“Not your Keys, Not your Coins”
This is a common, almost dictatorial phrase that most of us hear when investing in crypto.
Public and Private Keys always work in pairs in cryptocurrency transactions.
Let’s take an analogy:
Think of your public key as your Email ID. If someone wants to send you an email, you share this ID, and the sender can simply send you a message which lands up in your inbox. Websites that wish to share newsletters with you ask you to share your email ID upon signup. Hence, this ID tells the sender that the message will go to your inbox, because you shared it with them for correspondence. Similarly, if you want to send someone an email, you ask for their email address.
Now think of a private key as the password. The password gives you access to your inbox connected to your email ID. You never share your password with anyone and you keep the secret code exclusively to you. However, anyone who knows your Email ID AND your password can easily get to your contents and steal information.
Public Keys and Private Keys on the surface exhibit this function. But it’s not exactly that simple.
Instead of you getting creative with your email address (in loving memory of all our cringe email IDs), and coming up with a hard to crack password, public keys are derived from private keys using a complex algorithm.
How are Private Keys Generated?
Usually, when using a web or a mobile wallet, your private key is generated for you.
However, trusting a third party to create and manage private keys on your behalf could translate to a risky future. Remember: anyone with your private key can access your assets. It’s almost like you are entrusting your password to someone. They could, or probably would not have malicious intent. But you never know.
That’s why there are ways to generate private keys on your own. For example, when setting up a hardware wallet, you can choose 12-24 random words (called mnemonic or seed phrase) that the device then uses to convert into a cryptographic code.
Private keys could look like this,
(256 character long code)
115792089237316195423570985008687907852837564279074904382605163141518161494336Like this,
(64 digit hexadecimal code)
ef235aacf90d9f4aadd8c92e4b2562e1d9eb97f0df9ba3b508258739cb013db2Like this,
(QR Code)
Or like this
(Binary Code)
01001000 01100101 01101100 01101100 01101111 00100001There are several types of private keys and they all use cryptography so that the key to your corresponding account is safe and secure. However, some users are okay with having third parties manage their keys for them whereas others like to take full custody.
Holding on to Dear Private Keys
If you have ever wondered whether you could be a secret agent capable of handling top state secrets, here’s the chance to test your aptitude.
When taking full custody of your private keys, you assume complete responsibility of securing your keys and the seed phrase used to generate it. Hardware wallets for example, store your private keys for you. The private keys are generated using a seed phrase that you enter upon setup. You must keep both the private keys and seed phrase secure in this case. Some people choose to write down their seed phrase, some memorize it. Point is, private keys are the only way you can get to your assets.
You use Private Keys to both digitally “sign” encrypted messages when sending it to someone and decrypting messages that you have received. The private keys are literally your digital ID akin to biometric verification. If you lose your biometric ID, anyone with it can access all your assets guarded by it.
Remember that cryptocurrencies are not exactly “owned”. You actually own the private key to unlock access to this network. You do not hold the coins, rather they are there in the system, but can only be controlled by you. For example, if you own 0.0023 BTCs out of 19 million BTCs (approx), you control 0.0023 BTCs within the network using your private keys. That is why if you lose your keys, you lose complete access to that amount of coins, and whoever got lucky with your keys will become the “owner/controller”.
Some investors like the sense of autonomy that hardware wallets provide, whereas some don’t trust themselves with securing their private keys and are okay with a third party doing it for them. Depending upon your sense of responsibility, you may choose to move with either of the options or use a combination of both.
Public Keys
Public keys are generated from private keys. The public key is what a user shares with others to receive funds.
Every message from a sender, gets encrypted when using the receiver’s public key.
That encrypted information can only be decrypted using the receiver’s private key. This is to avoid snoopers in between from fiddling with the message.
Anyone with access to your public key can use it to send you messages. That is why many people put up their public keys on their website for sending donations because no one can break into their assets with just public keys.
Even in the event of losing your public key, you can use your private key to recover it.
Digital Signatures
We know that anyone with access to your public key can use it to send you an encrypted message.
But, how do you figure out the validity of the sender? What if you received a message that was fiddled with along the way?
This is where digital signatures come into play. When you send an encrypted message to someone, to prove that you are in fact the original sender of the message, you attach a digital signature along with the message. You derive this signature from your private key using a method called hashing.
The digital signatures are considered akin to a fingerprint verification. This provides an extra layer of security along with the encryption that the public key does to combat any tampering of information.
Bottom-line is, it is crucial to keep private keys safe and secure. Here are some ways to store them both online and offline.
Leave a Reply