What is ERS?

The Emergency Recovery System (ERS) is a "break-glass" process for accessing private keys — and thereby funds — with no external dependencies. In an emergency, the wallet owner can recover a master key from:

• That master key's encrypted recovery information
• The corresponding RSA decryption key

From the recovered master key, all other private keys and addresses can be derived.

📘

Note:

ERS is used to recover the master private key material, not to restore the full wallet system runtime. Wallet/system restoration still relies on your DB backup process.

Recovery information contains encrypted key shares for each node. The designated recovery public key encrypts these shares, and only the corresponding private key holder can decrypt them. Store this private key offline in a secure location and access it only during emergency recovery.

Wallet Owner Responsibilities

The wallet owner is responsible for:

• Defining and implementing the Emergency Recovery Process — ertool recovers keys, but the surrounding process (access controls, air-gapped environments, custodial procedures) is yours to design.
• Tracking which addresses are relevant — knowing how many accounts and sub-addresses were present in the wallet at the time of recovery.
• Providing transaction-building software — a third-party wallet or custom tooling capable of generating unsigned transactions for the target blockchain(s).
• Providing blockchain connectivity — integration between signing software and the relevant blockchain network(s) for broadcasting signed transactions.
• Securely storing the ERS decryption key and encrypted backup blob — both must be preserved independently and accessed only during emergency recovery.

How to Create Master Key Recovery Information

Follow the steps below to create the master key and prepare ERS recovery information:

1. On first launch, the wallet asks MPA nodes to create a master key.
2. MPA nodes then:
   1. Create the master key and a key ID.
   2. Generate ERS recovery info and exchange it with each other (all nodes must agree).
   3. Mark the master key as operational, then send key ID and recovery material to the wallet.
3. Wallet users download and securely store the recovery information.

📘

Note:

Validate and store recovery information before creating production accounts in the wallet.

ertool: Scope

Blockdaemon ships ertool, a bare-bones helper CLI for Institutional Vault private key recovery. ERS (Emergency Recovery System) is the broader break-glass process your organization defines and operates; ertool supports key-recovery steps within that process. It supports three operations:

• Recover master keys — decrypt and reassemble the master private key from the backup blob (recover pem or recover p11).
• Derive sub-keys and addresses — walk the HD derivation tree to produce child private keys and their on-chain addresses.
• Sign data — produce signatures with any recovered or derived key.

ertool is the only moment when key shares are combined into a full master key. It operates independently of Institutional Vault and Blockdaemon infrastructure.

⚠️

Important:

ertool is not a full Emergency Recovery System, a complete wallet, or a transaction builder. It does not replace scaling Policy Nodes, recovering individual node backups, or cloning a lost wallet.

ertool Quickstart

Run ./ertool --help to see all commands and ./ertool [command] --help for command-specific help.

Full Command List

ertool --help

Blockdaemon Wallet Emergency Recovery

Usage:
  ertool [command]

Available Commands:
  completion  Generate the autocompletion script for the specified shell
  derive      Derive a private sub-key; optionally print the associated address
  help        Help about any command
  recover     Recover private key from encrypted backup

Flags:
  -h, --help   help for ertool

Recovery supports two decryption backends as subcommands of recover:

ertool recover --help

Recover private key from encrypted backup

Usage:
  ertool recover [command]

Available Commands:
  p11         Recover private key with PKCS#11 (HSM) decryption
  pem         Recover private key with a PEM decryption key

Recover with HSM (P11)

Use recover p11 when the decryption key is HSM-protected.

./ertool recover p11 \
  --backupFile wallet-backup.json \
  --hsm-key-label "ers-recovery-key" \
  --hsm-library "$P11" \
  --hsm-pin "$PIN"

P11 Recovery Flags

ertool recover p11 --help

Recover private key with PKCS#11 (HSM) decryption

Usage:
  ertool recover p11 [flags]

Flags:
  -b, --backupFile string        path to encrypted backup file
  -h, --help                     help for p11
      --hsm-key-id string        hex-encoded CKA_ID of key (optional)
      --hsm-key-label string     label of RSA private key in HSM
      --hsm-library string       path to PKCS#11 library (.so/.dylib)
      --hsm-pin string           HSM PIN (for Azure: 'cu_name:password')
      --hsm-pin-file string      HSM PIN (for Azure: 'cu_name:password')
      --hsm-slot uint            HSM slot ID (default: 0)
      --hsm-token-label string   HSM token label (alternative to slot ID)

Example Azure HSM Recovery Output

./ertool recover p11 \
  --backupFile wallet-azure-hsm-back.json \
  --hsm-key-label "ers-recovery-key" \
  --hsm-library /opt/azurecloudhsm/lib64/libazcloudhsm_pkcs11.so \
  --hsm-pin "cu1:user1234"

