🚨I'm excited to announce a huge technical milestone in @Ledger’s mission to simplify self-custody. Ledger Recovery Key—a PIN-protected physical card enabling storage & recovery of your 24 words with just a few taps. No KYC, no subscription fee, just peace of mind: 👇🧵

We wanted to give you a preview into the technical details with a Ledger Recovery Key whitepaper, open source code review via github, and more product details before it launches. But let’s start with how Ledger Recovery Key works.

🔐Ledger Recovery Key is a private, encrypted, PIN-protected spare key to access your assets. 🔄It uses a Secure Element & secure NFC communication with a Ledger Flex or Ledger Stax to backup/restore your 24-words in just a few taps 📝Not a replacement, but a safe and accessible complement to your traditional Recovery Sheet or recovery solution.

Recovery Key is built on four key security touchpoints: 1️⃣Genuine Check - Verifying both card & device are the real deal 2️⃣Secure Element & Encrypted NFC communication 3️⃣Secure Touchscreen - All actions managed via your Flex/Stax only 4️⃣PIN-protection - It’s your personal PIN, created only by you when you set it up. For even more protection, 3 failed attempts wipe the card.

All Ledger Recovery Key functions are managed via the secure screen of a Ledger Flex or Ledger Stax, keeping you in control. 🔢Managing the card’s PIN (4-8 digits) 🔤Assigning & managing the card’s user-assigned name ⛔Applying a Factory reset (to wipe the card) 🔄Updating the Ledger Recovery Key software to add features & continually improve security

There are three key components under the hood of Ledger Recovery Key, all of which underwent extensive, rigorous testing by the Donjon - our internal security team 🔬: 🔷An NXP P71D600 Secure Element working with an JCOP4.5 operating system 🔷The Ledger Recovery Key App - a Java Card application, built on top, enabling secure data transfers, storage & cryptographic operations

But don’t trust, verify! The Ledger Recovery Key App’s code is open source and available for review on our public GitHub and eligible for our Bounty Program. .

Security should be verifiable—but it should never be compromised. This is why Ledger Recovery Key combines Ledger’s verifiable software - where transparency matters most - with Secure Elements. The Secure Element/OS combination achieved Common Criteria EAL6+ security certification - the standard reserved for banks, defence & governments.

From manufacturing, to usage & updates. We’ve scrutinized every step of production to maximize security: 🏭Production is controlled at our facilities in Vierzon 🔑The OS uses specific cryptographic keys that can only be loaded if signed by Ledger HSMs ✅ Authentication between Ledger Recovery Key & HSMs allow for genuine device checks in the field

The communication protocols leverage industry-standard cryptography algorithms. Secure Channels create AES-encrypted tunnels between device and card, with mutual authentication preventing man-in-the-middle attacks.

Discover for yourself how Ledger Recovery Key represents secure-by-design engineering from factory-to-field. As part of today’s Technical first step, we’ve publicly released: 📜The Recovery Key White Paper - a comprehensive explanation of its design, function & architecture 📃A companion blog post summarizing the key technical features 📽️A technical video showing the product in action 🚀A full consumer launch to follow soon

Hand-written Recovery Sheets remain the foundation of secure self-custody: having ownership and control over your digital value - Ledger Recovery Key adds a secure, yet accessible backup option. The choice is yours to make.