Back up a wallet
This guide will walk you through how to create a backup of a Portal client's wallet.
Last updated
Was this helpful?
This guide will walk you through how to create a backup of a Portal client's wallet.
Last updated
Was this helpful?
Portal lets you securely back up your users' MPC wallets so they can recover their wallets even if their device is lost or damaged. By default, Portal encrypts and stores both backup shares ("Portal-Managed Backups"):
The client backup share is encrypted on the user's device, with the encryption key stored using their chosen backup method (Google Drive, iCloud, Password, or Passkey). The encrypted share is then stored by Portal.
The custodian backup share is encrypted and stored by Portal, with the encryption key stored in our KMS infrastructure.
Both the client backup share and the custodian backup share are necessary to recover a Portal wallet.
You can choose one or more backup methods for storing the encryption key for the client backup share.
Allow customers to create a native passkey on their device that is used to authenticate into a secure enclave that holds the encryption key for the user. Customer's passkeys are backed up to the native cloud storage for their device.
Install react-native-passkeys
and @portal-hq/passkey-storage
Initialize passkey storage as a backup option in the Portal Config Object.
Configuring the relying party
A relying party is a trusted domain that is tied to the public key credentials of your users for their passkey . We offer the option to use portalhq.io
as your relying party domain. It requires you to add portalhq.io
as an Associated Domain in your iOS application and share your team id + application bundle id. If you already have your domain as a webcredential
for your application then you can simply pass in your domain as the relying party and everything should work.
Add portalhq.io
as a web credential domain in your app.
Share your app bundle id and team id with the Portal Team.
Ensure you have set up your associate domain correctly in your app and that you are serving an aasa file from your relying party domain. You will need to be sure you have the webcredential
field set properly for your app in your aasa file.
Resources from apple:
Allow users to create a password/pin. Users can either remember the password or store it in a password storage manager.
Create a UI for password input.
Enforce password requirements. Customer can choose between password, PIN code, passcode, or any other text-based input.
If user forgets password there are no additional recovery options.
See the docs on how to iCloud.
See the docs on how to GDrive.
Read more about setting this up from the android docs:
read more info on how to get the SHA256 hash of the apk signing cert.