Reconstructs all shares of a CMP key (mobile + cloud shares) into the full public and private keys.@param chainCode - Used for encoding a portable extended key format (BIP-32) - xprv / fprv@param cloudKeyShares - The private key shares stored in the cloud@param callback invoked with the [Set] of [FullKey] that contains extended private key as xprv / fprv and an extended public key as xpub / fpub or a [FireblocksError]
It is for the takeover function:
takeover-
Reconstructs all shares of a CMP key (mobile + cloud shares) into the full public and private keys.@param callback invoked with the [Set] of [FullKey] that contains extended private key as xprv / fprv and an extended public key as xpub / fpub or a [FireblocksError]
An example of takeover use can be found in the demo, where it further derives the extended private for relevant assets key for export where you can import it to MetaMask as an example.
Relevant demo code, for takeover use:
The derivation of asset private key after the takeover and exporting of the extended private key:
I was able to successfully obtain the private key using the takeover method. However, as I understand it, the takeover function communicates with Fireblocks’ RPC API and services to export the private key.
What I am currently looking for is a solution to allow my customers to retrieve their private keys even if Fireblocks’ services are no longer available. That’s why I am exploring the Disaster Recovery process.
Now that I have obtained Key Share #1 through the Recovery Tool, how can I successfully export the customer’s full private key without relying on Fireblocks Service(RPC API)?
@BetsalelKog The document only explains how to obtain Key Share #1, but it doesn’t mention how
to combine it with the client’s Key Share #2 to obtain the full private key.
Hi @patrice the Disaster Recovery kit is designed specifically for the key share located exclusively on Fireblocks servers (Key Share #1).
In the event that Fireblocks ceases to exist and the customer wishes to empower the end-user to perform a full key takeover, the customer must establish an endpoint on their own system.
This endpoint will provide Key Share #1 (generated from the Disaster Recovery kit) to the SDK, enabling the reconstruction of the complete private key.
Hi @Wilfred ,
So I need to capture the response format and data that the Fireblocks backend sends to the SDK via the RPC API during the takeover process. Then, I have to build a backend service that replicates this response format in the takeover process and injects Key Share #1. This way, my customers can retrieve their full private key if Fireblocks is no longer available.
While it is theoretically possible to replicate Fireblocks’ RPC response format and inject Key Share #1, this approach is complex and not recommended.
The recommended disaster recovery process is:
The customer establishes an endpoint on their own system to provide Key Share #1 to end-users.
The end-user (via the customer’s app) calls this endpoint to retrieve Key Share #1.
The end-user (via the customer’s app) invokes the SDK function exportFullKeys, which combines Key Share #1 with local Key Share #2 to reconstruct the full private key.
This method ensures a more straightforward and reliable key recovery process.
However, when trying to use the exportFullKeys method from the Fireblocks NCW Web SDK, I’m not sure how to properly input Key Share #1 into this function. I haven’t found any documentation describing what should be provided in the cloudKeyShares map parameter.
Specifically, I need guidance on how to structure the cloudKeyShares map. How should I transform the Key Share #1 data structure I received into the map format required by the exportFullKeys method? The function seems to expect a specific mapping structure, but there’s no documentation explaining how to format the key-value pairs in this map.