Emergency Access: How We Share Your Encryption Keys Without Ever Seeing Them
What happens to your encrypted vault if you become incapacitated or pass away? We built Emergency Access - a way to securely share your encryption keys with loved ones, without Inheritfy ever having access to them.
You've encrypted your most important files with client-side encryption. Your vault is secure - even we can't read it. But there's a problem: what happens when your family needs access and you're not there to help?
Today, we're introducing Emergency Access - a feature that lets you share your vault's encryption key with trusted people, without us ever seeing it. This might sound impossible, so let's break down exactly how it works.
The Problem: Encryption is a Double-Edged Sword
Client-side encryption means your files are encrypted on your device before they're uploaded to our servers. We never see your encryption key - that's the whole point.
This is great for privacy: your files are truly private, we can't be compelled to hand them over, and even if we were hacked, attackers couldn't read your data.
But it creates a problem: if you're incapacitated, no one else can access your vault. Your family can't just "reset your password" - the encryption that protects you also locks them out.
We needed a way to share your encryption key with people you trust - but only when you want them to have it, and without us ever seeing it.
The Solution: Zero-Knowledge Key Sharing
Emergency Access uses a clever technique based on how URLs work. When you share a URL like https://example.com/page#secret, the part after the # (called the "fragment") is never sent to the server. This is a fundamental part of how the web works - browsers only use fragments locally.
Example Emergency Access URL:
https://inheritfy.com/emergency/abc123↑ Sent to server#x9k2m4p7↑ Never leaves your browserWe use this browser behavior to create a secure key-sharing system. Here's how it works:
- You create a link. Your browser generates a random secret and encrypts your vault key with it.
- The link is split in two. The encrypted vault key goes to our server. The secret that decrypts it goes in the URL fragment (after the #).
- Someone uses the link. Their browser extracts the secret from the URL fragment - which never gets sent to our server.
- Decryption happens locally. Their browser downloads the encrypted payload from our server, decrypts it using the secret from the URL, and reveals your vault key.
The result: we only ever see the encrypted payload, which is useless without the secret. The secret only exists in the URL you share - never on our servers.
Why This is Secure
This design has several important security properties:
- We never see your key. The link secret never leaves your browser. We only store the encrypted payload.
- It's based on web standards. URL fragments not being sent to servers isn't our feature - it's how the web has worked for decades.
- You stay in control. You must approve each access request. No one can use the link without your explicit permission.
What If Inheritfy Were Compromised?
Let's imagine the worst-case scenario: an attacker gains complete access to our servers. Here's what they would find:
| What They'd Access | Can They Read Your Files? |
|---|---|
| Your encrypted vault files | No - encrypted with your key |
| Emergency Access payloads | No - need the link secret from URL |
| Link metadata | No - doesn't contain keys |
The attacker would have encrypted blobs they cannot decrypt. Your vault key is safe because half of the puzzle (the link secret) only exists in the URLs you've shared - never on our servers.
How to Set It Up
Getting started with Emergency Access is simple:
- Go to your vault settings. Open any vault and click on "Emergency Access" in the settings menu.
- Create a link. Click "Create Emergency Access Link". Your browser will generate the secure link.
- Share securely. Copy the link and share it with someone you trust. Use an encrypted messenger or share it in person - don't email it in plaintext.
- Manage requests. When someone uses your link, you'll get a notification. Review and approve or deny from your dashboard.
Tips for Using Emergency Access
- Share links securely: Use encrypted messaging (Signal, WhatsApp) or share in person.
- Create multiple links: Different links for different people. You can revoke individual links without affecting others.
- Store links safely: Tell your trusted contacts to store the link in their password manager.
- Review active links periodically: Revoke links that are no longer needed.
- Enable notifications: Make sure you're alerted to access requests.
The Bottom Line
Emergency Access solves one of the hardest problems in secure storage: giving others access to your encrypted data without compromising security. By splitting the secret between the URL fragment (which stays client-side) and our server (which stores the encrypted payload), we've created a system where:
- You maintain complete control over who can access your vault
- Your encryption key is never exposed to us or anyone without the link
- Someone with only the link can't access anything without your approval
- Even a complete breach of our servers wouldn't expose your key
This is the power of zero-knowledge architecture - enabling secure collaboration without sacrificing privacy.
Ready to Set Up Emergency Access?
Create your encrypted vault and set up Emergency Access links for your trusted contacts. Keep your documents secure while ensuring your family can access them when it matters most.
Start Your Free TrialRelated Articles
Apple's Digital Legacy vs. Dedicated Services: What You're Missing
Apple's Legacy Contact feature is a good start, but it only covers your Apple world. Here's what it does, what it doesn't, and why you probably need more.
What Happens to Your Social Media When You Die?
Your Facebook, Instagram, and Twitter accounts don't disappear when you do. Here's what actually happens to your digital presence - and how to control it.
Password Managers Aren't Enough: The Digital Inheritance Gap
You use 1Password, Bitwarden, or LastPass religiously. Great for security. But when you die, your family still can't access anything. Here's the gap no one talks about.