Key type: ECDSA_SECP256K1
 - private key: b2c249071ecc16d6e6b42e8a548765fc891d1d447b2ed614182911a5bd58953e
 - public key : 04ba5ad297ebb8ab0537ac4ecffaf4f7616e17cd8a846f627530eb9d3892ecdcc3ad3802cdfcc9315ec5caac158e4e3287b82bcad0430642e9bdfc1f6e239b2a85
 - chain code : 67c0f586eb03263c6f7c915cea8ddd078299f41582b282491e58a925bb74b489
Key type: EdDSA_Ed25519
 - private key: 09d0986845e6ad8ec0d106c1345e87e5399b2fe658321a6c2c8cd085a7a1ccf6
 - public key : 0784d06c90d40f377526cc830ddcd6159d97ead0bf834b8656af68670f505846
 - chain code : 98f19af818c311bbf1934be17ad9577008e5ba9fab1e5259e2f2af602c0989b2

Recover with PEM Key

Use recover pem when the decryption key is in a PEM file.

./ertool recover pem \
  --backupFile wallet-backup.json \
  --privateKeyFile recovery-key.pem

PEM Recovery Flags

ertool recover pem --help

Recover private key with a PEM decryption key

Usage:
  ertool recover pem [flags]

Flags:
  -b, --backupFile string       path to encrypted backup file
  -h, --help                    help for pem
  -p, --privateKeyFile string   path to private key in PEM format

Derive Private Sub-Keys and Addresses

After master key recovery, use derive to derive private sub-keys and optionally print the associated address.

ertool derive --help

Derive a private sub-key; optionally print the associated address

Usage:
  ertool derive [flags]

Flags:
      --account uint32           account in the wallet's standard derivation path
      --address-index uint32     address-index in the wallet's standard derivation path
      --address-type string      optional print of address from derived key
      --coin-type uint32         coin-type in the wallet's standard derivation path
      --derivation-path string   derivation path, e.g., m/44/60/0/0/0, for Ethereum mainnet address#0 in account#0
      --full-derivation-path     specify the full derivation path using the derivation-path flag, rather than through (coin-type, account, address-index)
  -h, --help                     help for derive
      --privateKey-file string   path to private master key file

derive Examples

Derive using standard wallet path components:

./ertool derive \
  --privateKey-file master-private-key.hex \
  --coin-type 60 \
  --account 0 \
  --address-index 0 \
  --address-type evm

Derive using an explicit full derivation path:

./ertool derive \
  --privateKey-file master-private-key.hex \
  --full-derivation-path \
  --derivation-path "m/44/60/0/0/0" \
  --address-type evm

Derivation Paths

The Institutional Vault is a Hierarchical Deterministic (HD) wallet — all sub-keys are derived from the master key using BIP-44-like derivation paths. During emergency recovery you must know which derivation paths were in use to locate all on-chain funds.

Derivation Path Format

m/purpose/coin_type/account/change/address

Each component means:

• m: master node.
• purpose: set to 44 (unhardened) for BIP-44.
• coin_type: SLIP44 identifier for the blockchain.
• account: account index, starting at 0.
• change: 0 for external addresses, 1 for change addresses (currently not used).
• address: address index, starting at 0.

Blockdaemon Derivation Paths

Example Emergency Recovery Process

Below is a recommended two-phase approach. Adapt it to your organization's security policies and infrastructure.

Phase 1: Key Recovery (Air-Gapped)

Perform recovery on an isolated, air-gapped system for maximum security.

1. Decrypt the master private key using the RSA decryption key and ertool (recover pem or recover p11).
   • If the decryption key is HSM-protected, a connection to the HSM is required on the air-gapped system.
2. Export the public master key and chain code from the recovery output.
3. Transfer the public information only (public key + chain code) to an internet-connected system to query on-chain state. The private key must remain on the air-gapped system.

Phase 2: Fund Recovery

Use the public key on a networked system to locate funds, then sign on the air-gapped system.

1. Identify relevant accounts and assets on-chain — use the public master key and chain code to derive public addresses (via ertool derive or equivalent tooling) and query blockchain explorers or nodes for balances.
2. Prepare recovery transactions — build unsigned transactions targeting a new secure destination address for each asset.
3. Transfer unsigned transactions to the air-gapped system for signing with the recovered private key (via ertool or integrated signing software).
4. Sign and broadcast — sign each transaction on the air-gapped system, transfer the signed transactions back to the networked system, and broadcast them to the respective blockchain networks.