This wizard will assist you in constructing the set of rules, also known as the Recovery Policy, which specifies under which conditions your data can be recovered. The policy has been designed with flexibility in mind in order to accommodate different use-cases and threat models.

Time Based Rules

Time based rules allow specifying during which time period the policy is active. In order to request data recovery, a policy has to be in an active state at the time the request is made to recover data. If a policy is mutable (allowed to be updated), it can also only happen while the policy is in an active state, and is done by creating a new policy which will take place of the old one. The dates are always interpreted in UTC (Coordinated Universal Time), at 12:00AM of the selected date. The two dates which are configurable, from_date and to_date allow for the following configurations:

from_date

to_date

Is the policy editable (mutable) while it's active?

Remote Recovery via Cryptographic Signatures

This type of recovery makes it possible to recover data remotely by providing cryptographic signatures to show intent of recovery. We support all widely used types of signatures such as OpenPGP, ETH, BTC, etc. (Contact us if you would like us to support other protocols)

Can recovery be authorized using threshold based cryptographic signing? *

Recovery via KYC Validation and Statement of Intent

Recovery via KYC requires that a threshold of authorized persons be KYCd in person by legal representatives of Distrust and confirm their intent to recover data. This process varies based on the jurisdiction it's being conducted in and adds time to the recovery process.

Can recovery be authorized by persons using KYC? *

What threshold would you like to use for the KYC recovery method? (2/3, 3/5, 4/7 etc)

Please select KYC data for individuals who can participate in recovery. Each person's data should be a .toml file. Pictures of front and back of IDs should be base64 encoded and listed in the id_images array. The supported ID types are Driver's License, Passport, National Identity Card:

                        
                            first_name = "John"
                            last_name = "Doe"
                            date_of_birth = "1990-01-01"
                            id_images = ["", "", ...]
                            country_of_birth = "US"

Data Storage

This part of the policy allows you to select wether you would like Distrust to fully back up all your data, or to only hold an encryption key in escrow, in which case you are responsible for redundantly backing up the encrypted data (learn more here)

Type of data storage *

Additional Configurations

Are both remote and KYC based recovery required? (If "No", either one can be used for recovery) *

Is this a deadman switch?

Deadman switches can only be used with "key-escrow" mode, and not "fully managed". If a policy is defined as a deadman switch, the escrow key will be emailed to the designated email addresses or posted on the Distrust website, or both, as preferred.

Recovery Policy Wizard

Time Based Rules

Remote Recovery via Cryptographic Signatures

Recovery via KYC Validation and Statement of Intent

Data Storage

Additional Configurations