A simple yet secure and private way to back up your wallets
There are no accounts in Keeper—not when you create a new app or use any of its features. And we want to keep it that way. It is the only way to be operationally efficient, legally safe, and KYC-free over the long term.
App Recovery
So, how do you recover the app when you want to get it on a new phone? Where is the metadata stored, and how is it retrieved?
Enter Recovery Key. Instead of creating a username and password for encryption and retrieval, we use the already existing mechanisms in bitcoin that users are well accustomed to. The Recovery Key is a 12-word BIP-39 seed phrase with a high entropy by definition and is generated on the user's device. This encrypts any app metadata before it is stored on the backend. The user is nudged, encouraged and warned to ensure these words are backed up securely. They are even reminded regularly to perform health checks for the key. Literature and tools for backing up BIP-39 words are abundant in the bitcoin space.
When the app needs to be recovered, the user simply enters their Recovery Key, and the whole app is restored. It is also worth clarifying that this metadata contains no private key.
Mobile Keys
But what about the hot keys? (In Keeper, these are called Mobile Keys). How are they generated and recreated in the recovered app?
Short answer: BIP-85 deterministic entropy. Long form: The magic of BIP-85 is that you can generate multiple seeds from a single parent. The app uses the Recovery Key as the parent to create hot keys. It is done on the user's device when the app is created new or when it is recovered. Individual wallet seed words do not have to be backed up but can be used to create a wallet on another app (w/o having to back them up as the parent is already backed up on Keeper).
BIP-85 allows you to have multiple hot (mobile) keys, but Keeper does not allow you to use more than one hot key in any multisig (obviously). It also does not allow the Recovery Key to be used as a signer in any wallet.
Inheritance
So, how does this work with Inheritance? Is it another thing the user must pass on to their heirs?
<Image showing RK being passed onto the heir or something>
Wallet configuration files (a.k.a. output descriptors or BSMS) are essential to any multisig scheme (Vaults in Keeper). When you recover a Keeper app using the Recover Key, all the multisig vaults are restored along with their configurations. As such, the configuration files are not needed explicitly. So, a single Recovery Key backs up multiple configuration files and changes them dynamically if something changes in a vault (e.g. key rotation). This provides a convenient, secure and private way to back up configuration files.
This, however, is dependent on the Keeper backend, and that is why we also give users the option to back up these files on their own cloud or manually for each vault.
Conclusion
Recovery Key uses bitcoin native ways to backup your app, generate hot keys, and secure multisig configurations. The user simply has to note down the 12-word phrase. This is a big win for UX, security, and privacy.
