Creating a backup and recovery kit is similar to the process for a SaaS MPC Workspace, as explained here. The main difference is that in the backup and recovery process for Hosted MPC, the two Guard Co-Signers that are associated with the Owner are also involved, in addition to the Owner’s Mobile device.
Step 1: Initiate the backup and recovery process
After finalizing the backup and recovery approval process on the Fireblocks mobile app, the workspace Owner receives the encrypted kit via email, which they then need to download and transfer to an air-gapped machine.
There are two main differences in a Hosted MPC Workspace:
- Email kit: The kit that you receive by email contains the passphrase-encrypted mobile key share, which is only one of the Owner’s key shares.
- Guard Co-signers: The other two key shares of the Owner’s Guard Co-signers are encrypted using the RSA public key and saved as files on the local host in a dedicated folder. The approval of the Backup and Recovery process triggers this automatically.
Note:
The Guard Co-signers’ key share files are encrypted and saved with the RSA public key that you upload to Fireblocks during the backup and recovery process performed via the Console.
Step 2: Assemble the kit
At this stage, you must already have three encrypted Owner keys-shares at your disposal: one key-share you received via email, and two Guard Co-signer key shares stored locally.
You are responsible for copying the encrypted Guard Co-signer key-share files, and your encrypted Mobile key-share to a different air-gapped machine. At this point, you can assemble the kit, which now holds all three key shares.