Export

Export produces an encrypted blob containing the user's full reconstructed private key — not just the device's share. Anyone holding the matching decryption key can re-import the wallet on a fresh device.

Unlike duo's 3-step protocol, trio export is a single SDK call — the SDK coordinates with both mobile and cloud party internally over the websocket, the key reconstruction happens on mobile side.

For the SDK contract see Export Key (Kotlin) and Export Key (Swift).

How the example does it

Android

vault/.../session/VaultSessionManager.kt

suspend fun exportKeyshare(keyId: String): ByteArray {
    val dao = readDao(keyId)
    val keyshare = dao.currentKeyshare
        ?: throw Exception("No active keyshare found for keyId: $keyId")
    return sessionFor(dao.keyType).export(keyshare).getOrThrow()
}

iOS / macOS

Vault/Session/VaultSessionManager.swift

func exportKeyshare(keyId: String) async throws -> Data {
    let record = try loadRecord(keyId: keyId)
    let keyshare = try requireActiveKeyshare(record)
    return try await sessionForKeyType(record.keyType)
        .export(keyshare: keyshare).get()
}

The example wraps the export blob into a JSON entry and writes it to a user-chosen file:

{ "keyType": "ECDSA", "chain": "ETHEREUM_SEPOLIA", "exportDataHex": "abc123..." }

The vault never persists exports — the file is purely for the user to store.