Recovery
Last updated
Last updated
Recovery is just a reversed procedure from a . Usually, it requires and to be reversed too.
The recovery procedure involves waiting period before it can be initiated and cooperation from 2 out of 3 trusted contacts.
It is designed to be used once (or maybe never), this is why it's complexity should not be seen as prohibitive for users to employ when really needed (catastrophic failure).
Disclaimer: This is not a user's manual, many recovery options with additional permission policies are intentionally skipped over (there is too many possible combinations).
For plain passwords to be reconstructed on your clean device;
Decrypt the encrypted backup part with it.
Once all of your passwords are in plain again, they are re-encrypted with a new Master private key.
If ZeroPass service becomes unavailable (unlikely), or your account gets forcibly terminated (unlikely) you can still recover offline. All parts of the master key needed to recover passwords are split between you and your trusted contacts. You only need 2 out of 3 trusted contacts to send you your parts back (they can find it in their app) and you need to copy/paste them back into your (now offline) app.
The reversal procedure is then identical as in the previous point.
Once all of your passwords are decrypted, you can print them out, or export/import into other device/app.
There are 2 parts on ZeroPass servers. The second part and a backup part; encrypted with child public key (). When ZeroPass server receives enough verified signatures from trusted contacts (at least 2), it allows you to add a new device and delivers both parts to this new device.
Reversal of the the procedure to recover Master Private key
Reversal of the to derive child private key
Combine both parts with Shamir secret sharing; this part is the same as in .
