Crypto wallets come with an automatically generated set of keys, one public and one private. The keys are created using cryptography, a method of encrypting and decrypting information at the core of cryptocurrency and blockchain technology. Public and private keys are very different, but both are required to complete any crypto transaction. How you interact with your public and private keys will vary depending on the type of wallet you use, and whether you choose to self-custody. One of the biggest differences between them is security. Public keys can be safely shared with anybody you want, but private keys require careful safekeeping or you risk losing funds. This means if you self-custody it’s important to have a plan for keeping your private keys secure.
One of cryptocurrency’s main purposes is enabling peer-to-peer exchange of value without an intermediary like a bank. But how can you possibly trust sending money to a total stranger on the other side of the world without a middleman keeping everybody honest? Encrypted alphanumeric sequences called “keys” make it possible, and they underpin the entire security apparatus for moving funds on the blockchain. There are two types of crypto keys, public and private. Both serve different essential functions, and cryptocurrency transactions of any kind would be virtually impossible without them. Ahead, we’ll delve into everything you need to know about public and private keys, and how they keep your funds out of the wrong hands.
In this article
- How do keys and cryptography work?
- Public keys vs private keys: know the difference
- Role of public and private keys during crypto transactions
- Protecting your keys
- Where can I find my keys?
- What’s the difference between private keys and seed phrases?
How keys and cryptography work
Before jumping into public vs. private keys, let’s back up and talk about cryptography, which is at the heart of both cryptocurrency and blockchain technology. Cryptography is a method of encrypting and decrypting information so it can be sent securely and only read by the intended recipient. A cryptographically encoded message would look like garbled text to anybody else, but anyone possessing the corresponding decryption key would be able to read it. Blockchain transactions are encrypted and decrypted in much the same way, through the combination of public and private crypto keys.
Every new crypto wallet comes with a corresponding pair of cryptographically generated keys, one public and one private. Public keys can be safely shared with anybody attempting to send crypto to your wallet. Private keys, on the other hand, should be carefully protected, as anyone with a wallet’s private keys gains total control over the funds associated with them. Depending on the type of wallet you use (custodial vs. non-custodial), you may never even interact with your private keys. But rest assured they’re being used anytime you buy, sell, swap or spend crypto, whether you’re aware of it or not.
Public keys vs. Private keys
Private keys and public keys perform very different functions, and both are necessary bookends to ensure crypto transactions are conducted securely. These keys usually take the form of lengthy strings of alphanumeric characters which are cryptographically linked, meaning any transaction encrypted by a public key can only be decrypted using its corresponding private key. This encryption method is known as “asymmetric-key cryptography”.
What is a public key?
A public key, as the name suggests, is viewable by others. You can think of it like your checking account and routing numbers. You can safely provide your public key to anybody trying to send you funds, whether it’s in an email signature, on a website or on a social media post. The only thing somebody with your public key will be able to do is send funds to your wallet and see your wallet balance, so sharing it presents no immediate security risk. Public keys are actually mathematically generated from their corresponding private key, but the process is not reversible.
What is a private key?
Unlike public keys, your private key should never be shared with anyone, as whoever has a wallet’s private key can access the funds it contains. To more privacy minded crypto users, this unwillingness to share private keys even extends to centralized exchanges, many of which provide custodial wallets that manage private keys on users’ behalf. The alternative side to custody services is using a self-custody wallet in which you are in full control of your private keys. Possession of private keys is a rather contentious issue in the world of cryptocurrency, with many believing you don’t actually “own” your crypto unless you are the sole possessor of your private key. This point of view has given rise to the popular “not your keys, not your crypto” adage in some crypto circles.
What is the role of public and private keys during crypto transactions?
No matter which type of wallet you use, whether you self-custody or use a custodial exchange wallet, all crypto transactions must be digitally “signed” with a private key to be completed.
Once you initiate a transaction, your wallet constructs the transaction containing the to address, from address and amount (in addition to other metadata). Your keys are used to create a digital signature confirming the transaction is legitimate. Once the signed transaction is sent to the network, the nodes verify the signature and that the from address has enough funds to complete the transaction.
In the case of custodial wallets, the exchange or service provider holds on to your keys, automatically signing transactions for you whenever a request is made. Some crypto users prefer this set up as it lessens their responsibility – regaining access to a lost account is as easy as tapping “Forgot password?”. However, this also means that a custodial service has the power to make transactions without your consent, restrict access to your assets or even lose your funds in hacks, liquidation or bankruptcy (see examples like Mt. Gox and FTX). More security-minded crypto users prefer to take banking into their own hands, opting instead for a non-custodial wallet (aka self-custody). With a non-custodial option like the BitPay Wallet, you’ll be the only one with access to your private keys, and therefore, to your funds.
How should I protect my private keys?
If using a custodial wallet service, there is no surefire way to protect your keys since you do not control them. Only work with a company you feel you can trust. Do your homework, and read up on an exchange or wallet provider’s reputation and business practices before allowing an institution to custody your funds.
If you’re self-custodying, losing your private key could render your funds irretrievable. The best way to keep your private keys safe are:
- Never share your private keys with anyone (aside from trusted next of kin)
- Use a recovery phrase/seed phrase to back up private key; similarly, only share this recovery phrase with someone you wish to have access to your funds
Never take a screenshot of your private key/seed phrase, or any kind of digital photo for that matter. If you have a large amount of cryptocurrency, it’s always best to keep your private keys offline, such as with hardware wallets, which only connect to the internet to sign transactions. A far less technical but still very much offline method is to simply write your recovery phrase on a piece of paper which you then hide or keep under lock and key. Just make sure nobody else can find it, except any designated next-of-kin who may be unable to access the funds without it if something unexpected happens to you.
Where can I find the keys to my wallet?
Self-custody wallet apps will have an option to view your keys somewhere within the wallet settings menu. If you are using a custody service like Binance, Coinbase or Kraken, you will likely not have access to your private keys.
To view your public key in the BitPay Wallet:
- Tap the Settings icon
- Under Wallets & Keys select the wallet for which you want to access the public key
- Under Advanced tap Information
- Your public key can be found under Extended Public Keys
To view your private key in the BitPay Wallet
- Tap the Settings icon
- Under Wallets & Keys select the wallet for which you want to access the private key
- Under Advanced tap Extended Private Key
- Select Copy to Clipboard
- You can now paste your private key to any other application
What’s the difference between my private key and seed phrase?
Private keys and seed phrases have some things in common. For instance, both must be protected with extreme caution, as anyone who gets their hands on either will be able to copy a wallet or empty it of funds. But that’s largely where the similarities end. Private keys are used for executing crypto transactions, whereas seed phrases are more of a failsafe. Whenever a wallet generates a private key, it also creates a seed phrase, a unique string usually of 12 or 24 words that can be used to recover a crypto wallet. If you lose your private key, your hardware wallet is lost or damaged or you lose access to your wallet for any other reason, a seed phrase might be the only hope you have of retrieving your funds.