Public and Private Keys - how they are used by Steem, making all of this possible? You can find answer here 😊

in #security β€’ 7 years ago (edited)

padlock_inside.jpg

In my previous post, I made an introduction to this topic:

If you didn't read it, you should do so before reading this article, to make sure, that you understand the role of public and private keys on Steem. Here we are going to explore how all of this works... and to be honest, I am really excited, that I am writing post about it :)

Cryptography of public and private keys - Look how simple it is! :)

In a certain way, you generate a pair of keys (key A, and key B), which will have properties, that:

  • everything encrypted with key A, can be only decrypted with key B
  • everything encrypted with key B, can be only decrypted with key A

For convenience, you do not refer to them by A/B names, but you treat one of this key as a public key, and the second one as a private key:


FeminineDistortedHaddock (1).gif
Fragment of: Public Key Cryptography - Computerphile

To use system like this, you want to make sure, that:

  • you are the only person with access to your private key
  • everyone can easily find your corresponding public key

Where my public and private keys from Steem are stored?

Public Keys

Public keys of every user are kept in the Steem blockchain. You can find your public keys on https://steemit.com/@<your_login>/permissions. Those are mine public keys, and I am not afraid showing you this, because those are my public keys :)

Selection_999(196).png

If you would like to find out, what are public keys of Ned Scott (CEO of Steemit Inc.), then you can use another website which shows more details from Steem blockchain: http://steemd.com/@ned

Selection_999(194).png

Private Keys

Selection_999(196).png

You should know, that:


Steemit does not store your private keys on any server.
Steem blockchain does not store your private keys either.

But at the same time, that is true, that you can find your private keys on https://steemit.com/@<your_login>/permissions. So how this works?

For now, just please remember that your keys are generated from your password on the fly every time you provide it, and some of them are stored in localstorage of your browser. One of my next articles will go into details how this is done.

Let's go back to the topic

Two cases where Pair Of Keys can be extremely useful

Public and Private keys can be used in two scenarios:

Encryption

You can encrypt a message, with mine public key, and send this encrypted message to me. Because only I know my private key, only I will be able to decrypt the message.

Right now there is no private messaging feature on Steemit, but encryption of such communication can be done with exactly this mechanism.

Signing

You can encrypt some message (like a transaction), with your private key, and every person who has access to your public keys (so basically everyone...) will have certainty, that only person who poses your private key (hopefully that's only you) could encrypt (authorize) this message.

To make a life of people easier, probably you would publish two messages:

  • original message
  • encrypted version of original message (which could be treated as your digital signature)

Everyone who would like to verify you identity could then try to decrypt your encrypted version of original message with you public key... and check whether this will produce exactly the same message like original, which you also published.

Summary

Of course, I simplified few things, but the whole concept is described pretty well. I needed to write this article to make a background for my next article, where we will go even deeper :)

Right now we know that without revealing your private keys, everyone can check that you possess your private key, and therefore a transaction/post/comment made by you and signed by your private can be validated by everyone, especially by the witnesses which add valid transactions to each block of Steem blockchain.

Because on Steem you have 4 pair of keys (posting, active, owner, memo), witnesses can validate, that particular transaction broadcasted by your browser was signed by a proper key.

I hope that after my last article, you do not use your Master Password anymore, and you use on Steemit only your private posting key (as it was described why and how to do it).


This article belongs to series of articles which describes security on Steemit:

  1. What is the difference between a password and a private key(s) on Steemit? How to make your account more secure, by using them correctly.
  2. Public and Private Keys - how they are used by Steem, making all of these possible? (this article)
  3. Public and Private Keys - how they are working under the hood
  4. How passwords are stored by Steemit in your browser, and why it is secure.
  5. How to set own password, which is not generated by Steemit
  6. How to setup multisig/multiple authorities for your account
  7. ...

Make sure to follow my account, if you don't want to miss any of these :)

Sort: Β 
There are 2 pages
Pages

Witam kolegΔ™ z Polski! Przydatne informacje, dziΔ™ki! :)

Thank you for clarifying this all to me. I was unsure as to what all the keys were for. Since it seemed as if I was never gonna need to know I ignored them.

I had zero idea about it. Had to go through the previous post to understand it all. This is a very helpful post. Thank you very much! :)

TOTALLY newbie question:

How to properly use those keys?
and where i could use that?

This is definitely a handy feature to know about. I started using the key for posting only on my mobile devices for added security. It allows me to view, upvote, comment and post, but you can't do anything else. My devices are secure with passwords of course, but still a good idea to be careful in case someone gets a hold of your device before your password is required again.

Thanks for this detailed info!

Recommendable post :-)

Finally a good explanation, thank you @noisy for enlightening me :) resteeming!

Excellent and well detailed info! Much appreciated. I've read a few stories of people giving out the wrong one and losing their investments. Ouch!

I'm not even sure if I got a 'password' in the beginning? All I know is I've got all my private keys tested and stored safely.

