The Desk is the control room for all Kaspa Forge services — and, more importantly, it is a password manager for your keys. This page explains where your keys actually live, why one exported file is a lifetime backup, and what the server can and cannot see.
One encrypted profile
On your first visit the Desk asks you to invent a password. That password encrypts a single profile — the keys of your vaults, deals, listings and your personal Kaspa wallet — right in the browser, using the standard age format. The profile is always stored encrypted; every unlock, every money move, every export and import re-asks the password. Like a password manager — because it is one.
Where it livesIn your browser's local storage, on your device — under the site's origin. It is never uploaded anywhere.
Who knows the passwordOnly you. We never see it and cannot reset or recover it — there is no "forgot password" because there is no server-side account at all.
Why it re-asksA password prompt on a new page or after a refresh is normal, not a bug: the profile sits encrypted until you unlock it.
The master key file: one backup, forever
"Export key file" in the Desk downloads your profile as an encrypted .age file. Store the file and the password separately — whoever has both can move your funds; whoever has one has nothing.
The file covers the future, not just the past. The profile contains a master seed; the keys of every new vault, deal, listing and chat are derived from it. Even a backup exported months ago restores things you created after the export.
On import, the Desk re-discovers your records. It derives your keys from the seed locally, then asks the server for the public data it already has (which vaults and deals exist) and rebuilds the list — "Restored from server". Private keys are never sent; the derivation happens in your browser.
Import is always a merge. Old and new files can be loaded over each other; nothing gets overwritten silently (the wallet asks explicitly on conflict).
Legacy profiles (created before July 10, 2026) predate derivation: their old entities live on random keys, so one fresh export after that date is needed — the Desk shows a yellow "backup outdated" notice until you do. After that, the file is evergreen.
The built-in wallet
Receive / balance / sendThe profile has its own Kaspa address — the handiest way to fund vaults and deals directly ("To safe" does the whole two-step funding route in one click).
"New address"Generates a fresh receive address (privacy: don't show one address to every counterparty). Derived from the master seed — your existing backup already covers it.
"Sweep to current"Old addresses keep working; the Desk shows "past addresses: N" with a button that checks their balances and sweeps everything to the active address. Useful after vault withdrawals, which pay to the address that was fixed when the withdrawal started.
"Wipe from device"For shared computers: fully deletes the profile from this browser (two confirmations; an extra-hard warning if no backup was ever exported). Everything comes back by importing the .age file elsewhere.
If this site is gone: the offline decryptor
Your backup must not depend on our website existing. From the Recovery page you can download kaspa-keyfile-decrypt.html — a single ~3 MB HTML file. Open it from disk with the internet off, load your .age file and password — it shows every private key inside (wallet, seed, vaults, deals) with zero network requests. The file is standard age, so the CLI age -d keyfile.age works too, and the tool is mirrored in the open-source repo.
Security: what the server sees
Never sent to us: your password, your private keys, your seed, the key file. All cryptography — key generation, transaction signing, chat encryption — runs in your browser (WASM).
Sent to us: public keys and public parameters (needed to compute covenant addresses and to watch them), signed transactions for broadcast, and — if you opt in — an heir's email or a Telegram link for alerts.
The origin matters. The profile is stored under the site's address. Enter your password and keys only on kaspaforge.org — check the address bar; lookalike domains are phishing. Our old addresses (safe.officeforge.co, escrow.officeforge.co) simply redirect here.
Losing the file + password = losing access. Honestly: there is no recovery through us, because we hold nothing. Export the file once, keep it apart from the password, and rehearse an import on a small amount.
What we will never ask for
Your Desk password, a private key, a seed phrase or your master key file — anyone who asks is a scammer.
Support can explain steps, but physically has no access to keys or coins. The key file does not give OfficeForge access to anything — it exists for you alone.