeyset(keysetID, error) } } private fun handleBackupKeyset(keysetID: String, error: FordefiError?) { if (error == null) { Log.i("FordefiSDK", "success") } else { Log.i("FordefiSDK", String.format("Failed to backup keys: %s", error.description()) ) } } } ``` Swift ```swift import FordefiSdk class ViewController: UIViewController { private var fordefi: Fordefi? private let encryptionKey = "" override func viewDidAppear(_ animated: Bool) { ... self.fordefi?.backupKeys( encryption: FordefiExternalEncryption( key: self.encryptionKey, type: FordefiExternalEncryptionKeyType.aes256), completionHandler: { error in xself.handleBackupKeyset(error: error) }) } private func handleBackupKeys(error: FordefiError?) { if error != nil { print("Faield to backup keys. Error: \(error!.errorDescription!)") return } } } ``` ## Recover the device key share To recover the device key share, pass into the [recoverKeys function](https://documentation.fordefi.com/react-native/functions/recoverKeys.html) the symmetric key used to encrypt the key share. Fordefi's SDK will download the encrypted share from the storage, decrypt, and load it into the SDK. For example: typescript ``` const recoverKeysFn = async (encryptionKey?: string) => { try { const backupOptions: ExternalBackupOptions = { encryptionKeyType: EncryptionAES256, encryptionKey: encryptionKey, }; const result = await recoverKeyset(backupOptions); console.debug(`Recover Keys result ${result}`); } catch (error: unknown) { const sdkError = error as FordefiSdkErrorResult; console.error(`Recover Keys failed ${error}`); } }; ``` Kotlin ``` import com.fordefi.fordefi.Fordefi import com.fordefi.fordefi.FordefiError import com.fordefi.fordefi.FordefiExternalDecryption import com.fordefi.fordefi.FordefiExternalEncryptionKeyType class MainActivity : ComponentActivity() { private var fordefi: Fordefi? = null private val encryptionKey = "" override fun onCreate(savedInstanceState: Bundle?) { super.onCreate(savedInstanceState) ... val decryption = FordefiExternalDecryption(encryptionKey, FordefiExternalEncryptionKeyType.AES256) fordefi!!.recoverKeys(decryption) { handleRecoverKeys(error) } private fun handleRecoverKeyset(error: FordefiError?) { if (error == null) { Log.i("FordefiSDK", "Key was recovered successfully") } else { Log.i("FordefiSDK", String.format("Failed to recover key: %s", error.description()) ) } } } ``` Swift ``` import FordefiSdk class ViewController: UIViewController { private var fordefi: Fordefi? private let keysetID = "" private let encryptionKey = "" override func viewDidAppear(_ animated: Bool) { ... self.fordefi?.recoverKeys( decryption: FordefiExternalDecryption(key: self.encryptionKey, type: FordefiExternalEncryptionKeyType.aes256), completionHandler: { error in self.handleRecoverKey(error: error) }) } private func handleRecoverKeys(error: FordefiError?) { if error != nil { print("Failed to recover keys. Error: \(error!.errorDescription!)") return } } } ``` Run the command for each key type In future versions, additional backup methods will be supported.