Welcome to the Finrock Developer's Centre.
Finrock offers a cutting-edge Key Management Server (KMS) that ensures total ownership and control of private keys for all assets in custody. Our KMS architecture guarantees that Finrock’s backend servers cannot access any private keys, Mnemonic Phrases, or wallet seeds at any time.
Hosted on the client’s infrastructure, preferably within environments like AWS or Azure, the KMS performs all signing tasks securely. This setup ensures that private keys remain within the client’s controlled environment, never exposing them externally. providing an uncompromised level of security for asset management and transactions.
Communication between the private KMS and Finrock's backend is secured using a one-way, end-to-end SHA-512 encrypted protocol, adhering to military-grade standards. This setup ensures that the KMS is completely isolated, with all inbound traffic blocked, safeguarding it from various targeted attacks aimed at accessing private keys.
Rather than receiving direct tasks from Finrock, the KMS autonomously queries Finrock at regular intervals to perform any pending signing jobs. Once transactions are signed, the KMS encrypts them before they are dispatched to the blockchain. For added security, the KMS can be instantly taken offline (using a kill switch) to halt any further
transaction signing.
Additionally, the KMS includes a comprehensive recovery package, which allows for the regeneration of private keys for specific addresses or a range of addresses, facilitating manual fund recovery if necessary.