3.8.4 User Recovery

In the case that a user in an account with escrow enabled loses access to their devices (including any backup keys), they can ask one of their escrow account administrator for help recovering their data on a newly logged-in device. An EA with the escrow-write permission can use one of their authorized devices on the EA sigchain to approve the user’s new device and give them access to the necessary encryptionkeys. As in a regular device approval (Section 3.7.2), the EA is first presented with an approval review screen which includes all of the escrowee’s devices (and the escrowee’s fingerprint, which can be checked out-of-band with them). If the admin accepts, the admin’s device signs a BatchApprove sigchain link on the escrowee’s chain, and encrypts all of the user’s previous PUKs for the user’s new device. The EA signs the approval link with both the virtual escrow device key (from the user’s sigchain) and the escrow admin’s own device key (from the EA sigchain).