(no title)

Backup and recovery currently are handled by iCloud and Google Drive through Keychain and KeyStore, respectively, both of which form the backbones of Apple and Google password managers, respectively. The two cloud backup services (a) are fully encrypted both in transit and at rest and (b) are managed by Apple and Google, not Keyri. So the only parties that "see" the private keys are the user and Apple or Google, and the latter two only see encrypted copies of the keys, same as they only see encrypted copies of their users' saved passwords. Recovery also happens through Apple or Google when a user sets up their new phone using iCloud / Google Drive backups of their old phones, which are also encrypted in transit and at rest. Developers can additionally require users to enter a pre-specified passcode in order to decrypt their private key upon recovery, which involves another layer of local encryption.

Key pairs are generated locally on the device (i.e., Keyri's API does not generate/provision them). Private keys are stored encrypted at rest in phones' secure enclaves and only decrypted at run time once biometric verification is passed.