SupportStatusDeveloper Portal

Private Key Management

Suggest Edits

Private Key Management

Venly creates a private and public keypair whenever a Wallet is created. The public key is the wallet address (e.g. 0x123123123) that is openly shareable, allowing anyone to send funds to it.

The private key acts as the "password" to access and control the wallet's funds. It should be kept secure and not shared with anyone to prevent unauthorized access to the wallet and its funds.

Knowing the private key will give you access to all digital assets linked to this wallet. The private key is encrypted with a passphrase and securely stored in our system. The following diagram explains the steps.

Private Key Management

Private Key Management

The private key is first encrypted with a random passphrase. The passphrase is then split into two different shares, using the Shamir Secret Sharing algorithm.

The two shares are explained below.

User-Owned Share

This share refers to the ownership exclusively held by the user. To further enhance security, this share undergoes an extra layer of encryption using a secret chosen by the user (such as the PIN code provided during wallet creation). Following this, the encrypted user-owned share is stored securely in a Key-Vault.

Because of the extra encryption, only the user can access this share. By providing the correct PIN code (or other signing method), the user can decrypt and use the user-owned share and application share, to access the private key.

As a result, the security measures ensure that only the rightful user can decrypt and access the private key, safeguarding the wallet and its funds.

Application Share

A share owned by Venly and securely stored in a Key-Vault. You receive this share along with a Client ID and Client Secret.

Accessing the Private Key

To access the private key, ownership has to be proven of the 2 shares. (User-owned and application share)

The user-owned share (decrypted using the user's PIN code) and the application share are utilized to reconstruct the passphrase and decrypt the private key.

Hereafter the private key can be used to execute the requested functions (e.g. performing a crypto transfer, signing transactions, etc.)

All shares are encrypted and securely stored in a "Vault" (Key Management system).

📘

You can always export the private key of a created wallet if you like (e.g., provide it to the user).

Updated about 2 months ago