The Station70 integration enables customers to securely upload a recovery package to Station70. Customer key shares are encrypted with a secret phrase known only to the user, ensuring that Station70 can never reconstruct the full vault key material.
How it works
Customer sets up an account with Station70
Recovery package creation is initiated from Utila
Once the Station70 account is active, the customer triggers the creation and upload of a recovery package from the Utila Backup page.
Admin quorum approval is required
The creation process requires admin quorum approval. The action is MPC signed with the Security key.
User provides a locally generated secret phrase
The user is given a secret phrase, which is generated locally on their mobile device. This phrase is used to encrypt the customer key shares and is required to later access them.
Encryption and upload of customer key shares
The customer key shares are encrypted with the secret phrase and uploaded to Utila.
Package assembly and upload to Station70
Utila appends its own key shares, completes the package, and securely uploads it to Station70.
Recovery package available via Station70
From this point forward, the customer can download the recovery package from Station70 - subject to Station70βs access controls - and recover their key shares using the secret phrase.
For details about each step, see Create vault backup using Station70.