A client device bootstraps against a trusted server by obtaining an activation code that includes an identifier and a one time password. The client device sends a message to a public server requesting an address of a trusted server associated with the identifier. The client device receives the address of the trusted server from the public server and initiates a communication session with the trusted server at the address provided by the public server. The one time password is used as a shared secret to secure the communication session. The client device downloads cryptographic information from the trusted server.