Getting Started
Get your MPC-TEE institutional-grade secure self-custody service immediately!
If you are new here, Sign Up is your first step, create your Safeheron account right away!
Input your name (which cannot change for the time being) and your signup (also the login) email address.
Note: The name you enter here will appear in the approval flow and can not be changed for the time being; ensure that your name can be identified by other members too.
Safeheron will send you one verification code to ensure that you sign up with this email ID, which will also be your login email.
We strongly recommend that you enable 2-Factor Authentication for added security. (Though you can bind it later, still Safeheron highly suggests you bind it timely for your security)
Enable Google Authentication:
Also, you can set up a wallet password and activate the biometric unlock to enhance your asset security.
Set up your wallet password:
You can change your wallet password at any time. To do this: Go to Me ➡ Security, choose
Wallet Password to change it.Activate biometric unlock:
Once you allow Safeheron App to access your Face ID or fingerprint on your device, then the biometric unlock is enabled.
Note:
- 1.If Google Authentication is enabled, you cannot switch it off. Check its status by going to Me ➡ Security.
- 2.Biometric unlock and biometric payment can both be turned on and off.
- 3.The wallet password will be active once it's set up. You only can change the password.
If you want to create a team on your own, select Create Now.
Please contact Safeheron Support at [email protected] first to obtain the 6-digit invitation code, before creating a team.
Please include the following information about yourself in the email when requesting an invitation code: Your institution/team/company name and address, applicant name, and the business type of institution/team/company.
You can proceed with creating your team after entering a valid invitation code. Set your team name as shown below.
Note: For the time being, Team Name cannot be changed once you set it. So, make sure you and your team members understand the purpose of this team.
It may take up to 30s to create one team. You'll be able to view the progress of key shard generation, Co-Signer configuration, TEE verification, and MPC key generation as shown in the image above.
Please back up your local private key shard after creating your team. Here’s how:
In Safeheron, we have two kinds of key shards to be backed up. One is the local private key shard, which will be stored on your device. Another one is the cloud private key shard, which is encrypted in Safeheron MPC Node under SGX protection.
Note: The only way to recover your wallet is by using the recovery phrase. When backing up, please avoid any audio or visual recording devices, log out of other apps, and activate airplane mode to ensure that you are the only one who has access to the phrase.
The backup individual designated by the team creator will receive the relative pending notification, as shown below:
The procedure is identical to backing up the local private key shard.
All team members can view the status of the backup by navigating to Me ➡ Private Key Shard.
Note: We strongly advise the team creator to appoint different team members to back up cloud key shards so that they are backed up in a distributed manner to improve security.
If you are the team creator, you can invite team members as well as admins.
If you are a team member with permission
Manage Member, you can invite team members.After creating the team, the team creator can select members right away as below.
How to invite other Admins and Team Members. See below:
Enter the member's email address and click Send Invitation.
Admins can only be invited by the team creator. Since the team creator is also an admin, they don't need an invite. All admins shall be invited at the same time.
Before inviting admins, the team creator should confirm the following two points:
- 1.How many admins (including the team creator) do you need to co-manage your team?
- 2.How many admins are required to make critical decisions collectively?
The above questions are also used to determine your decision-making model.
Once the decision-making is made, please enter admins' email addresses. Reconfirm the invited admin list and review co-management policies. Once confirmed, click Send.
You can check the status and history of invitations in Me ➡ Member Management.
You can invite team members indefinitely.
When you set the number of admins for your team, they’re invited all at once, and no additional admins can be added afterwards.
The process of inviting members is the same as inviting admins.
Take the admin invitation for example (member invitation is the same).
The person who is invited will get a team invitation on his/her side. See below:
Select the team in the upper left corner of Wallet and review the team invitation.
When the invitee clicks "Accept," a security certificate for the invitee is generated.
However, before becoming an admin, the security certificate must be verified.
The invitee can save the QR code of security certificate or copy the certificate information. Share either one or the other with the creator of your team.
Alternatively, the invitee can have the team creator directly scan the QR code on the invitee's device.
How to verify the security certificate
Inviter-Side
The inviter (the team creator) will have a pending task to verify the invitee’s security certificate.
The inviter will scan the QR code or paste the certificate info. See Below:
Invitee-Side
Once the security certificate is verified, the invitee can successfully initialize the team and join the team!
