Is the device meant to ship with two or three keycards? Mine came with three, is one a spare?
As a test, I backed up to two of the keycards with a backup, and then completed half a backup to the third.
When verifying the card backups I get a checksum error warning, which I assume is related to the second backup creating a new checksum.
Ships with 3 keycards, but uses two by default with Magic Backups (the third part being sent to Envoy and backup up to your personal cloud).
Non magic backup users remove the envoy dependency and use all three cards.
More info here.
Hi Ben,
I have read the backups in docs but still trying to make certain I fully understand the backup process. As a premise, while saving to google might be secure I do not want to install GPS on my graphene pixel, and I certainly would not want to log into my google account from the pixel under any circumstance. So that I understand:
There are actually 2 datasets being backed up.
a. The first is the Master Seed for the account which is saved using the Shamir setup: 2 parts to 2 NFC cards and 1 part on envoy and further backed up to Foundation servers, but this 3rd part never goes to my google drive since I choose not to use google, can I think of this last step as a 3rd backup for the 1/3 of the Shamir code? If this is correct, I have 2 NFC cards, with the 3rd part on envoy with a backup on Foundation servers.
b. The second dataset is all the metadata as defined in the FAQ, this is saved in the .mla file. Without this .mla file what happens if I restore the Master Seed but have bitcoin saved in 4 accounts (Index 0 though 3), are these accounts saved in the .mla file or do they reappear when restoring the Master Seed? If not, do I just recreate these accounts with index 0 through 3, for the balances to appear (assume no passphrases)? Same question here without a google account and Magic backups enabled, is this .mla file saved to the Foundation servers?
If #1a and #1b are correct, then can someone switch the Magic backup to disable, back up the Master Seed on the 3 NFC cards and then re-enable the Magic backup? (just to be able to have it both ways). Also if you go through the manual backup with the 3 NFC cards does this also backup the .mla file or only the Master Seed and you would be required to save the .mla file in a secure encrypted location when performing manual backup (even though the file itself is useless without the Master Seed)?
At the end of the day, it would be great if we could use Proton Drive or the encrypted vault in pCloud or any other encrypted and secure cloud service other than google and icloud for those that use apple for the 3rd part of the shamir setup.
Hey @pugpack33, great questions. Let me untangle a few things because there are a couple of mix-ups in your mental model that are worth correcting before you go any further.
First, an important clarification on what actually gets sent where with Magic Backups. There are two completely separate datasets, and Foundation servers never see any part of your master key:
.mla file) - this contains your account labels, multisig configs, app data, Bitcoin account info, etc. It’s encrypted with your master key on Prime, then sent via QuantumLink to Envoy, which uploads it to the Foundation server under a SHA256 hash of your master key as an anonymous identifier. Foundation can’t decrypt it.So your point 1a is slightly off: the Envoy-held Shamir share is not backed up to Foundation servers. It’s backed up to your cloud. And your accounts (indexes 0–3, multisig configs, labels, etc.) live in the .mla file - they are not part of the master key material.
are these accounts saved in the .mla file or do they reappear when restoring the Master Seed? If not, do I just recreate these accounts with index 0 through 3, for the balances to appear
1b - Yes they are stored in the MLA file, but can be recovered with just the Master Key (if that’s all you have) by simply adding those account indexes.
Same question here without a google account and Magic backups enabled, is this .mla file saved to the Foundation servers?
No. Manual users do not have anything sent to any server.
can someone switch the Magic backup to disable, back up the Master Seed on the 3 NFC cards and then re-enable the Magic backup? (just to be able to have it both ways).
Yes, but when they turn on MB, they’ll need another two cards to make a new separate Shamir backup set.
Also if you go through the manual backup with the 3 NFC cards does this also backup the .mla file or only the Master Seed and you would be required to save the .mla file in a secure encrypted location when performing manual backup (even though the file itself is useless without the Master Seed)?
Manual users must manually back up their MLA file to an external storage item and repeat this process periodically to ensure backups contain up-to-date data.
At the end of the day, it would be great if we could use Proton Drive or the encrypted vault in pCloud or any other encrypted and secure cloud service other than google and icloud for those that use apple for the 3rd part of the shamir setup.
In theory Graphene’s Seed Vault feature can work here. I checked the Envoy source code: Envoy is built to cooperate with Android’s standard backup system, and it specifically registers two files to be backed up, your Envoy mobile wallet seed and your Prime Shamir share. Whenever either one changes, Envoy tells Android there’s new data to back up. Seedvault hooks into that same system, so if you have Seedvault set up on GrapheneOS (Settings > System > Backup, pointing at a USB stick, Nextcloud, or wherever you prefer), both files should end up inside your encrypted Seedvault backups. I must stress that this is untested on our side.