Verifiable backup

Verifiable backup checks the server's backup of its share — not the user's export blob. The server signs an RSA attestation over its encrypted keyshare, and verifyBackup validates that the signature is genuine and the contents match the device-side keyshare.

For the SDK contract see Verifiable Backup (Kotlin) and Verifiable Backup (Swift).

How the example does it

The demo fetches the server's verifiable backup via HTTP, then asks the SDK to verify it:

Android

vault/.../session/VaultSessionManager.kt

suspend fun verifyBackup(
    keyId: String,
    backupData: ByteArray,
    rsaPublicKey: ByteArray,
    label: String = "",
): Boolean {
    val dao = readDao(keyId)
    val keyshare = dao.currentKeyshare
        ?: throw Exception("No active keyshare found for keyId: $keyId")
    return sessionFor(dao.keyType)
        .verifyBackup(keyshare, backupData, rsaPublicKey, label)
        .getOrThrow()
}

iOS / macOS

Vault/Session/VaultSessionManager.swift

func verifyBackup(keyId: String, backupData: Data, rsaPublicKey: Data,
                  label: String = "") async throws -> Bool {
    let record = try loadRecord(keyId: keyId)
    let keyshare = try requireActiveKeyshare(record)
    return try await sessionForKeyType(record.keyType)
        .verifyBackup(keyshare: keyshare, backupData: backupData,
                       rsaPublicKey: rsaPublicKey, label: label).get()
}

The backupData is a base64-decoded blob from the server's /v3/{algorithm}/backup endpoint. The rsaPublicKey is a hardcoded PEM string the demo uses for verification. Returns true if the attestation is valid.

This is a duo-only operation. The trio example does not use verifiable backup.