KEVLAR

Is Your Kevlar Recovery Key Safe?

support@bkevlar.com
Feb 19, 2025By [email protected]

Protecting Your Bitcoin with Precision

Kevlar multisignature accounts are built on the foundation of robust security and customer peace of mind. Our accounts operate using either a 3-key or 5-key multisig structure. In both configurations, Kevlar securely holds one key—the recovery key—in our custody.

It is important to understand that this recovery key is managed with the highest standards in Bitcoin key security. We follow a rigorous process to ensure the integrity and safety of your recovery key, far beyond what most individual Bitcoin holders would undertake. Here’s how we do it:

Unmatched Recovery Key Protection:

  • Air-Gapped Security: Your recovery key has never been and will never be connected to any device with internet access.
  • Tamper Resistance: Every file involved in the storage or usage of your recovery key undergoes a checksum hash verification to ensure it has not been tampered with.
  • Data Transfer Protocol: Any USB device used in data transfers is freshly formatted and verified to be clean before each use.
  • Faraday Cage Protection: The storage environment is shielded against electromagnetic interference (EMI), preventing potential data leakage or unauthorized access.
  • Fire and Water Resistance: Our storage methods are designed to withstand fire and water damage.
  • Geographic Redundancy: Recovery keys are geographically distributed to protect against local disasters or physical theft.
  • Unique xpubs for Every Customer: Each Gold or Diamond account is assigned a unique extended public key (xpub). This guarantees that each customer’s account is isolated, enhancing privacy and ensuring that your recovery key is not linked to any other user.

The Recovery Process:

Should you activate the recovery process and request the use of your recovery key, our team follows a meticulous procedure:

  • Retrieval: The partially signed Bitcoin transaction (PSBT) file is manually retrieved and transferred onto a freshly formatted, verified USB drive.
    Hash Verification: The PSBT file is hash-checked to confirm it has not been altered during transfer.
  • Air-Gapped Signing: The file is moved to a heavily encrypted, air-gapped environment—a computer that has never been online and is physically incapable of internet, Wi-Fi, or network connection. This environment has always been offline.
  • Key Signing: Using your recovery key, the PSBT file is signed.
    Secure Return: The signed transaction file is transferred back using the same strict process, including hash verification, before being made available to you for final confirmation and broadcast to the Bitcoin network.

Customer Control and Multi-Sig Safety:

It is critical to note that Kevlar holds only one of the 3 or 5 keys in your multisig account. We cannot move your funds alone. The recovery process involves a time-delay and requires multiple steps to ensure that it cannot be rushed or circumvented. Additionally, any keyholder can terminate the recovery process at any time.

Why This Matters:

Our customers rely on us because we take this responsibility seriously. The level of precision and care we apply to protecting your recovery key is a primary reason users choose Kevlar. The procedures we implement exceed the security practices of most individual Bitcoin holders, providing you with peace of mind and assurance that your Bitcoin is protected by the best practices in the industry.

At Kevlar, we believe that there is no room for compromise when it comes to Bitcoin security. Our recovery key custody process reflects this commitment.