> For the complete documentation index, see [llms.txt](https://cryptic-documentation.gitbook.io/cryptic-documentation/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://cryptic-documentation.gitbook.io/cryptic-documentation/technology/2.-technology-overview/2.5-secure-key-management-and-recovery.md). # 2.5 Secure Key Management & Recovery #### **Key Management Architecture** Cryptic’s key management architecture is designed to protect user identity, communication, and wallet-related key material across mobile, desktop, and future SDK-based integrations. The goal is simple: keep sensitive cryptographic material under user control while making recovery and everyday use practical. #### **Hardware-Anchored Key Storage** Private keys are generated and stored on-device using OS-native secure storage mechanisms, with optional biometric gating where supported. * Keys are stored using hardware-backed secure storage where supported by the device * Keys are protected by OS-level access controls * Keys are protected against direct extraction through platform-native security mechanisms * Cryptic does not have access to user private keys {% hint style="info" %} **Important clarification:**\ Hardware backing, including Secure Enclave, TEE, or StrongBox protections, depends on device capabilities and key attributes. Cryptic uses the strongest protection available per platform where supported. {% endhint %} #### **Encrypted Backups** For users who opt in, Cryptic supports encrypted backup and recovery flows designed to preserve user control. * Backup data is encrypted before upload * Cryptic cannot access backup contents * Storage providers cannot decrypt the data * Restoration requires the appropriate user-controlled credentials and cryptographic material This enables account recovery while preserving non-custodial control and user sovereignty. #### **Device-Bound Identity Protection** Account recovery and key restoration are protected through device-bound identity and local authentication controls. * Device binding mechanisms * Biometric or OS-level authentication where supported * Cryptographic verification during restore flows These measures reduce the risk of unauthorized restoration, even if backup data or cloud credentials are compromised. #### **Anti-Fraud Defense Layer** Cryptic incorporates defensive signals and verification steps to mitigate common account takeover risks, including: * SIM swap attacks * Unauthorized device restoration * Cloud credential compromise * Social-engineering-based recovery attempts These protections combine OS security, cryptographic verification, and user-controlled authentication rather than relying only on centralized trust. > *Cryptic’s key management approach is built around device-level security, encrypted recovery options, and non-custodial control. The objective is to protect sensitive communication, identity, and wallet-related key material without making the user experience unnecessarily complex.* --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://cryptic-documentation.gitbook.io/cryptic-documentation/technology/2.-technology-overview/2.5-secure-key-management-and-recovery.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.