Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
Hardware wallets
Prove ownership of your keys and keep them safe
The best way to protect your crypto is to use unique keys and keep them permanently offline
Protecting Bitcoin means not just keeping your keys safe, but also making sure they are unique. Owning your keys is essential to the concept of cryptocurrencies, which is why January 3 serves as a yearly reminder to check your keys are safe and your assets under your control. Read on to learn what keys are, how to protect them, and how to prove you own them.
What are Bitcoin keys?
The first and most important thing to learn about cryptocurrencies is what keys are. Bitcoin keys are essentially very large numbers shown as long strings of characters. Your public key identifies the location of the bitcoin you hold, while your private key unlocks it so it can be sent elsewhere.
Getting used to this concept is important as you only own bitcoin if you alone hold the private keys. Sharing keys with someone else — or worse, trusting an exchange to hold the keys for you — means your funds can be taken at any time without warning. But using an insecure key generator makes it easy for others to find or crack your keys.
So how do you make sure your keys are unique? Ideally you should use a hardware wallet or another method that ensures the keys are random and never touch the internet.
Proof of (unique) keys: make sure your keys are safe to use
By creating your keys the right way, your assets will be secure for decades to come. But one mistake — such as saving your key on a computer — can mean total loss of your coins. Keys must be created offline using a cryptographically secure random number generator to ensure they are unique.
While there are hundreds of wallets, websites and apps which can create valid key pairings, anything created on an internet-connected device can be compromised and the keys can be copied. Even the most secure keys become trivial to guess if they have been seen by a computer.
Creating secure keys
To make sure your keys are unique, you need a device that can create them in a secure, isolated environment where they will never be exposed to the internet. Trezor was the first device made specifically for this purpose that had a screen allowing users to verify the data they were signing without needing to trust their host machine.
This design —which must include a Trusted Display — is now known as a hardware wallet.
Hardware wallets use secure hardware random number generators to ensure that the keys they create are unique, have never existed before, and cannot be guessed, even if an attacker could harness all the world’s computing power. By taking the whole transaction signing process offline, you are able to quickly and easily send transactions without your keys ever leaving your Trezor.
What do Bitcoin keys do?
Without getting too technical, keys act as your digital identity. While your public key is like your name, your private key is like your signature. Public keys become publicly-available information as soon as you send a transaction, as the blockchain uses this information to tell which address owns which bitcoin outputs.
Sharing information about your public keys is not great from a privacy perspective, as people can track your activity, but it has no direct impact on the security of your coins since no-one else knows how to create your signature.
Ideally you should not use the same address from a single public key more than once, and you can change use multiple accounts in Trezor Suite to generate multiple sets of addresses at once.
Much like your bank expects a valid signature before approving a mortgage, you need a private key to sign any bitcoin transaction you wish to make (only your keys can’t be forged). The private key unlocks the bitcoin associated with the public key so it can be moved freely.
Where can I find my keys?
To prevent you from losing access to your funds, when you first set up your Trezor it will provide you with a backup of your keys known as a recovery seed. This is a list of regular words which are used to calculate all the keys for all the cryptocurrencies across all the addresses you use on your device.
Your private keys will never be shown to you — they stay securely on your Trezor — but if someone gains access to your recovery seed, they can use it to duplicate your keys. That’s why it’s essential you store your recovery seed somewhere safe that no-one else can access.
Your extended public key for any particular account (an extended key generates many public key addresses at once) can be found in Trezor Suite, under Account Details. This is useful when you want to create a ‘watch-only’ wallet on a phone or laptop to keep track of all incoming and outgoing transactions without being able to sign them.
If anyone gets hold of your account public key — the XPUB shown above — they can also monitor your entire account activity, which is dangerous if they know more information about you. That’s why it’s important to keep all your keys as secret as possible, and why you should use a new address for every incoming transaction. Using privacy tools such as Tor in Trezor Suite also helps protect your identity.
What not to do with your keys
Your private keys must be kept permanently offline, forever, from the moment they are generated. A private key is only secure because it is a number so big that no computer can guess it, but as soon as it appears in a database it can be copied by malicious scripts and your funds can be stolen immediately.
Why hardware wallets are best for crypto
Your account public keys (XPUBs) should also be kept offline to avoid sharing information about your finances with unknown people on the network. Since the public keys are less essential to security and are needed to create the public addresses where your bitcoin are stored, you don’t need to worry too much about them, but it is good practice to create new accounts from time to time to make it harder for observers to track your assets.
Never share keys with someone else. If you have no option but to share a Trezor with someone else (and only do this with a family member whom you trust completely), it is best to use the passphrase feature to create hidden wallets for each user to ensure everyone has their own unique keys.
Prove ownership of your keys with Sign & Verify
Rather than having to send a transaction every time you want to prove ownership of a certain address, you can simply use the Sign & Verify feature in Trezor Suite. This allows you to sign a text message using your keys, which someone else can then verify using just the address.
To sign a message using your keys, open the Account you want to prove ownership of and then select Sign and Verify from the dropdown ellipses menu.
Signing a message
Enter a message of your choosing and then select the address whose keys you want to prove ownership of. In the image below, we are using the first address from the list to generate a signature by signing the message Proof of keys.
Your Trezor will confirm the message and address before revealing the signature.
Verifying a message
You can send the message, address and signature to whomever requested proof of ownership. They can use Trezor Suite or another tool to ensure the signature is valid.
If the message, address and signature match, your Trezor will ask you to confirm the message and address it is verifying so you can be certain there hasn’t been any interference. If the signature does not match it will fail without needing to confirm these details on your Trezor. A successful signature will result in the following notification:
Now you can prove ownership of any address generated by your Trezor without needing to send a transaction or revealing more information than necessary, as you only sign your message using a single address. Thanks to your Trezor, you can also verify addresses belonging to others and be certain that the data they provided is not being changed in any way.
How to prove ownership of your keys and keep them safe was originally published in Trezor Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.