This post is helpful - but I am having a very specific problem I am trying to get resolved.

I joined streemian yesterday before I realized the strength of the active wif. Now I am trying to rescind streemians permissions but i cant. Reseting my password has no effect. I dont know what to do.

I've posted in more detail here. It seems to me streemian collects the wif under somewhat false pretenses saying they cannot access your funds.

https://steemit.com/steemit/@dber/need-help-i-think-streemian-is-procuring-active-wifs-from-new-users-under-false-pretenses-2017616t93220644z

Great post, this public private key thing is a totally new concept to most people so glad to have a post making it easy to understand!

This is actually really useful information @noisy! But I still do not understand how do you encrypt your message with the public key here in Steemit.
sweat smile
Right now all our posts are using the post private key to log in to post. And even people with no login will still see my post.
So how does that work?
Maybe I need to read your first post to see if there is a real example.

thank you for the information

My posting key is incorrect or at least i got told that when trying to use it on chainBB - i am grateful for this article and will be sure to back up on my hard drive next-- i am following you too now

Β 7 years agoΒ (edited)Β 

Is great to have someone who knows how to explain quite complicated topic in simple words. Now is understandable for all dummies as well for me :) nice job @noisy!

Only had time to glance through this a bit. Definitely upvote. Will come back and look at this more later. I've been genuinely curios about how the keys on here work along with how to make it more secure.

Good article, thanks for sharing!

Appreciate the handy information would definitely recommend to new and old users both , safety is key !

Super excited for this release already posted this morning

Okay, "dumb question" please. How do I use those keys. (do i cut and paste or copy?) I wasn't joking about dumb question, sorry and thank you.

Β 7 years agoΒ (edited)Β 

Thanks for your great info
The post is very useful
Recommendable post :-)

By the way I need some help if possible!
I ask you so kindly to read this post carefully
and if you think is useful for newbies please resteemit..( no upvote Needed)
https://steemit.com/steemit/@lordoftruth/the-golden-rules-no-upvote-needed-for-this-post-if-you-support-new-steemers-just-resteem-it

I want to increase the visibilty to reach to a lot of newebies

Β 7 years agoΒ (edited)Β 

Great post...@noisy ...thank for sharing with us....you are the generous...upvoted & followed
221.jpg

Very helpful! Thank you

Very helpful article especially to all newbies includinh myself. I was wondering what are those permission keys. Now you answered some of my questions. Thank you so much!

Thanks.. am a newbie and will help me

This is a good article for the new steemians to know what should be aware when using a cryto-technology / blockchain application. upvoted and resteemed.

This helps me simplify it for friends asking about cryptos. Good post

Thanks for this very useful information.

Hello, It's good posting.

Can i translate to my country language and post it ?

πŸš€ so much to learn πŸ€“ πŸ€“

Good day everyone. I'm new to steemit and i'm a fun person to be with. I'd like to get a mentor to show me around. Kindly follow me and i'll be sure to follow back.
Do have yourselves awonderful day ahead.

Key management is a HUGE issue with the cryptocurrency population. not everyone really understands the actual meaning of "if you don't own your keys, you don't own the coin"

thank you for the post!

This article was very helpful, thank you!

Excellent!

Thanks for this information +5 stars for you :)

Follows, Resteem and upvote

Such an excellent post - would make me feel far more secure since my latest wallet compromise

Nicely Done. Thank you for this.

Following

Yes, because of your article I do not use my Master Password anymore, and I use here on Steemit only my private posting key. :)

I still wonder then where and when we use the master password?

Very good explanation. Thanks a lot.

Amazing technology.

Excellent article, I had no idea. Following and resteemed again. X

Ini jelas merupakan fitur praktis yang perlu diketahui. Saya mulai menggunakan kunci untuk mengeposkan hanya di perangkat seluler saya untuk keamanan tambahan. Hal ini memungkinkan saya untuk melihat, upvote, komentar dan posting, tapi Anda tidak dapat melakukan hal lain. Perangkat saya aman dengan kata sandi tentunya, namun tetap merupakan ide bagus untuk berhati-hati jika ada orang yang memegang perangkat Anda sebelum kata sandi Anda diperlukan kembali.

Hi noisy, I really need your Help. Somebody has stolen my profile picture and is using it for him self. I wrote an article about to reach out to the community who can help me. Could you please take a look and maybe you have a good idea how I can stop this user from using my profile image. https://steemit.com/blog/@masterthematrix/my-account-profile-was-stolen-please-help-me

Anyone know when we'll be able to send messages to other steemit users using public/private key encryption?

Thanks for all your great efforts in security!
I have not sorted all of this yet, can you point this red fish newb to a tutorial of do's and don'ts with the passwords, private keys, wallets, etc. and finally how to recover if I already committed some don'ts before I knew better.

Again, if you posted or know a post with that info for newbs then a link would be extremely appreciated - thank you for being here!

May be it's a bit of off topic, but may be you can give some advises about how to secure steemit password?

There are 2 pages
Pages