KairoGuard|Documentation
Docsuser guidesRecovery Options

Recovery Options

How to set up recovery mechanisms so you never lose access to your Kairo-protected wallet.

7 min read

Recovery Options

One of Kairo's most important features is protecting you from permanent key loss. Unlike traditional wallets where a lost seed phrase means lost funds forever, Kairo provides multiple paths to recover access.

Why Recovery Matters

The crypto industry has lost billions to key loss:

  • Forgotten seed phrases
  • Lost hardware wallets
  • Deceased holders with no inheritance plan
  • Device failures without backups

Kairo's architecture makes recovery possible without compromising security.

Understanding What You're Recovering

When we talk about "recovery," we mean regaining the ability to sign transactions. Here's what that involves:

| Component | What Happens | |-----------|--------------| | Your local key share | Needs to be restored to a new device | | Network key share | Already safe on Kairo's network | | Policy and binding | Already on-chain, just need object IDs | | Blockchain assets | Never move—they stay at your address |

Recovery is about restoring your signing capability, not moving your assets.

Recovery Method 1: Passkey Cloud Sync

Best for: Most users who want simple, automatic protection

If you enable passkey syncing (via iCloud Keychain or Google Password Manager), your encrypted key share can be restored to any device signed into your account.

How It Works

  1. Your passkey is created on Device A
  2. Passkey syncs to your cloud account (encrypted)
  3. Device A is lost or replaced
  4. On Device B, sign into the same cloud account
  5. Your passkey is available
  6. Kairo can decrypt your key share
  7. Full signing capability restored

Setting Up Cloud Sync

Apple Devices:

  1. Ensure iCloud Keychain is enabled
    • Go to Settings → [Your Name] → iCloud → Keychain
    • Toggle on
  2. When creating your Kairo passkey, it automatically syncs

Android/Chrome:

  1. Ensure Google Password Manager is enabled
  2. Sign into Chrome with your Google account
  3. Passkeys sync automatically

What Gets Synced

  • Your passkey credential (encrypted)
  • Your encrypted key share (protected by the passkey)

What's NOT synced:

  • Your raw private key (never exists in cleartext after setup)
  • Your policy configuration (lives on-chain)

Recovery Method 2: Encrypted Backup Export

Best for: Users who want an offline backup option

Export an encrypted backup file that you can store securely offline.

Creating a Backup

  1. Open Kairo extension
  2. Go to SettingsRecoveryExport Backup
  3. Choose a strong backup password
  4. Download the encrypted backup file
  5. Store it safely (USB drive, printed QR code, safe)

What the Backup Contains

  • Your encrypted key share
  • Your dWallet object ID
  • Your policy binding information

The backup is encrypted with your chosen password—keep this password safe and separate from the backup file.

Restoring from Backup

  1. Install Kairo on a new device
  2. Choose Restore from Backup
  3. Upload your backup file
  4. Enter your backup password
  5. Create a new passkey on this device
  6. Your wallet is restored

Recovery Method 3: Object ID Recovery

Best for: Advanced users or when other methods fail

If you have your private key and the relevant Sui object IDs, you can manually restore your wallet.

What You Need

  1. Your original private key
  2. Your dWallet object ID
  3. Your policy binding object ID
  4. Your policy object ID

Recovery Process

  1. Install Kairo extension
  2. Create a new passkey
  3. Choose Import Existing Wallet
  4. Enter your private key
  5. Go to SettingsAdvancedRestore Configuration
  6. Enter your object IDs
  7. Kairo verifies everything matches
  8. Wallet restored

Where to Find Object IDs

If you still have access:

  • Open Kairo → Settings → Advanced → Object IDs

If you wrote them down:

  • Check your secure notes or password manager

If you never recorded them:

  • You can search Sui explorer using your address
  • Look for PolicyBinding objects owned by your Sui address

Recovery Method 4: Social Recovery (Coming Soon)

Best for: Users who want family/friends as backup

We're building a social recovery system where trusted contacts can help you regain access.

How It Will Work

  1. You designate trusted guardians (friends, family, lawyer)
  2. Your key share is encrypted and split among them
  3. To recover, a threshold of guardians (e.g., 3 of 5) must approve
  4. Their approvals unlock your encrypted backup

Security Considerations

  • No single guardian can access your wallet
  • Guardians don't know each other (if you prefer)
  • Time delays prevent rapid unauthorized recovery
  • You can update guardians over time

Best Practices for Recovery Preparation

Minimum Recommended Setup

At minimum, every Kairo user should:

  1. Enable passkey cloud sync — Automatic protection against device loss
  2. Record object IDs — Store in password manager
  3. Note your wallet address — For reference

Enhanced Security Setup

For higher value holdings:

  1. Export encrypted backup — Store on USB drive
  2. Create paper backup of object IDs — Store in safe or deposit box
  3. Test recovery process — Actually verify you can restore
  4. Share recovery information with trusted person — For inheritance

Inheritance Planning

Think about what happens if you're incapacitated:

  1. Document your recovery process for heirs
  2. Store backup in location accessible to executor
  3. Include instructions in estate planning documents
  4. Consider social recovery with family members

Recovery Scenarios

Scenario: Lost Phone, Same Cloud Account

  1. Get new phone
  2. Sign into same iCloud/Google account
  3. Install Kairo
  4. Passkey is already available
  5. Done!

Time to recover: Minutes

Scenario: Lost Phone, New Cloud Account

  1. Get new phone
  2. Install Kairo
  3. Restore from encrypted backup (if you have one)
  4. Or: Import private key + object IDs (if recorded)

Time to recover: 10-30 minutes

Scenario: Device and Backup Both Lost

  1. If you have your private key written down: partial recovery possible
  2. If you have object IDs: can reconstruct configuration
  3. If neither: assets are still safe but inaccessible until you locate backup

Prevention: Always have at least two recovery methods

Scenario: Suspected Compromise

If you think your device was compromised:

  1. Don't attempt recovery on potentially compromised device
  2. Use a fresh, clean device
  3. Restore from backup
  4. Immediately update your policy to block suspicious addresses
  5. Consider transferring to a new wallet if concerned

Testing Your Recovery Setup

We strongly recommend testing recovery before you need it:

  1. Export a backup on your main device
  2. Use a second device or browser profile
  3. Attempt the recovery process
  4. Verify you can see the correct address
  5. Make a small test transaction
  6. You now know your recovery works

Frequently Asked Questions

Can Kairo staff help me recover?

Kairo cannot access your funds or sign on your behalf. Our network only holds one piece of your key—without your piece, we cannot help.

However, we can:

  • Help you find object IDs on-chain
  • Guide you through recovery processes
  • Verify your recovery configuration is correct

What if I lose everything?

If you lose:

  • Device AND
  • Cloud account access AND
  • Encrypted backup AND
  • Private key AND
  • Object IDs

Then recovery is not possible. This is by design—if anyone could recover without these, attackers could too.

Prevention: Never let all recovery methods fail simultaneously.

Are my funds at risk during recovery?

No. Your blockchain assets never move during recovery. You're only restoring your ability to sign new transactions. An attacker can't steal funds during a recovery process.

How long do I have to recover?

There's no time limit. Your assets stay at your address indefinitely. You can recover days, months, or years later as long as you have the necessary information.

Next Steps

© 2026 Kairo Guard. All rights reserved.