One of the most important concepts in web3 technology is self-custody. It means you and only you hold the power to access your digital assets as well as restore your wallets if they are ever lost.
This is incredibly powerful for freedom, but it also comes at a price: there is no customer service and there is no lost & found.
If you lose your keys, you will lose access to your account and the assets in it.
So I'd like to share some information as to what your keys are and a couple of recommendations on how to keep them safe.
Let's start with what they are.
What are HIVE keys?
On the HIVE blockchain, the private key-public key pair is a fundamental part of its cryptographic security system, enabling users to securely manage their accounts, sign transactions, and prove ownership.
The Private key is a secret, randomly generated string of characters (essentially a long, unique password) that you must keep confidential. It’s like the key to your digital safe.
while the public key is derived mathematically from the private key and can be shared publicly. It’s like the address of your safe that others can use to send you assets or verify your actions.
The relationship between the two is one-way: the private key generates the public key, but you cannot reverse-engineer the private key from the public key (thanks to complex math involving
https://www.youtube.com/watch?v=dCvB-mhkT0w).
Now, instead of providing users with only one key pair, Hive takes security a step further with a hierarchical key system with different levels of authority for each account. Each level has its own private-public key pair, and these keys are used to sign transactions or authorize actions.
Here they are, with the first one being the most sensitive:
Owner Key: The "master key" with full control over the account. It can change all other keys and recover the account if compromised. You rarely use this key for security reasons.
Active Key: Used for financial transactions (e.g., transferring HIVE tokens, powering up/down) and some account management tasks.
Posting Key: Used for social actions like posting, commenting, and voting on content.
Memo Key: Used to encrypt and decrypt private memos (messages) attached to transactions.
Each of these has its own private-public key pair. For example:
Private Posting Key → Signs a post or vote.
Public Posting Key → Verifies that the action came from you.
When you create a HIVE account, the blockchain generates these key pairs for you (or you can generate them yourself using tools like
@keychain). The public keys are linked to your account name (e.g.,
@keychain-rourke) and stored on the blockchain, while you keep the private keys.
To perform an action (e.g., send HIVE or upvote a post), your wallet uses the appropriate private key to create a digital signature. This signature proves you authorized the action without revealing the private key itself.
The HIVE network uses your public key to verify the signature. If it matches, the transaction is valid and gets processed.
Let's look at an example:
Let’s say you want to upvote a post by
@alex-rourke (I'm a marketing guy, lol):
- You log into a HIVE frontend (like PeakD) with your posting private key.
- You click "upvote," and your wallet signs the transaction with your private posting key.
- The signed transaction is broadcast to the HIVE blockchain.
- Nodes on the network use your public posting key (tied to your account) to verify the signature.
- If valid, the upvote is recorded.
How to keep your HIVE keys safe
As you might have seen in another video I made on how to use Trust Wallet, I'm a firm believer that you should not keep your keys stored on your computer. As soon as you receive your keys, you should make two copies:
One digital copy on a cold device (one that is not connected to the internet). I use a text file on a simple USB stick like this one and keep it in a fire-proof safe.
Another copy should be in a different location, ideally in a non-digital format like good old pen and paper.
Account recovery on HIVE
There is another important feature you should absolutely take advantage of as early as possible, it's called account recovery. This is super important in case your account is compromised by a malicious actor. If you're using a front end like
@peakd, you can set your recovery account by going to your wallet and clicking on "account actions"...
Followed by "Keys and permissions" and finally "Recovery Account"
Make sure this recovery account is someone you know personally and trust to verify that your account was compromised and they can validate that you want to "recover" the account and
they are unlikely to also be compromised at the same time.
You will need to alert them if your account is compromised and ask them to recover your account here:
https://hivetasks.com/account-recoveryYou will then be able to change the password here:
https://hivetasks.com/change-passwordand get your account back.
To understand asymmetric encryption, I used
https://www.youtube.com/watch?v=AQDCe585Lnc
