Every high-ranking Purcius builder holds their own root key — born on your device, in airplane mode, split so no single loss is fatal, never touching a network.
The key that anchors your FQDN. You generate it, you split it, you hold it. No shared box, no vendor, no trust in anyone else.
Airplane-mode guard → mint → export each share separately → publish your _key line.
Built by CI from source. iOS follows.
operator.pub + your _key.<fqdn> line. The private root never leaves un-split.# online, once pkg install git clang make git clone https://github.com/kastil-systems/nous # ✈️ AIRPLANE MODE ON — confirm all radios off cd nous/purcius-genesis make -C ../security && make ./genesis-cli selftest # must print PASS ./genesis-cli mint 5 3out # -> out/operator.pub out/_key.txt out/share-01..05.share
Scatter the 5 shares to 5 separate places. Publish _key.txt + operator.pub. Then reconnect. Recover anytime with any 3 shares:
./genesis-cli recover out/operator.key out/share-01.share out/share-03.share out/share-05.share
A thin shell over the nous crypto substrate: ed25519 keypair + shamir GF(256) split/combine, both pure C, both tested. The app adds a UI and an airplane-mode guard — nothing more. Auth & key material are substrate (kastil-systems, pure C) by rule, never a per-app concern.