public
/
disaster-recovery-website
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
disaster-recovery-website/recovery_policy.md

3.3 KiB
Raw Permalink Blame History

title layout permalink
Recovery default /recovery.html

Recovery

Distrust performs recovery ceremonies 4 times a year, and paying customers can be part of these recovery ceremonies for free.

During the quarterly ceremony, Distrust will publish a signature of the latest bitcoin block to prove control of the decryption keys.

If a client requires an expedited recovery, additional fees apply (available on the pricing page).

Recovery Policy

The recovery policy is a document which is a set of rules or conditions under which the recovery may be made. The different conditions can be sufficient on their own, or a multitude of them has to be satisfied in order to constitute a valid recovery request.

The main conditions of a Recovery Policy are:

  • Time lock until year/month/day
  • n of m cryptographic signatures (FIDO2, PGP)
  • n of m KYC verifications

At least one of cryptographic signature or kyc verification is always required. One may choose to require both.

If you are interested in different or custom rules, please reach out to use at sales@distrust.co.

Time Lock

Time locks allow the user to set a date after which the recovery will be possible. The data will not be recoverable until the day after the lock date.

Cryptographic Signature Verification

This method supports several cryptographic signature schemes including PGP and FIDO2. One may register as many as 32 public keys, and set how many of those keys are required for a valid recovery request, for example, 3 of 7.

KYC Verification

KYC Verification is based on verifying both the individuals identity and their intent to recover data.

  • The data is gathered at the beginning of the relationship. The Distrust Disaster Recovery Wizard can be used to aid you in the process. Distrust will verify your data once it's submitted during a video chat.
  • During recovery, the identity of authorized individuals is verified in person by Distrust staff or legal council representatives. They will verify the individual in person using visual verification, ID documentation, and record a video of the individual's intent to recover which is then cryptographically signed by Distrust.
  • The KYC verification is threshold based, so one may list any number of individuals, and require any number of individuals to express intent to recover. For example, the total number of individuals may be 7, and 3 of them are required to initialize the recovery process.

When and How The Policy Can Be Changed

A policy can only be updated by providing the authentication required to recover the data.

A policy can be defined to be valid:

  • After a specific date
  • Between specific dates
  • Before a specific date

Additionally, the policy can be made updateable, or non-updateable.

There is also a cooldown period, which requires a specific amount of time to elapse before the policy is updated upon request.

For example, one may choose to create a policy that's only in effect after a specific date, and can be updated, creating a lock on the data and the ability to update until after that date. Conversely, a policy can be created which is only valid up to a specific date and can not be updated, effectively expiring after that date, making the data non-recoverable.