Magic Backups

Passport Prime
1

Hello team,

When enabling magic backups for Prime, and you have multiple devices on the Envoy app, is there any cross data of other devices (passports) and its wallets included in the backup? Preferably not.

2

Each Passport Prime MB is distinct and tied to the corresponding Master Key hash.

3

thanks :folded_hands:

4

Hey @Panicseller, here’s a detailed breakdown of what each backup file is and how they work Passport prime issues - #104 by Jack

As @qna mentioned, each Passport Prime Magic Backup (or manually downloaded backup file) will only contain information related to its internal apps. The Envoy Magic Backup (or manually downloaded backup file) will however have a view of everything in the app (without any seed material, of course), including all the Passport Core and Passport Primes paired, their names, account names, transaction tags and notes. It is intended to be a way to recover your Envoy form a fresh install to your last backed up state, so all this metadata is saved there. It is also true however that Envoy only sees Bitcoin wallet app’s information, and has no access or visibility to any of Passport Prime’s 2FA/Keys/Vault or any other app really, so only metadata of paired bitcoin accounts is saved in the Envoy Magic Backup (or the manually downlaoded backup).

5

Thanks for the info and the read. The way you formulated your post makes it sound like there are seperate magic backup options for the hardware and envoy individually. But as far as I know there is not, does that mean my envoy data is included in the magic backup for prime?

6

So they are indeed two separate things:

  • Envoy Magic Backups - toggled on or off in Envoy settings:
    • Envoy metadata (how many devices paired, device names, accounts paired, account names, transaction tags and notes…) is encrypted with the Envoy hot wallet seed on your phone, then sent to Foundation servers
    • Hot wallet seed is sent to your Apple Keychain/Google AutoBackups encrypted with their encryption
  • Passport Prime Magic Backups - decided upon Passport Prime onboarding:
    • Passport Prime metadata (2fa codes, keys, vault items…) encrypted with Passport Prime keys uploaded to Foundation servers
    • One of the three shard is uploaded to your Apple Keychain/Google AutoBackups encrypted with their encryption

To your point however, Passport Prime Magic Backups used to default to whichever selection mode you had for Envoy Magic Backups in KeyOS 1.2.0. So if you were a manual Envoy user (Envoy Magic Backups off) the default for Passport Prime Magic Backups was also turned off, and viceversa. This link was broken in KeyOS 1.2.1. After that version, Passport Prime defaults to Magics Backups = on for everyone regardless of their Envoy Magic Backups status, but you will now see an “Advanced” button on the top right corner of the onboarding screen where it explains Magic Backups. If you tap that, you will move forward with the manual mode, regardless of your Envoy Magic Backups status.

Furthermore, the toggle you see in the Magic Backups line in Passport Prime under Settings → Backups is read only now, but we have short term future plans to make it actually toggable, so users can change between magic and manual at any time, not just during onboarding.

We probably haven’t done a great job at explaining this, likely due to the intricate, detailed and nuanced nature of it all, but I hope this can shed some light to it. Thank you!

7

Thanks for the explanation, I get the gist of it now. A more nuanced question; Regarding anything wallet related like transaction tags, metadata or anything else for that matter that gets included in the magic backups made through prime: is it possible to see the addresses or overall holdings?

Some data I would like to keep 100% seperated regardless of encryption and shamir sharing. I would have to start fresh and make new magic backups using new nfc cards, or how would you suggest I go about it?

8

So if you enable Passport Prime Magic Backups, none of the tags and labels will be saved anywhere - all that is handled by Envoy at the moment, Passport Prime is totally unaware of what you decided to name what transaction or what addres. All this is handled Envoyside, and included in the Envoy Magic Backups.

In Envoy we use BIP329 for tags and labels, which essentially means creating a JSON file with the address or txid that has the tag or note. This is absolutely required, we need to know which transaction or address to assign the tags and notes to when recovering, so the addresses and txids with labels are absolutely backed up as part of the Envoy Magic Backup. However, we also back up the wallet descriptor in order to be able to fetch the balance, and this includes the xpub, so this would include anything with and without a label.

After digging deeper I found that the Passport Prime Magic Backups also back up the descriptor as part of BDK, so xpubs would be there too.

If you want to keep anything address related out of our servers, even if it is inaccessible by us or anyone really, you should turn off Envoy Magic Backups and create a new Passport Prime seed with Passport Prime Magic Backups turned off. When erasing Magic Backups form Envoy, an erase call will be triggered and the magic backup will be completely removed from our system in 24hrs (we give users a day in case they regret deleting their wallet and want to emergency recover), after that it’s gone forever. But if you don’t trust us and you already had Envoy Magic Backups enabled, you probably want to start anew in Envoy and Passport Prime, with Envoy Magic Backups turned off.

So the short answer is: if you absolutely don’t want any public key related info in our servers even if fully encrytped (and on our way to moving it to post-quantum) and unassociated to you, then you probably want to start anew and go the manual way on both Envoy and Passport Prime.

Thanks!