Security & Recovery

What Purcius Genesis does, why it is critical, and exactly how to recover your sovereign root.

Read this once. Keep it. It is the operator's manual for the most important key you hold.

← Back to Genesis

1 · What you minted

Purcius Genesis mints your operator root — a single Ed25519 key that is your identity on the Purcius platform. It anchors your FQDN (published as _key.<your-fqdn>), and everything the platform trusts about you chains back to it.

It was born on your own device, in airplane mode — never on a shared machine, never handed to you by anyone. You generated it, you split it, you hold it. That is what makes it sovereign.

2 · Why it is critical

This key is the root of trust. It is not a password you can reset — it is the thing every other credential is measured against.

Treat it like the master key to everything you build. Because it is.

3 · How it is protected

Born cold (air-gapped)

The key is generated only while your device's radios are off. The app refuses to mint until airplane mode is on. No network path exists at the moment of birth, so nothing can exfiltrate it.

Split, so no single loss is fatal (Shamir 3-of-5)

Your 64-byte root is mathematically split into 5 shares. Any 3 reconstruct it. Any 2 reveal absolutely nothing — not part of the key, not a hint, mathematically zero information. So you can lose up to 2 shares and still recover, and an attacker who steals 1 or 2 shares gains nothing.

Wiped the instant it is split

The moment the shares are produced, the whole key is erased from the device's memory. After Genesis finishes, the complete key does not exist anywhere — only the shares do.

The app cannot phone home

Purcius Genesis declares no network permission and makes zero connections. It is pure C — the same crypto substrate, audited and self-testing, on Android, iOS, and the command line. On launch it runs a self-test and shows you ✓ selftest PASSED before you trust it.

Public out, secret stays in

The only things you publish are public: your operator.pub and your _key.<fqdn> line. The private root never leaves your device un-split.

4 · Your responsibilities

5 · How to recover

If you lose your device or need the key again, gather any 3 of your 5 shares and recombine them in airplane mode:

The recovered key's public half will match your published operator.pub — that is your proof the recovery is correct. Do it offline; wipe or re-split when done.

6 · Blast radius — what each event means

EventConsequence
1 or 2 shares stolenNothing. Sub-threshold reveals zero. Consider re-minting at your leisure.
Lose 1 or 2 sharesFine. Any 3 of the remaining rebuild the key.
Lose 3+ sharesThe root is unrecoverable. Re-establish a new operator identity.
3 shares compromised togetherThe root is exposed. Rotate/re-establish immediately.
Your device lost/stolen after mintingThe whole key was already wiped — the thief gets nothing from the device.