Creating a Vault

How to create a vault.

Overview

There are different types of vaults that can be created in the Vultisig App, designed to meet all users' needs and configuration preferences. From a 'hot wallet' option to a 'cold wallet' option, users have full flexibility in creation and modification afterward.

Creating a Vault is also called a Key Generation (KeyGen) event, see more information here.

Setup - Vault Types

iOS, MacOs, Android, Windows and eventually Linux are intended to be supported. Check the website for the latest update on distribution.

There are three general setup types to choose from:

Fast Vaults
Active Vaults
Secure Vaults

Fast and Active Vaults creation are disabled at the moment. Only 2-of-3 (or more signers) Secure Vaults are enabled for creation. Existing Fast, Active, and 2-of-2 Secure Vaults are fine and can still be used as normal.

Fast Vaults

This setup is the 'hot wallet' equivalent in Vultisig, enabling vaults to be created on the go without the need for multiple devices from the user.

Fast Vaults are configured as a two-factor vault, where one device is held by the user and the other part is the Vultiserver, which automatically co-signs the user's requests (learn more about what a Vultisigner is here), making it a single signature experience. In the future, transaction policies will allow users to specify parameters for co-signing.

It is recommended not to store large amounts in these vaults and to use them as a daily wallet or 'hot wallet.'

Active Vaults

This setup offers increased security compared to Fast Vaults and is therefore considered the "normal wallet" in Vultisig.

Active Vaults consist of two user devices and the Vultisigner. This configuration allows users to sign transactions with just one device while on the go, with the set transaction policies applied. These policies can be configured to be very strict. However, signing transactions with only the user's devices can bypass these policies, allowing for user-authorized unrestricted transactions.

This setup provides the flexibility of a single-signature wallet with much higher security, while also applying multi-factor authentication for high-value transactions

Secure Vault

This setup offers the highest level of security and is considered the 'cold wallet' equivalent in the Vultisig App.

Secure Vaults consist solely of user devices. Users need at least two devices (although minimum three is recommended) and can add more to their vaults, increasing the signing threshold and enhancing security with each additional device. This option is also ideal for shared wallets among multiple users and DAOs.

The vaults will be a m-of-n Threshold, where m is at least 2/3rds of n, and no maximum number of n devices. The more devices you use, the longer it will take to process any transactions.

The following are the most common vaults:

2-of-3 vault - three devices to create a vault and two to sign a transaction. This vault is automatically redundant, which means you can lose one device and still have access to your vault. To make sure you are fully protected, please back up the Vault shares of every device. This vault type is recommended as a secure vault setup.
3-of-4 vault - four devices to create a vault and three to sign a transaction. This vault is automatically redundant, which means you can lose one device and still have access to your vault. To make sure you are fully protected, please back up the Vault shares of every device.
2-of-2 vault - two devices to create a vault and two to sign a transaction. This vault is vunerable if you lose one device, you can lose access to the funds. To make sure you are fully protected, please back up the Vault shares of every device. This vault type is not recommended as a secure vault setup.

What is the most redundant vault that allows you maximum flexibility?

Try this: 1) Use 3 different builds (Mac, iOS, Android) on 3 different devices.

2) Export vaults shares with 3 different passwords to encrypt.

3) Save vault shares in 3 different Cloud Storage options (Google, iCloud, Proton, Dropbox etc), each with a unique email address per Cloud Storage.

4) Ensure each email has 2FA. To compromise this vault, an attacker would need to 1) Break into 2 different emails, intercept your 2FA, AND crack 2 different passwords, or 2) Compromise 2 different devices (get past passcodes and biometrics).

If you practice good security, the likelihood of this is significantly low, almost zero. (How many times has someone broken into 1 of your devices/email/storage accounts, let alone 2).

The advantage of this setup is you can re-spawn anywhere in the world with just your email accounts and passwords, without carrying around hardware wallets and seed-phrases.

Generating A Vault

Click on the image below to watch an explanation video on Twitter on creating a 2/2 Secure Vault

Click on the image below to watch an explanation video on Twitter on creating a 2/2 Fast Vault

How to generate a Vault

Get your devices ready and create a vault.

Select the Vault setup of preference:

Fast Vault
Active Vault
Secure Vault

After selecting your preferred setup, follow the steps for the following Setups:

Fast Vault

Name your Vault: Put in a preferred Vault Name
Put in email: The Vault Share will be sent to this address as a backup
Password: This encrypts the Vault Share received via email
Passcode: To quick access the server and change transaction policies (still to be implemented)
Wait until Vault is Created
Done!

Active Vault

Name your Vault: Put in a preferred Vault Name
Put in email: The Vault Share will be sent to this address as a backup
Password: This encrypts the Vault Share received via email
Passcode: To quick access the server and change transaction policies (still to be implemented)
Scan QR Code with second device and wait until Server is present
Start Vault creation and wait until it finished
Done!

Secure Vault

Start Vault creation with main device and join with all pairing devices.

Main Device: START -> will show a QR Code to scan with your pairing device(s)

Pairing Devices: PAIR -> will start the camera to scan the QR code or a shared QR code can be imported.

When all wanted pairing devices are present, create the vault with the Continue button.

Network Type

You can choose Internet or WiFI.

Internet: Using the Vultisig relay server. Encrypted packages are routed through the Vultisig relay server over the Internet. Each device can be on different networks / Internet providers.
Local: Using local Wi-Fi Network, however may not work on some Wi-Fi networks (since they may block mDNS packets).

The Vault Creation step may fail if the Internet/network connection is not stable.

Keygen

Once you click CONTINUE, the keygen process will begin. First it will create the pre-parameters (your vault shares and some other aspects, about 10 seconds), then it will create the ECDSA and EdDSA keys (another 10 seconds). Finally, it is done! Make sure that all devices show the done screen.

After creating a vault, ALWAYS back up every device.

Troubleshooting

If a Keygen fails, it may be because you have an unreliable network and the devices dropped connections.

Quit the apps.
Change networks.
Start again.

Another reason are low spec android devices. Please ensure that your device has at least 4 GB RAM

PreviousOverview NextManaging your Vault

Last updated 14 days ago