Public and Private Keys: All You Ever Need To Know
Before we get into private keys it is important to understand what a cryptocurrency wallet is. The cryptocurrency wallet is essentially a location on a blockchain where cryptocurrencies are stored, sent or received. In more real world terms, think of your cryptocurrency wallet as a bank account for your digital assets.
However, it is important to recognize that you do not own your bank account that your bank allows you to use; you own the access to that account through things items such as your identity, PIN numbers, etc. In that same exact way, you do not own the wallet address on the blockchain; you own the access to that wallet address through items called private and public keys. Click here to learn more about the different types of cryptocurrency wallets.
What is a Public Key?
The public key (aka wallet address) is exactly that; PUBLIC. Everyone on the big bad blockchain can see that wallet address; how much cryptocurrency is in it, where money as been coming from and where it is going. Before you start freaking out about privacy, just know that while others can see the wallet they really have no idea who owns it (unless you tell people).
Public keys are what you provide to others if you want them to pay you for work done, send you crypto Christmas gifts or literally anything else of that nature. By providing the public key to others you are only allowing them to send crypto to you; but they can not alter your funds in any other way (i.e. like steal your crypto). It’s the same thing as giving someone your bank account number and them depositing money into that account.
What is a Private Key?
What is a private key? A private key is essentially a long string of random characters (numbers, symbols and letters) that gives a cryptocurrency holder access to the digital assets in a wallet address. If it helps at all, try to think of the blockchain as your own bank, the public key as the vault and the private key and the physical key that you would use to open that vault to go swimming in all your money (Donald Duck style).
The private key is used to essentially do two things: (1) verify that the person initiating the transaction is the owner of the wallet and (2) authorizes the sending of cryptocurrency out of a wallet and to a desired destination.
How a Private Key is Generated
The moment a user generates a wallet address, the blockchain creates and assigns a private key so that new user may send and receive payments from that new address. Initially a private key’s file size is larger than it has to be, so in an attempt to save space, it is modified to an alternative format that is shorter, more user-friendly, and easier to store. Wallet Import Format (WIF). WIF is the alphanumeric encoding that is widely used for blockchain private keys.
Private keys starts with 51 characters and begin with the number “5” for uncompressed addresses (65 bytes). Private keys for compressed addresses (33 bytes) start with a K or L and are composed of 52 characters. Why do all this compressing non-sense, you ask? To save space on the blockchain!
An example of a private key in both forms would look like this:
Uncompressed (The form initially generated by the blockchain – larger file size)
Compressed (The final version that is used by everyone – smaller file size)
How a Public Key is Generated
The corresponding public key for the address is derived from the private key using a mathematical algorithm (in Elliptic Curve Cryptography) to generate the public key. The private key is then transformed using hash functions and bits of additional information in a multi-step process to produce the public address. While the public key can be calculated out of the private key, the cryptography of the address prevents the reverse, thus making it impossible to calculate the private key from the public key.
How a Private Key is Used in Transactions
Now you know what a public and private key are, what they do and how they are generated; now lets go a little deeper into how private keys are used in transactions.
As simply as I can put it, all payments made on the blockchain are irreversible due to a mathematical signature unique to each transaction. The private key is the mechanism a wallet owner uses to sign each transaction.
A signed transaction is then broadcast on the blockchain, confirming that you (the wallet holder) are authorized to movement the cryptocurrency from your wallet to another. Once the confirmation has been issued on the blockchain, the transaction from that point on, can no longer be modified.
Let’s Role Play
Let’s put the private key’s role into a real world context.
Let’s pretend that future you has been battling it out all afternoon with a Lamborghini salesman and you wanted to buy a bright pink Lambo for 0.75 Bitcoin (BTC). You would first initiate a payment to the dealership’s wallet public address (probably by QR code) for the negotiated amount of BTC. Prior to funds actually being moved from your wallet to the dealership’s, you would need to validate (or sign) the transaction by inputting your private key.
Congrats! Future you is now the proud owner of a brand new bright pink Lamborghini!
Keep Your Private Key Private
“If you don’t own your private key, you don’t own your coins” – Everyone in the Crypto Community
Do not go blabbing to your neighbors that you own a lot of cryptocurrency and what your private key is; IT AIN’T NOBODY’S BUISNESS! Rest assured knowing that if that key falls into another’s hands all your cryptocurrency can (and probably will) be stolen. Go crazy and share your public key as much as your little heart desires. The problem is when your PRIVATE key falls into the public’s hands, your private funds will soon follow.
