Guardian Keyper is a P2P app for backing up secrets by splitting them between multiple devices.
Table of Contents
Guardian Keyper is a mobile app for securely backing up seed phrases and secrets. The user can choose several devices (e.g. his friends or family's smartphones) as her personal "Guardians". After that, the user can back up a seed phrase by splitting it into several Shards and sending those to the designated Guardians. Then, the user can reassemble the secret, by collecting a certain majority of the shards (e.g. 3 out of 5) from her Guardians.
The general idea of Keyper is: to secure the most precious information we possess - our seed phrases - we should employ the power of our social connections.
- Install the app to your device, and devices of your Guardians.
- Create a group to store the secret.
- Add Guardians (trusted devices) to the group by scanning their single-use QR codes, or getting single-use invite messages from them (PGP-style invites).
- Add your secret.
- Send the secret shards to your Guardians. Note that due to the P2P nature of Keyper, the Guardian you're sending the shard to must be online simultaneously with you.
As soon as you enter the secret, it is immediately sharded, the shards are encrypted by the Guardians' public keys and the secret is deleted from memory. The original secret is never stored in the non-volatile memory to protect it from the "stolen phone" problem. The encrypted shards are then ready to be sent to your Guardians - in a direct P2P fashion, avoiding any kind of intermediate server. Each shard is useless on its own: depending on your choice, you will require either 2 out of 3, or 3 out of 5 secret shards to restore the secret - collected from the corresponding number of your Guardians. No Keyper data ever goes through the network unencrypted, and nothing is stored on a server: the app is completely peer-to-peer and is designed to work without Internet access (e.g. in an isolated WiFi network).
Decentralization
The shards of the secret phrase are stored on several independent devices and are useless on their own. Even if someone gains unplanned access to one of them, the owner's digital assets will remain safe. The only kind of server we use is the bootstrap server for NAT puncturing. And even that is completely unnecessary - Keyper instances can communicate without Internet access in a WiFi LAN by utilising broadcast packets (mDNS protocol).Strong data protection
Keyper uses industry-standard asymmetric public-key cryptography PGP-style – so it’s fully P2P and encrypted end-to-end. The complete secret is never stored on a device, while the shards are stored in the device's protected storage.Versatility
Guardian Keyper is suitable for use with any password, seed phrase or other information that you want to keep secret.You can build Guardian Keyper from source code. Installation instructions are given for Linux; for Windows and macOS, follow the same steps in the context of your operating system.
Сlone the project:
git clone [email protected]:GuardianLabs/guardian-keyper.gitGuardian Keyper requires Flutter to run. Use this guide to make sure the installation is correct. For checking all SDK dependencies, use:
flutter doctorGo to your project folder and get project dependencies:
flutter pub getIf there are no issues, you can build the project with the following command:
flutter build apk --debugAlso, you can use android-simulator:
flutter emulator --launch <Your Emulator ID>
flutter run --debugTo facilitate p2p connections thorough NAT, Guardian Keyper introduces peers to each other through a bootstrap/proxy server. The markets version uses the bootstrap server that is operated by Guardian Labs. You can start your own bootstrap by downloading the code or a Docker container from the P2PLib repository. To set the addresses for the bootstrap server, use compilation-time environment variables:
flutter build apk --dart-define BS_V4=192.168.12.34 --dart-define BS_V6=2001:0db8:85a3:0000:0000:8a2e:0370:7334Any contributions you make are greatly appreciated.
If you have a suggestion that would make Keyper better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
- If you have never committed to this repository before, accept our Contributor License Agreement (served by
cla-bot)
Note that Guardian Labs requires every contributor to sign the Contributor License Agreement to facilitate publishing Guardian Keyper to GPL-incompatible app repositories, such as the AppStore. You can do it electronically during filing a pull request into this repository. See CLA_instructions.md for details.
Guardian Keyper is distributed under GPLv3 License with special permission to use MPL for AppStore publication. See LICENSE for more information.
- If you want to report a bug, open an Issue
- If you have a general question or a suggestion, create a GitHub Discussion
- Guardian Keyper support page
- Email: [email protected]
