NCW Disaster Recovery Process

I’m testing the Fireblocks Recovery Tool process, and I’ve successfully retrieved Key Share #1 using the Recovery Tool:

{
    "bfc51292-xxxx": {
        "chaincode": "xxxxx",
        "shares": [
            {
                "cosigner": "x-xxxx",
                "MPC_CMP_ECDSA_SECP256K1": "xxxxx"
            }
        ]
    }
}

I expect this JSON data to be used with the

exportFullKeys(chaincode: string, cloudKeyShares: Map<string, string[]>): Promise<IFullKey[]>

function in the web SDK.

However, there’s no detailed documentation explaining how to properly structure the cloudKeyShares input.

Or is there any documentation that explains how to correctly use Key Share #1 after obtaining it?

exportFullKeys-

Reconstructs all shares of a CMP key (mobile + cloud shares) into the full public and private keys.@param chainCode - Used for encoding a portable extended key format (BIP-32) - xprv / fprv@param cloudKeyShares - The private key shares stored in the cloud@param callback invoked with the [Set] of [FullKey] that contains extended private key as xprv / fprv and an extended public key as xpub / fpub or a [FireblocksError]

It is for the takeover function:

takeover-

Reconstructs all shares of a CMP key (mobile + cloud shares) into the full public and private keys.@param callback invoked with the [Set] of [FullKey] that contains extended private key as xprv / fprv and an extended public key as xpub / fpub or a [FireblocksError]

An example of takeover use can be found in the demo, where it further derives the extended private for relevant assets key for export where you can import it to MetaMask as an example.

Relevant demo code, for takeover use:

The derivation of asset private key after the takeover and exporting of the extended private key:

I was able to successfully obtain the private key using the takeover method. However, as I understand it, the takeover function communicates with Fireblocks’ RPC API and services to export the private key.

What I am currently looking for is a solution to allow my customers to retrieve their private keys even if Fireblocks’ services are no longer available. That’s why I am exploring the Disaster Recovery process.

Now that I have obtained Key Share #1 through the Recovery Tool, how can I successfully export the customer’s full private key without relying on Fireblocks Service(RPC API)?

As you shared,
Disaster Recovery.

This is the only option to not use the Fireblocks Service(RPC API)

@BetsalelKog The document only explains how to obtain Key Share #1, but it doesn’t mention how
to combine it with the client’s Key Share #2 to obtain the full private key.