App Login

Emergency Recovery System

The Blockdaemon Builder Vault TSM Emergency Recovery System (ERS) allows you to securely export private ECDSA and EdDSA keys from the TSM. The exported key will be encrypted under an external public RSA key, and can be safely stored somewhere else as a backup. The private ECDSA or EdDSA key can later be recovered using only the exported encrypted backup and the external private RSA key. Recovery does not require access to the TSM.

Key features:

  • The backup is encrypted under a public RSA key.
  • The backup can be validated in zero-knowledge at any time and by anyone holding the public RSA key.
  • The backup can be recovered offline using the private RSA key.
  • The private RSA key can be stored in a hardware security module (HSM); recovering only requires a number of standard decryptions using the private RSA key.
  • You can use a fixed RSA key for backup of many keys or a separate RSA key for each backup.

Updated 8 months ago

What’s Next