Verifiable Backup
Please refer to the Session creation section to learn how to create a new session.
Verifiable Backup allows users to generate a backup of their MPC wallet that can be verified as correct without decryption. This feature enhances security and privacy in backup management.
Since backup is a sensitive operation, we don't expose the backup endpoint directly in the SDK. Instead, we provide an endpoint in the cloud node /v3/backup-key that can be used to generate the verifiable backup. We provide a method in the client SDK to verify the backup without decryption.
It's the responsibility of the company using the SDK to expose this endpoint to the user in a secure way.
For example:
- When the user requests a backup, the backend can request additional authentication from the user (e.g., 2FA) before generating the backup.
- Once the user is authenticated, the backend can get the verifiable backup from the cloud node and pass it to the user.
- The user can then verify the backup using the
ecdsaVerifyBackup()method.
The v3/backup-key endpoint is not exposed directly in the SDK. Here for the sake of simplicity, we will use the fetch method to make the request from the client. Do NOT expose this endpoint to the user directly in a production application.
Full Example
- ECDSA
- EdDSA
import { EcdsaSession, ecdsaVerifyBackup } from '@silencelaboratories/silent-shard-sdk';
import { Platform } from 'react-native';
const CLOUD_NODE_URI = Platform.select({ android: '10.0.2.2', ios: 'localhost' }) + ':8080';
export const keyBackup = async (
session: EcdsaSession,
// RSA public key in PEM format
rsaPublicKeyPEM: string = '<RSA_PUBLIC_KEY_PEM>'
) => {
// Creating a new keyshare for demo purpose. In real application, you can use an existing keyshare.
const keyshare = await session.keygen();
// Backup
const label = 'example-backup';
const backupRes = await fetch(`http://${CLOUD_NODE_URI}/v3/backup-key`, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({
key_id: keyshare.keyIdBase64Url, // Use base64-url version of keyId for server request
rsa_pubkey_pem: rsaPublicKeyPEM,
label,
}),
});
const backupJson = await backupRes.json();
const backupConfig = {
keyshare: keyshare,
rsa_public_pem: rsaPublicKeyPEM,
backup: backupJson.verifiable_backup,
label,
};
const isVerified = await ecdsaVerifyBackup(backupConfig);
console.log('Is backup verified:', isVerified);
};
import { EddsaSession, eddsaVerifyBackup } from '@silencelaboratories/silent-shard-sdk';
import { Platform } from 'react-native';
const CLOUD_NODE_URI = Platform.select({ android: '10.0.2.2', ios: 'localhost' }) + ':8080';
export const keyBackup = async (
session: EddsaSession,
// RSA public key in PEM format
rsaPublicKeyPEM: string = '<RSA_PUBLIC_KEY_PEM>'
) => {
// Creating a new keyshare for demo purpose. In real application, you can use an existing keyshare.
const keyshare = await session.keygen();
// Backup
const label = 'example-backup';
const backupRes = await fetch(`http://${CLOUD_NODE_URI}/v3/backup-key`, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({
key_id: keyshare.keyIdBase64Url, // Use base64-url version of keyId for server request
rsa_pubkey_pem: rsaPublicKeyPEM,
label,
}),
});
const backupJson = await backupRes.json();
const backupConfig = {
keyshare: keyshare,
rsa_public_pem: rsaPublicKeyPEM,
backup: backupJson.verifiable_backup,
label,
};
const isVerified = await eddsaVerifyBackup(backupConfig);
console.log('Is backup verified:', isVerified);
};
rsaPublicKeyPEM: The RSA public key in PEM format.label: The label used as associated data while performing RSA encryption of the server's keyshare. The label is required while decrypting/verifying the backup.keyshare: The client's share of the MPC wallet.backup: The verifiable encrypted backup of the server's keyshare.isVerified: A boolean indicating whether the backup is verified or not.