Data Continuity: What Happens If SafekeeperLife Shuts Down?

Your credentials remain recoverable even if SafekeeperLife ceases to operate. This document explains how.

The short answer

Your encrypted Safe data is stored in our database, which is regularly backed up. Your Keyholders already have their Key files (QR code PNGs). If SafekeeperLife shuts down, we will provide you or your designated recipients with:

1. Your Safe export file – a portable JSON file extracted from our database backup containing your encrypted credentials and all the metadata needed to decrypt them.
2. The Safe Recovery Tool – an open-source application that reads your export file and your Keyholders’ Key files to decrypt and display your credentials offline, without any connection to SafekeeperLife.

No data is lost. No keys are needed from us. Everything required for recovery is already in your hands (password or Key files) and in the export file.

How recovery works by Safe state

The recovery process depends on what state your Safe was in when the service became unavailable.

Locked Safes (encrypted with your password)

What you need: Your Safe export file + your master password.

Process: Run the Safe Recovery Tool with --password mode. It derives the encryption key from your password using the same algorithm (PBKDF2) and decrypts your credentials.

Sealed Safes (Keys distributed to Keyholders)

What you need: Your Safe export file + Key files from at least K Keyholders (where K is your Safe’s threshold).

Process: Keyholders provide their Key file PNGs. The Safe Recovery Tool extracts the cryptographic shares from the Key files, reconstructs the encryption key using Shamir’s Secret Sharing, and decrypts your credentials.

Unlocked Safes (credentials not yet encrypted)

What you need: Your Safe export file.

Note: If your Safe was unlocked (credentials not yet encrypted with a password), the export file will not contain encrypted credentials. In this state, credentials exist only in application memory and may not be recoverable from a database backup alone. We recommend locking your Safe promptly after adding credentials.

Revealed Safes (already decrypted by Keyholders)

What you need: Your Safe export file + Key files from at least K Keyholders.

Process: Same as sealed Safes. The encrypted credentials remain in the database even after reveal, so they can be decrypted again using the Key files.

What your Keyholders should know

Keyholders should:

• Keep their Key files safe. The PNG images they received when the Safe was sealed are essential for recovery. Store them in a secure location (encrypted drive, password manager, physical safe).
• Not modify the PNG files. The cryptographic data is embedded in the PNG metadata. Re-saving, screenshotting, or converting the file will destroy this data.
• Be prepared to coordinate. If SafekeeperLife shuts down, the threshold number of Keyholders will need to provide their Key files for recovery.

Technical details

The Safe Recovery Tool is open-source and can be independently verified. It uses:

• PBKDF2-HMAC-SHA256 (100,000 iterations) for password-based key derivation
• AES-256-GCM for credential encryption/decryption
• Shamir’s Secret Sharing over GF(4,294,967,311) for key splitting and reconstruction

The export file includes a complete crypto_spec documenting all algorithms and parameters, so recovery tools can be independently implemented in any programming language.

For operators and administrators

If you are responsible for winding down a SafekeeperLife deployment:

1. Export all Safes using mix safe.export --all against a database backup
2. Distribute export files to each safekeeper (identified by the safe.id in the export)
3. Provide the Safe Recovery Tool binary or source code to all affected users
4. Notify Keyholders that they will need their Key files for recovery

See the Safe Recovery Tool README for detailed usage instructions.