Passport prime issues

Passport Prime
102

I hope this is built soon! Seems like a possibly common use case.

103

Not sure if this assists, it is a good explanation from Ben. I have no intention of installing GPS on my graphene os Pixel, and was not sure how this affects the Magic backup. I asked the question in the Envoy category

The 2 files you want to securely backup in addition to the 2 NFC cards and the envoy seed shamir backup is: envoy_backup.mla.txt (all the metadata for any subaccounts and 2FA, etc..) and settings.tar which is the full backup of your master seed. The 2 files cover everything.

104

Hey @pugpack33, just a calrification on what each file contains, since there seems to be a bit of confusion going on:

  • envoy_backup.mla: You get this form Envoy Settings, manual download. This is a file that’s encrypted with the *hot wallet’*s seed. It contains metadata of what Envoy sees, without seed material. So, Account names, Device names, Number of accounts paired, Account Tags and Notes for every transaction, Settings preferences… Everything that differentiates a fresh new Envoy install from what you currently see in Envoy. Important to note:
  • The Envoy hot wallet seed is NOT backed up here, but it is ecnrypted by it, so only the legitimate user can decrypt it.
  • This file also does NOT contain the Passport Prime Shard shared with Envoy. That is unique to the Envoy instance installed, and it is beamed to Android autobackup or iOS Keychain if you opt in to Passport Prime Magic Backups. What @qna mentioned in the post you linked is a trick that both Android and Graphene do, which is making a copy of the entire app “as-is” and store it in their servers encrypted (I would think). This includes Prime’s third shard, because even though it is not in envoy_backup.mla, Android and Graphene do a copy of the local instance of the entire app, and that captures the shard.
  • If you opt in to Envoy Magic Backups, two things happen:
    • envoy_backup.mla is uploaded to foundation servers, so when you restore the seed on another Envoy instance this file is found, downloaded and decrypted locally in Envoy. This means foundation has no visibility to anything in there, and also holds no key material.
    • Envoy’s hot wallet seed is submitted to your Apple Keychain or Google autoBackup using their encryption for app data. So as long as you don’t lose access to your Apple/Google account, you have access to your hot wallet.
  • If you opt out, Envoy seed should be manually backed up, and envoy_backup.mla too in order to get to your current Envoy state from a new install.

- settings.tar: You get this from Passport Prime settings, manbual download. This is a file that’s encrypted with Passport Prime’s master seed. It contains Passport Prime metadata for every installed app, without seed material. So, 2FA TOTP secrets, 2FA names and colors, Keys, Key names and colors, archived status, generated seeds with names and colors… Everything that differentiates a fresh new Passport Prime install from what you currently see in Passport Prime. Important to note:

  • None of Passport Prime’s shard is backed up here, but the file is encrypted by the master seed so only the legitimate user can decrypt it.
  • If you opt in to Passport Prime Magic Backups, two things happen:
    • settings.tar gets encrypted on-device with the master seed, and beamed to foundation servers using Envoy as a conduit, so when you restore the master seed on another Passport Prime instance this file is found, downloaded, beamed back to Passport prime using Envoy again and then decrypted locally in Passport Prime. This way Foundation has no visibility to what’s in there, and also holds no key material.
    • The third shard is sent to Envoy and stored in that install’s instance, then uploaded to your Apple Keychain or Google Autobackup, so as long as you still have access to your Apple/Google accounts, you’ll be able to recover this third shard.
  • If you opt out, Passport Prime’s seed should be backed up by the three Keycards (also having the option to view and back up the seed manually), and settings.tar should also be downloaded and kept up to date in order to be able to get a fresh new Passport Prime up to where you have it now.

Hope this helps clarify what each one is for and how they work!