Everything you need to know about Legacy Encryption
It depends on whether you're still around to fix it.
If you're alive, nothing is lost. Your seed phrase — backed up physically, as it always should be — is the source of truth. Just choose new keys and re-encrypt. This is why Legacy is a protocol you maintain, not a one-time action: periodically confirm your keys still decrypt, and re-encrypt whenever a key is lost, forgotten, or possibly compromised.
If it's for inheritance and you're gone, a lost key means that encrypted copy can't be opened — and unless there's another means of retrieval, those coins are unreachable. Legacy stores no data and cannot recover keys for you. That's exactly why we recommend redundancy: multiple copies of the encrypted QR and a sealed break-glass fallback (see Who It's For).
The key principle: always maintain a physical backup of your seed phrase. Legacy does not replace your primary seed backup — it is a means of recovery and transfer, layered on top of it.
Yes. You can create as many Benefactor/Beneficiary key combinations as you like, each associated with a different seed phrase.
Download Legacy-offline.html from GitHub.
Recommended — fully air-gapped on SeedSigner: Load the file onto your SeedSigner. Your seed phrase never touches an internet-connected device at any point in the process.
Alternative: Disconnect from wifi and open the file in any web browser on your computer.
No. Beneficiary Key and Benefactor Key may contain all uppercase, lowercase, numbers, and special characters.
The Beneficiary needs to receive:
See Deadman Switch options for setup guidance.
The best keys are 4–5 random, unrelated words separated by spaces — for example, cloud mango river tuesday. This gives you high entropy while remaining memorable enough to carry in your head or communicate verbally to your Beneficiary. Never write both keys down together or store them with the encrypted QR.
Legacy uses PBKDF2 with 600,000 iterations of SHA-256, making even a modest passphrase extremely resistant to brute force. The two keys are the two halves of one combined password (joined by an untypeable separator), so an attacker who obtains only one half still has to brute-force the other — they need both to decrypt. Note this is a single split password, not threshold cryptography.
Keep the Benefactor Key and Beneficiary Key stored separately. Never store either key alongside the encrypted QR.
✓ Good keys — random, unrelated words with no personal connection:
cloud mango river tuesdaylamp orbit forest eleven quietthunder anchor velvet paradeseven bridge harbor silk moonarctic bench window plum escape✗ Bad keys — guessable by anyone who knows you:
bitcoin — single obvious wordsatoshi2009 — predictable Bitcoin referencejohn1985 — name + birth year, trivially guessablepassword123 — among the most common passwords in existenceiloveyou — common and emotionally predictable for an inheritance toolNote: the examples above are illustrations only — do not use them. Choose your own words at random.
SeedSigner is the recommended way to use Legacy — the entire workflow runs air-gapped. Encrypt on SeedSigner, scan the QR into your Deploy email, and your seed phrase never touches the internet.
For best results when scanning an encrypted QR into SeedSigner:
Visit the Protocol page for a detailed summary.