lost me at:
– recovery requires access to a device, hardware, or cloud.
i'm fine putting 0.1 btc on this thing. can't say the same for 1 btc.
if you lose your hardware device or phone or both, bitkey can recover your funds. this means it has all the information needed to move my funds. this is not a cold wallet.
Bitkey can't move our funds without us.
Yes it can
How?
If you lose your bitkey, your phone or both, it can still recover your funds, can’t it? This means they always have an encrypted copy of your keys somewhere in their cloud.
Please nostr:npub17q66c7yr5thrc9vscy2u2m7t50chjvvdwtkwp6qap6035ftv46xqmg3few help me here.
bitkey can’t move your funds. even in recovery. bitkey uses 2-of-3 multisig: phone key, hardware key and block’s server key. block holds just 1 key. that’s never enough to spend.
to your point nostr:nprofile1qyxhwumn8ghj7mn0wvhxcmmvqyw8wumn8ghj7mn0wd68ytfsxyh8jcttd95x7mnwv5hxxmmdqqs9tc6ruevfqu7nzt72kvq8te95dqfkndj5t8hlx6n79lj03q9v6xcalg0wv "if you lose your bitkey, your phone or both, it can still recover your funds..."
yes - but only with your participation. every recovery path requires a key you control or a process you initiate. here’s how:
cloud backup: your phone key is encrypted and stored in your cloud. it can only be decrypted using your hardware. if you don’t tap the device, nothing happens.
delay & notify: if you lose hardware or cloud, you can trigger recovery with the remaining key. block notifies you over sms/email for 7 days before co-signing. if you didn’t request it, you cancel it. without your key and time-based consent, recovery fails.
social recovery: if both keys are gone, your trusted contact helps decrypt your backup - but only after you prove your identity to them and they manually assist you. again, block server can’t act alone.
emergency kit (break glass): stored in your cloud, lets you bypass the app entirely. sideload the recovery tool, scan the encrypted backup and tap your hardware. it’s your key, your device - not block’s.
block can’t move your bitcoin on it's own. i hope this helps...
So does social recovery share a key with a friend in some encrypted form, and if so, who holds the key to decrypt the friend’s key?
during social recovery setup, your bitkey app encrypts the key that protects your phone key using your friend’s public key; not the phone key itself. only their device can decrypt it.
here’s the flow:
1) you invite a trusted contact
2) their bitkey app generates a public/private keypair
3) their public key is sent to your app
4) your phone key is encrypted with a random symmetric key (called PKEK)
5) that PKEK is encrypted using your friend’s public key
6) both encrypted blobs are stored in your cloud account
7) their private key stays on their phone (optionally backed up to their cloud, never to block!)
during recovery:
1) you install bitkey on a new phone and log into your cloud
2) you contact your friend (to be clear... they don’t get any automatic alert)
3) they enter a 6-digit recovery code into their bitkey app
4) their app decrypts the wrapper and returns the symmetric key (PKEK)
5) your app uses it to decrypt your phone key
6) now you’ve got 1 of your 2 keys, you can use delay & notify with new hardware to recover full access
so yes: the encryption key for your phone key is encrypted to your friend’s public key, only their device can unlock it & only when you ask. block never has your key, doesn’t see your seed and only facilitates communication between apps.
tl;dr: you choose who can help you recover. no seed phrases, no backdoors, no one else in control.
this doc might help if you want to go deeper into how it works: https://support.bitkey.world/hc/en-us/article_attachments/33164661348500
anytime... happy to help...
Interesting. Thanks for sharing
😳👀