If you keep your money in the bank the responsibility to keep the money safe is placed on to the bank. In turn, the bank is compensated for carrying this burden by charging you fees, which extracts your principle (which is not a good thing). In exchange for lower fees and more access to your wealth, cryptocurrency transitions that responsibility from the bank to the individual.
Cryptocurrency wallet software has no way of verifying if a transaction is initiated by the legitimate wallet owner or a hacker. As long a person has the private key to sign the transaction, the software will view that transaction as validate and will broadcast it as such on blockchain.
Keep it quiet, keep it secured, keep it safe and it should all be good.
Private Key Defense
WE REPEAT, UNDER NO CIRCUMSTANCE SHOULD YOU REVEAL YOUR PRIVATE KEY TO ANYONE! Unless you want to lose all your crypto, then by all means, go for it. However, even if you keep it a secret, there still the chance of having a security breach on your personal device where your private keys can be key logged or screen shot. If your device is compromised the hacker could record your public and private keys and drain your wallet.
To reduce this risk, there are extra measures you can take to secure your private key and ensure that it remains unknown to anyone else but you.
1. Encrypt Your Wallet File
The most popular medium through which hackers steal users’ private key is through storage media. Software wallets (a type of wallet that is connected to the internet) save private keys to a ‘wallet file’ which are in turn stored on a standard, well-known directory. These directories usually become targets for hackers and a data breach would definitely make for a very bad day. Click here to learn more about software wallets and which ones we use.
If you are determined to use a software wallet service/ app make sure to pick one that allows users the option of encrypting their wallet file. The private key is encrypted in the standard WIF format but starting with the number “6”, the wallet file is further protected with a password lock.
Any hacker trying to steal your cryptocurrency would be required to unlock the file with the pass word set at the time of initial encryption; making the decryption the private key impossible (unless your device is infected with a key logger). Of course, just as every password setting instructions would tell you, strength of the password is directly related to the effectiveness of the encryption.
2. Make a Backup Wallet
Another way of securing the private key is by creating a back up for the wallet; this way you will be able to access your private key and quickly transfer funds if you notice the theft immediately. Be careful if you use an online service for your backup solution, such as Dropbox and e-mail, since they can still be compromised by the hackers.
Even the employees who work for your back up service are potential threats if they are capable of viewing your stored data. Crypto owners should make sure that all operation with the wallets using the private key is carried out on a clean computer (and preferably with a VPN).
3. Be On The Look Out for Scams
Unfortunately, in its early years, the cryptocurrency industry is littered with scams trying to take advantage of unsuspecting new comers. Just like the internet was full of foreign royalty who would happily make you a millionaire if you just wired them a few thousand dollars; the same thing is essentially happening in the crypto world.
Some scam artists pose as ICO (initial coin offering) operators offer you free tokens using an Airdrop in exchange for your private key. Others state that they have developed an online wallet where you can transfer your funds. Even be wary of opening emails with strange titles, spelling mistakes or from unknown senders; the phishing attacks that install key loggers aimed to record you private key are being used as well.
The most important piece advice I can give you regarding protecting your private key is to not disclose it to anyone; there simply is not a need for it in almost any situation.
4. Take the Easy Route and Just Buy a Hardware Wallet
Third party crypto storage, of personal software wallets, are unsecured in the sense that they are vulnerable to cyber attacks due to their connection to the internet. Hardware wallets are the premier device for cryptocurrency security and store your private key in an offline environment never exposing it to the world wide web (or even you).
Regarded as the safest and most secure method of storing crypto; hardware wallets also utilize an on board random number generator to generate the private key. Once established, the hardware wallet uses a secured element called a microcontroller to house the private key. These wallets are designed to be tamper proof so requirement to physically type out (or copy and paste) your private key into a signed transaction is replaced with pressing a physical button.
If you tired of worrying about getting hacked and are in the market for a hardware wallet we recommend checking out our reviews on the Ledger Nano S, Keep Key and Trezor. All can be bought for just around $100, and will keep your funds nice and safe.
Moral of the Story: Don’t Share Private Keys
You would not willingly hand someone your banking information on the off chance that they may give you free money later, so why conduct yourself to a different standard when dealing in cryptocurrecny? The private key is the PIN number of the blockchain and with it comes the access to all of your funds. It is important to remember, cryptocurrency shifts the responsibility of storage from the banks to the individual so it is more important than ever that you play your part in keeping your funds safe.