For Fireblocks’ recommended embedded wallet solution, see Dynamic Embedded Wallets. The documentation below covers the legacy Embedded Wallet APIs and SDKs.
Terms to know
passphrase: The chosen passphrase for the backup. MPC key share #2 is encrypted using this passphrase and saved/encrypted along with thepassphraseIdfrom the Fireblocks cloud servers.passphraseId: The UUID created by the application.passphraseResolver: A callback that knows how to fetch the passphrase from its saved location when given apassphraseIdvalue. For example, if you saved the passphrase on the end user’s iCloud account, then when given thepassphraseIdvalue, thepassphraseResolvercallback fetches the passphrase from the iCloud account so that therecoverKeysfunction can decrypt the MPC key share.
Backup procedure
-
Store the
passphraseandpassphraseIdin your preferred user cloud (e.g., iCloud, Google Drive). ThepassphraseIdmust be a UUID, as required by Fireblocks. -
Ensure the app can retrieve the
passphraseduring recovery on a different device. This is done via thepassphraseResolvercallback (supplied when callingrecoverKeys): the SDK provides thepassphraseId, and your implementation must return the correspondingpassphrase.- One approach is to deterministically calculate the path to the stored passphrase in the user’s cloud.
- Alternatively, you can store and retrieve this data from another location of your choice.
-
Call the Fireblocks implementation for backup together with the
passphraseand thepassphraseId.
Recovery procedure
- Call the Fireblocks SDK’s
recoverKeysfunction with a callback that implements a function that, when given apassphraseId, will fetch the associatedpassphrasefor the user. - The Fireblocks SDK fetches the last encrypted key share with the associated
passphraseIdand then uses your callback to decrypt the private key share locally.
Get the Device ID
The encrypted backup is associated with the end user’sdeviceId. Therefore, to recover and decrypt the key share saved on the Fireblocks cloud servers, the NCW SDK must be initialized with the same deviceId that created the backup. The NCW SDK cannot recover a key share of a different deviceId.
deviceId that will run the recovery procedure. To support this, Fireblocks has provided a function within the Fireblocks SDK that fetches the latest details about the backup of the specified walletId.
Note: If no backup is found for the specified wallet, a 404 status will be returned.