The at least one first computing device 210 may include a processor 202 (e.g., such as controller 105 shown in FIG. 1) and/or a server 203, and be configured to generate at least one cryptographic pair of a recovery public key 204 and a recovery private key 205. For instance, the at least one cryptographic key pair may be generated once at initialization of the system. If the at least one first computing device 210 becomes unavailable, the cryptographic key management system 200 may allow recovery of cryptographic keys with dedicated management of the at least one cryptographic pair of a recovery public key 204 and a recovery private key 205, as further described hereinafter.

In some embodiments, at least a portion of a cryptographic key 206 of the computer network 201 is encrypted with the recovery public key 204 by at least one first computing device 210, for instance encrypting the cryptographic key 206 when keys are updated (e.g., with new key generation and/or key rotation). The encrypted at least a portion of the cryptographic key 206 may be sent to the at least one second computing device 220 (e.g., a smartphone), for instance the at least one second computing device 220 may thereby store an encrypted version of the cryptographic private key of the computer network 201. In some embodiments, the at least one second computing device 220 retrieves the recovery public key 204, for instance as a certificate, via a dedicated API of operated by the at least one first computing device 210. It should be noted that the cryptographic key may be split into a plurality of shares or portions, between a plurality of computing devices, with the multi-party computation protocol.