Note: Team member can be deleted and their permissions changed. However, admins cannot be deleted and all admins have the same permissions.
When you (the team creator) invites an admin, you set the decision-making model. See Invite Admins for more information.
The team creator must consider the following two questions:
- 1.How many admins do you (the team creator) need to co-manage your team? (Enables co-management)
- 2.How many administrators are required to make critical decisions together?
Once all admins have joined, the decision-making mode will be activated immediately.
However, admins can change the existing decision-making model.
Once the decision-making mode is modified, no further changes can be made unless the existing modification is rejected and approved.
If you click on the "View Approval Status" button, you can view the details and progress of approval.
Safeheron's sending and receiving functions are identical to those of popular wallets.
Clear and simple, all in one step.
You can provide the sender with a QR code or the receiving address.
Through Safeheron, you can transfer assets to the team wallet, whitelist that have been confirmed and approved, as well as receiving addresses.
Safeheron transaction policies can be configured up to five dimensions: initiator, source, destination, asset types, and amount.
Safeheron provides you with both basic and advanced transaction policies.
Basic Transaction Policy
Transactions can be created by any team member with the
Create Transaction permission, without restrictions to sending and receiving addresses, asset types, and amounts.The Basic Transaction Policy allows you to modify your approval flow. You can specify the number of approval nodes (up to three), who will be in the approval node, and the quorum for each node.
Advanced Transaction Policy
It can be configured with up to five dimensions: initiator, source, destination, asset types, and amount.
For example:
Note: The current approval node is not approved if one person rejects/does not approve it. If one node is not approved, the entire approval process is terminated. If the initiator wishes to continue the transaction, he or she must recreate it.
The Safeheron App allows you to view and modify your basic transaction policy. See how below.
The Advanced Transaction policy is only available on the Safeheron Web Console and is not available on the Safeheron App.
Only the prompt to view or set an advanced transaction policy is available in the Safeheron App.
How to find your team ID
If you have an advanced transaction policy in place and wish to view it, you can do so using the steps below:
- 1.
- 2.Log in by scanning with the Safeheron App
- 3.View your policies under Settings
Setting up a whitelist is an efficient way to ensure the security and efficiency of your transactions since all addresses must to be confirmed and approved by the team and cannot be tampered with.
Set the address name, type, and address. Safeheron strongly suggests 2-Factor Authentication be enabled for additional security.
If you want to delete a single whitelist, slide the address to the right, click
Delete, and a confirmation page will appear.
Note: If your team have enabled multi-people co-management, then adding and removing whitelist addresses will require team approval.
How to access Safeheron Web Console
Scan to log into the Safeheron Web Console through the Safeheron App.
After scanning the QR code on the web browser, the Safeheron App will authorize your login.
Once the Safeheron App confirms access, simply select the team you want to access on the Safeheron Web and log in.
The Safeheron Web Console allows you to easily view, customize the time frame and export transaction history. See below.
Safeheron advanced transaction policy can be viewed on Safeheron Web Console. See below.
The Safeheron API covers all current Safeheron App features while providing greater flexibility for your business needs. Based on the Safeheron security infrastructure, teams can create their own cold, warm, and hot wallet infrastructure, safely gain secure access to multiple Web3 protocols and explore them freely.
1. Use OpenSSL to generate RSA Private Key (
api_private.pem is your API RSA Private Key):openssl genpkey -out api_private.pem -algorithm RSA -pkeyopt rsa_keygen_bits:40962. Use OpenSSL to generate corresponding Public Key to your RSA Private Key (api
_public.pem is your API RSA Public Key):openssl rsa -in api_private.pem -out api_public.pem -pubout3. Log into Safeheron Web Console, go to Settings ➡ API, and click Create API Key
Tips: How to Import the RSA Public Key of Your API Key?
Two methods:
1. Copy and Paste (Remove the header)
2. Upload RSA Public Key file; the header will be removed automatically
If you need to call the API, you must first whitelist the host's public IP address; otherwise, the Safeheron service gateway will reject the API request.
If you need to use the API Co-Signer, you must first whitelist the public IP address of the host where the API Co-Signer is located.
Above are the main function introduction and user guide on Safeheron App, Safeheron Web Console and Safeheron API.
If you have any questions or suggestions, you are more than welcome to contact us at [email protected]!
Last modified 8mo ago