63 lines
2.3 KiB
Markdown
63 lines
2.3 KiB
Markdown
|
---
|
||
|
|
title: Recovery
|
||
|
|
layout: default
|
||
|
|
permalink: /recovery.html
|
||
|
|
---
|
||
|
|
|
||
|
|
# Recovery
|
||
|
|
|
||
|
|
Distrust performs recovery ceremonies 4 times a year, and paying customers can
|
||
|
|
be part of these recovery ceremonies for free.
|
||
|
|
|
||
|
|
During the quarterly ceremony, Distrust will publish a signature of the latest
|
||
|
|
bitcoin block to prove control of the decryption keys.
|
||
|
|
|
||
|
|
If a client requires an expedited recovery, additional fees apply (available
|
||
|
|
on the pricing page (TODO)).
|
||
|
|
|
||
|
|
## Recovery Policy
|
||
|
|
|
||
|
|
The recovery policy is a document which is a set of rules or conditions under
|
||
|
|
which the recovery may be made. The different conditions can be sufficient on
|
||
|
|
their own, or a multitude of them has to be satisfied in order to constitute a
|
||
|
|
valid recovery request.
|
||
|
|
|
||
|
|
The main conditions of a Recovery Policy are:
|
||
|
|
* Time lock until year/month/day
|
||
|
|
* n of m cryptographic signatures (PGP)
|
||
|
|
* n of m KYC verifications
|
||
|
|
|
||
|
|
At least one of cryptographic signature or kyc verification is always required.
|
||
|
|
One may choose to require both.
|
||
|
|
|
||
|
|
If you are interested in different or custom rules, please reach out to use at
|
||
|
|
sales@distrust.co (TODO make sure we have this email set up / catchall).
|
||
|
|
|
||
|
|
## Time Lock
|
||
|
|
|
||
|
|
Time locks allow the user to set a date after which the recovery will be
|
||
|
|
possible. The data will not be recoverable until the day after the lock date.
|
||
|
|
|
||
|
|
## Cryptographic Signature Verification
|
||
|
|
|
||
|
|
This method supports PGP, BTC, and ETH cryptographic signatures. One may
|
||
|
|
register as many as 32 public keys, and set how many of those keys are required
|
||
|
|
for a valid recovery request, for example, 3 of 7.
|
||
|
|
|
||
|
|
## KYC Verification
|
||
|
|
|
||
|
|
KYC Verification is based on verifying both the individuals identity and their
|
||
|
|
intent to recover data.
|
||
|
|
|
||
|
|
- The data is gathered at the beginning of the relationship. The [Distrust Disaster Recovery Wizard](todo) can be used. Distrust will verify your data once it's submitted.
|
||
|
|
|
||
|
|
- The identity of authorized individuals is verified in person by Distrust staff
|
||
|
|
or legal council representatives. They will verify the individual in person
|
||
|
|
using visual verification, ID documentation, and record a video of the
|
||
|
|
individual's intent to recover.
|
||
|
|
|
||
|
|
- The KYC verification is threshold based, so one may list any number of
|
||
|
|
individuals, and require any number of individuals to express intent to recover.
|
||
|
|
For example, the total number of individuals may be 7, and 3 of them are
|
||
|
|
required to initialize the recovery process.
|