In this guide we will introduce you to private keys, their importance inside a cryptocurrency wallet and the reasons why you must back them up securely. Beside that we will also give you a practical example, where to safely store your private keys.
Owners of 'user-controlled wallets' like WebAuth sometimes lose their devices or fail to backup their recovery phrase in a safe place, thus losing their funds forever.
The role of a private key is to give anyone who knows the private key unrestricted access to the crypto assets. The private key by definition proves ownership of a crypto asset.
Important: Protonchain can't recover your private key for you. If you lose it, you won’t be able to make any transactions with your wallet and they have no ability to assist on their end.
Step 1: Tap on the settings icon which is on the far right.
Step 2: Tap on ‘Backup Wallet’.
Step 3: Type "I will never give my private key to anyone else" to proceed.
Step 4: Tap on the ‘Copy to pasteboard’ button to copy your private key.
Private key format will look like this:
PVT_K1_Udh6BnS...
Now that we have private key, we will encrypt file.
gpg --cipher-algo AES256 -c private_key.txt && gpgconf --reload gpg-agent
Choose secure password and enter it.
Verify password and content:
gpg -d private_key.txt.gpg
Important! The backup file can only be decrypted using your password.
GPG by default caches password, to clear cache just run:
gpgconf --reload gpg-agent
If you want, you can also use openssl to symmetricly encrypt file:
openssl aes-256-cbc -salt -pbkdf2 -in private_key.txt -out private_key.txt.enc
Now if you use cloud service, you have the ability to store an encrypted copy of your recovery private key on your personal cloud account. You will only have to remember a password, that you decide, in order to recover your funds.
Upload your file on your cloud service and store your encryption password separated from cloud. Either you can use password manager or other services.
If you want to use even more advanced way of storing password, then you can use ssss - (Shamir's Secret Sharing Scheme), a cryptography program to split a secret into n parts, requiring at least t parts to be recovered (with t <= n).
sudo apt install ssss
Then we have two options ssss-combine and ssss-split, in our case we will use ssss-split:
ssss-split -t 3 -n 3
Generating shares using a (3,3) scheme with dynamic security level.
Enter the secret, at most 128 ASCII characters:
Enter your password which you want to split in 3 parts. Output will look like this:
Generating shares using a (3,3) scheme with dynamic security level.
Enter the secret, at most 128 ASCII characters: Using a 160 bit security level.
1-e9df9b4fba7fa9ff09792526247d56d9d
2-5f1968dbcf9d25d58bf09bbe8437cb8bc
3-86caf1799b546be9e3213486ec945e9a4
Now let's combine all 3 shares to recover our secret password:
ssss-combine -t 3
Enter 3 shares separated by newlines:
Share [1/3]: 1-e9df9b4fba7fa9ff09792526247d56d9d
Share [2/3]: 2-5f1968dbcf9d25d58bf09bbe8437cb8bc
Share [3/3]: 3-86caf1799b546be9e3213486ec945e9a4
Resulting secret: 561cPJbLWFwWOMxtEcpE
Three secret shares can be stored on three different locations, but remember that all of them are conditioned by each other in any order!
