Recover Fireblocks assets and keys in a disaster, verify a Recovery Kit, or generate keys to set up a new Recovery Kit.
⬇️ Download for macOS / Linux
- Set up a dedicated offline recovery machine. It must be:
- Offline and air-gapped
- Accessible only by necessary, authorized personnel
- Protected with a very strong password
- Encrypted on all partitions
- Stored in a safe box when not in use
- Install the latest release of Recovery Utility on the offline recovery machine.
- (Optional) Install the latest release of Recovery Relay on a web server. Recovery Relay is a companion web app that gets wallet balances and sends transactions without revealing your private keys. Fireblocks hosts an instance at relay.fireblocks.solutions, but you can host your own instance and set its URL in Recovery Utility's Settings tab.
- Open Recovery Utility to use one of the following tools...
Generate an RSA keypair and checksum for a new Recovery Kit. If you already have your backup .zip, RSA keypair with passphrase, and owner's mobile app passphrase, then you can skip this and proceed to Verify Recovery Kit.
With your Recovery Kit .zip, RSA private key with passphrase, and owner's mobile app passphrase, you can verify your ability to perform a hard key recovery. Recovery Utility uses these materials to generate your workspace's xpub and fpub extended public keys. Check that the these extended public keys match the keys in your Fireblocks Console Settings.
With your Recovery Kit .zip, RSA private key with passphrase, and owner's mobile app passphrase, you can recover the extended private keys (xprv and fprv) of your Fireblocks workspace, derive wallets to recover your assets' private keys, and create transactions by scanning a QR code to the Recovery Relay web app.
Using private key recovery exposes your private keys to the host machine. Only do this in a disaster recovery scenario, and then move your assets to other secure wallets. Use the Fireblocks Console, APIs, and SDKs for standard operations.
Recovery Utility is a cross-platform Electron app for macOS, Windows, and Linux. The window UI is built with React on the Next.js framework, using Material UI components.
Recovery Utility includes the compiled @fireblocks/extended-key-recovery module in its contents and spawns it as a child process to restore a workspace's extended private/public keys. It uses @fireblocks/wallet-derivation to derive wallet keys and addresses.
yarn devyarn buildUsing Turborepo the @fireblocks/extended-key-recovery module is first compiled to an executable for the development machine's architecture. Then Recovery Utility's renderer process (the Next.js frontend) is transpiled to static HTML/JS/CSS. Finally, the renderer and module are bundled with the Electron main process into an application bundle for the development machine's architecture.
Cross-compilation is not supported. We use GitHub Actions with a matrix job to compile Recovery Utility for each supported architecture (masOS, Windows, and Linux).
The Electron main process disallows opening or redirecting to external URLs and disables Chrome permission requests (e.g. webcam access, clipboard reading). No external content is loaded.