Key Backup
The OAuth restore process allows users to regain access to their Bitcoin identity on any device using just their OAuth credentials and backup password.
Prerequisites
Before starting the restore process, ensure:
- You have previously linked an OAuth account (Google/GitHub) to your Bitcoin identity
- You remember your backup password used during the initial backup
- You have access to your OAuth provider account
Step-by-Step Restore
1. Navigate to Restore Page
Visit the OAuth restore page in your application:
- Direct URL:
/oauth-restore
- From login page: Click "Restore from Backup" link
2. Select OAuth Provider
Choose the OAuth provider you previously linked:
- Google - if you linked your Google account
- GitHub - if you linked your GitHub account
- Multiple options - if you linked both providers
3. Complete OAuth Flow
- Click your provider (Google or GitHub)
- Sign in to your OAuth account if not already logged in
- Grant permissions to access your linked identity
- Return to the app with your OAuth identity confirmed
4. Enter Backup Password
- Password prompt appears after successful OAuth verification
- Enter the same password you used when creating the backup
- Click "Restore Wallet" to decrypt your private key
- Wait for decryption - this happens in your browser using bitcoin-backup
The decryption process uses the bitcoin-backup
package:
import { decryptBackup } from 'bitcoin-backup';
try {
// Decrypt the backup fetched via OAuth
const privateKey = await decryptBackup(encryptedBackup, password);
// Success - user is now authenticated
console.log('Identity restored successfully');
} catch (error) {
// Invalid password or corrupted backup
console.error('Restoration failed:', error.message);
}
5. Successful Restore
Upon successful restoration:
- Your Bitcoin identity is loaded into the current session
- You're automatically logged in to the application
- Your private key is available for signing operations
- Backup remains available for future use on other devices
Troubleshooting
"Backup not found"
Cause: No backup exists for this OAuth account Solution:
- Try a different OAuth provider
- Check if you used a different account
- Create a new Bitcoin identity if needed
"Invalid backup password"
Cause: Entered password doesn't match the backup Solution:
- Try alternative passwords you might have used
- Check for typos or caps lock
- Consider password variations you commonly use
"Backup corrupted"
Cause: Stored backup data is damaged Solution:
- Try restoring from a different device
- Contact support if backup was recently created
- Fall back to manual private key entry
"OAuth provider error"
Cause: Issue with Google/GitHub authentication Solution:
- Try logging out and back in to your OAuth provider
- Clear browser cookies and try again
- Try a different OAuth provider if available
Security Considerations
Browser Security
- Decryption happens locally - your password never leaves your device
- Use a secure network when performing restore operations
- Close browser tabs containing sensitive information after restore
- Use private/incognito mode on shared computers
Password Management
- Use unique backup passwords - don't reuse other passwords
- Store passwords securely - in a password manager if possible
- Never share backup passwords with anyone
- Update passwords periodically if you suspect compromise
Account Security
- Enable 2FA on your OAuth provider accounts
- Monitor OAuth account activity for suspicious logins
- Revoke access if you no longer use the application
- Use strong OAuth passwords as they protect your Bitcoin identity
Multiple Device Workflow
Scenario: New Phone Setup
- Install your app on the new device
- Visit OAuth restore page instead of creating new identity
- Use Google/GitHub login to verify your identity
- Enter backup password to decrypt your Bitcoin keys
- Continue using your existing Bitcoin identity seamlessly
Scenario: Computer Replacement
- Open your app in a new browser
- Choose "Restore from Backup" on the login screen
- Authenticate with OAuth to confirm your identity
- Decrypt backup with your password
- Access your Bitcoin identity immediately
Advanced Options
Manual Backup Import
If automatic restore fails, you can manually import backups:
- Download your encrypted backup from a working device
- Use "Import Backup File" option on the restore page
- Select your backup file and enter your password
- Verify successful import and test functionality
Provider Switching
To change your primary OAuth provider:
- Restore using current provider to access your identity
- Link additional OAuth accounts from within the app
- Test restore with the new provider
- Optionally unlink the old provider
Backup Verification
To verify your backup before needing it:
- Use a different browser/device to test restore
- Complete the OAuth flow with your linked account
- Enter your backup password to verify it works
- Confirm your Bitcoin identity loads correctly
- Log out without making changes
Next Steps
- Security Implementation - Technical security details
- Integration Guide - Add OAuth restore to your app
- Best Practices - Security recommendations