Understanding Key Shares

Learn about key shares, why they matter, and how to manage key share replacement in your vault.

Why is a key share important?

A key share is a critical component of your vault’s cryptographic security. It represents a unique portion of the vault’s secure key and is essential in granting you access to the vault. Each vault signer holds their own key share, ensuring the vault remains secure and accessible only to authorized signers.

Why do I need to replace the existing key share on this device?

Only one key share for a specific vault can exist on a device at any time. If we detect an existing key share for this vault, it means:

  • You were previously using this device as a signer for the vault.
  • Someone else with access to this device previously held a key share for the vault.

Replacing the key share is necessary for you to be a signer on the vault.

What happens if I replace the key share?

When you choose to replace the key share:

  1. The old key share on this device is removed.
  2. The most recent key share for the vault will be used, ensuring alignment with other signers and the current cryptographic setup.
  3. This process is safe, provided all vault signers have securely stored their backup files.

Always ensure that all vault signers have their backup files securely stored before replacing a key share. Backup files are essential for restoring access in case of a device failure or loss.

What happens if I exit without replacing the key share?

If you decide to exit:

  • The existing key share on this device will remain unchanged.
  • The proposed key share replacement and any vault changes requiring this action will not be applied.

Exiting is only recommended if you are not ready to proceed or need to confirm that all signers have their backup files securely stored.

What is the “Regenerate backup file” option?

This option allows you to create a new backup file for the key share currently on this device. It is crucial that every signer generates and securely stores their backup file to ensure access to the vault in any unforeseen circumstances.

Best Practices for Managing Key Shares

  1. Backup regularly: After any key share updates, regenerate and securely store your backup file.
  2. Communicate with signers: Ensure all signers verify their backup files are secure before making changes to the vault’s signer configuration.

By understanding and following these steps, you ensure the security and smooth functioning of your vault.