What Purcius Genesis does, why it is critical, and exactly how to recover your sovereign root.
Read this once. Keep it. It is the operator's manual for the most important key you hold.
Purcius Genesis mints your operator root — a single Ed25519 key that is your identity on the Purcius platform. It anchors your FQDN (published as _key.<your-fqdn>), and everything the platform trusts about you chains back to it.
It was born on your own device, in airplane mode — never on a shared machine, never handed to you by anyone. You generated it, you split it, you hold it. That is what makes it sovereign.
This key is the root of trust. It is not a password you can reset — it is the thing every other credential is measured against.
Treat it like the master key to everything you build. Because it is.
The key is generated only while your device's radios are off. The app refuses to mint until airplane mode is on. No network path exists at the moment of birth, so nothing can exfiltrate it.
Your 64-byte root is mathematically split into 5 shares. Any 3 reconstruct it. Any 2 reveal absolutely nothing — not part of the key, not a hint, mathematically zero information. So you can lose up to 2 shares and still recover, and an attacker who steals 1 or 2 shares gains nothing.
The moment the shares are produced, the whole key is erased from the device's memory. After Genesis finishes, the complete key does not exist anywhere — only the shares do.
Purcius Genesis declares no network permission and makes zero connections. It is pure C — the same crypto substrate, audited and self-testing, on Android, iOS, and the command line. On launch it runs a self-test and shows you ✓ selftest PASSED before you trust it.
The only things you publish are public: your operator.pub and your _key.<fqdn> line. The private root never leaves your device un-split.
_key line + pubkey. That is how the world verifies you. Then leave airplane mode.If you lose your device or need the key again, gather any 3 of your 5 shares and recombine them in airplane mode:
./genesis-cli recover out.key share-01.share share-03.share share-05.shareThe recovered key's public half will match your published operator.pub — that is your proof the recovery is correct. Do it offline; wipe or re-split when done.
| Event | Consequence |
|---|---|
| 1 or 2 shares stolen | Nothing. Sub-threshold reveals zero. Consider re-minting at your leisure. |
| Lose 1 or 2 shares | Fine. Any 3 of the remaining rebuild the key. |
| Lose 3+ shares | The root is unrecoverable. Re-establish a new operator identity. |
| 3 shares compromised together | The root is exposed. Rotate/re-establish immediately. |
| Your device lost/stolen after minting | The whole key was already wiped — the thief gets nothing from the device. |