Skip to main content

Importing External Keys into the Self-Custody Platform

Fortary’s framework allows customers to import external crypto keys that were originally generated outside of our custody environment. This feature is designed to support specific operational or legacy needs- for example, when assets are locked to an existing wallet and cannot be transferred until a later unlock date.

Important Security Considerations

Importing externally generated keys introduces inherent risks that customers must carefully consider:
  • Unknown Key Exposure:
    When keys are created outside of our custody platform, their security history is unknown. They may have been exposed to software vulnerabilities, unsafe storage, or previous key holders. Our platform cannot verify whether a private key has ever been compromised, copied, or otherwise made accessible to unintended parties.
  • Limited Trust Scope:
    Once imported, the keys can be used within our MPC-based self-custody signing framework, but we cannot guarantee the original key’s integrity. We recommend treating any imported key as potentially at-risk.
  • No Custodial Backup:
    For imported keys, we do not perform a backup or recovery ceremony. Backup management and key storage remain entirely the responsibility of the customer.
    Customers must follow their organization’s internal security and compliance procedures for securing private key backups, including:
    • Encrypted offline storage of backups
    • Controlled physical access
    • Awareness of any individuals who have had prior access to the keys

Recommendations for Secure Migration

Once assets become transferable, we strongly recommend migrating them to a new wallet generated directly within our custody environment. This is especially critical because most major blockchain networks, including EVM-compatible chains and Bitcoin, do not support native key rotation. Once a private key is known or exposed, the only reliable mitigation is to move all assets to a fresh wallet with keys generated in a secure and verifiable manner. Our platform provides a secure key generation and management process within MPC-protected Trusted Execution Environments (TEEs), which ensures that key material is never exposed in plaintext form and is known to originate from a verifiable source.

Start Importing External Keys

External Key Preparations Steps

  1. Discuss with your Fortary account contact to ensure onboarding readiness and that your current plan support this functionality.
  2. Ensure you’ve already have already set up your mobile signing app.
  3. Acquire the pre-existing key that was created externally from Fortary.
  4. Ensure your organization has proper security measures and back ups in place around this key.
  5. Have this key, or a copy of this key, accessible for set up of devices with the Fortary team.
Import External Key
  1. Hit “Connect” or “Re-Connect”. Wait for the app to indicate you are connected.
    1. Note: This is how you will ensure you are connected to sign transactions in the future as well
  2. Select “Menu”
  3. Select “Import legacy seed phrase”
  4. Fortary will provide you with the below info. Please copy/paste as provided.
    1. Entity Name
    2. Vault Name
  5. Please copy/paste your externally key you wish to import
  6. Hit “Import”
    1. Keep the device on while importing is completed. This may take a few moments.
  7. Those with owner role should now see vault for the newly imported wallet.
  8. The Fortary team may have perform a test transaction with the app to confirm it is working properly
You are now successfully set up to use sign transactions with your mobile signer device!