If you have access to your Argent wallet, you are able to prepare and perform the off-chain recovery without involving your guardians or paying network fees.
It is fully optional and you can choose to recover the wallet with guardians.
What is being saved and how?
The new recovery process uses encryption and cloud storage to ensure that your private keys are protected. It works as follows.
When you enable ‘Recovery with iCloud / Google Drive’, the Argent app generates a random “key-encryption-key” (KEK) that is unique to you. (A KEK is a cryptographic key that is used for the encryption or decryption of other keys).
Your KEK will encrypt your private keys (plural because it applies to both Layer 1 and Layer 2 private keys, even if you only have one type of wallet).
The encrypted private keys are then stored in your iCloud / Google Drive under your control. Your KEK, meanwhile, is sent to Argent (meaning the company’s infrastructure, not the app).
This split gives you added protection. If anyone gets access to your iCloud or Google Drive, they can’t decrypt your keys without the KEK that Argent has. And if a malicious actor gets access to our infrastructure, they won’t be able to access your wallet as they won’t have your encrypted private keys.
When you need to recover your wallet, the first thing that will happen is that the Argent app will try to detect your encrypted private keys stored on iCloud / Google Drive. If they’re detected, two-factor authentication is used to verify that you’re the legitimate wallet owner.
Once this is complete, a 48 hour recovery window starts. This is an additional security layer that gives you time to cancel it if you wish via your Argent security centre (security.argent.xyz).
After 48 hours, your KEK is securely transferred to your device, which will decrypt and recover your private keys. This gives you back access to your wallet.
At no point will Argent have access to your funds or your private keys, and we will never ask for them.
How to secure your recovery data?
1. On your Argent home page, tap the account switcher button (with Eth or zksync logo) in the top-left corner.
2. Under the selection of the network, tap Settings.
3. Go to Wallet recovery.
4. Under Recovery with iCloud (iOS) or Recovery with Google Drive (Android) you can see option to Enable this recovery.
5. Tap Enable. On Android you will also be presented with Google drive accounts on device that you can choose from. Then you will be prompted to allow access to your cloud account. Argent only asks for the permission to store the specific file, this does not grant Argent app full access to your Google or Apple data.
6. Allow the app a couple minutes to save the encrypted key.
Upon the off-chain recovery Argent app will look into Drive or iCloud storage for specific file in a specific folder. Please do not delete, edit or rename the folder or file in it.
If you have deleted/edited/renamed the folder or file, you will see the message under the recovery option saying Encrypted key not found.
As long as you have access to your wallet, you can re-download the encrypted key.
If you don't have access to your wallet and your encrypted recovery key was modified, you will have to recover your wallet with guardians.
What does 'Encrypted key not found' mean?
It means that:
1. Folder or file saved to your cloud storage has been modified, moved or deleted.
2. After saving the encrypted recovery key you have since recovered your wallet with guardians, where private key changes for the wallet.
In such case, please proceed with the recovery with guardians instead.