The terms “public keys” and “private keys” are everyday parts of cryptocurrency discourse. However, these concepts can be quite alienating for both new investors and experienced traders who are yet to familiarize themselves with best practices for storing cryptocurrencies—after all, these aren't exactly like the keys to your house or car.
But it's important to know the difference between a public key and a private key, as navigating these terms will help you keep your funds secure. Above all else, keeping your private key safe mitigates your risk of falling victim to theft or losing access to your digital assets.
So what is a public key, and what is a private key? This article will provide some quick, to-the-point explanations that should remove some of the complexity that surrounds these terms.
What is a public key?
In the context of cryptocurrencies, a public key is just a way of identifying a place where digital assets are being held. In this sense, a public key is actually quite similar to an account number at a bank. For instance, if someone wants to send you bitcoin, they would need to know your public key or wallet address to ensure that the funds end up in the right place.
When you create a cryptocurrency wallet, a private key and public key pair is usually generated for you. A public key is a string of up to 34 alphanumeric characters that are calculated from your private key through a complex mathematical equation. Since there is currently no way to reverse this process and derive your private key from your public key, you can safely share your public key with anyone. Your paired private key, on the other hand, should never be shared.
What is a private key?
A private key is a unique 256-bit number that gives you complete access to a cryptocurrency wallet. It is essentially the network’s way of identifying you as the owner of a place where digital assets are held. To continue the analogy with traditional banking, if your public key is your bank account, your private key is like your signature on a check.
Here’s an example of a Bitcoin private key: E9873D79C6D87DC0FB6A5778633389_SAMPLE_PRIVATE_KEY_DO_NOT_IMPORT_F4453213303DA61F20BD67FC233AA33262
If you know a private key, you have complete control over the wallet that it correlates with—kind of an all-access pass that grants complete control over a cryptocurrency wallet and everything it contains. This means that anyone who knows your private key can freely spend your cryptocurrency.
Letting someone else know your private key is equivalent to giving them your online banking password or the key to the front door of your house. You should be careful not to lose it and you should never, ever share it. Luckily, keeping your private key secure is relatively easy as long as you take the right precautions — as we’ll explain shortly,
How do wallets and keys work together?
Your cryptocurrency wallet is a piece of software or physical device that contains keys and lets you manage your cryptocurrencies. If someone wants to send digital assets to you, they’ll need to know your wallet address. This address is actually just a hashed, or encrypted, version of your public key, or a version of your public key that you can give out to anyone who you want to trade with. You can have as many addresses as you like, since they are all related to the same public key.
Wallet addresses are an additional step removed from your public key, and are incredibly safe to give out to anyone. There also is currently no apparent harm in sharing your public key, though some worry that future technology could one day allow bad actors to use a public key to determine its paired private key. This has never happened, but it could be a potential risk in the future. Regardless, your private key should never be shared.
For more information on cryptocurrency wallets, and how to find the best Bitcoin wallet, check out Invity's complete guide.
How to make sure your keys stay safe
In the same way that knowing a private key gives you complete control over the funds in a wallet, losing or forgetting a private key often means that you have no way of recovering your cryptocurrency holdings. For instance, the New York Times recently reported that a programmer lost the password to a device that stores the only backup of his forgotten private key and is currently unable to recover his digital assets.
He has just two guesses left to figure out his password before the contents of the device—including his private key to 7,002 bitcoin—are permanently and unrecoverably encrypted. At the time of the article’s publication in January 2021, the contents were worth around $220 million USD. CNN reported that someone in England threw away a hard drive that contained his private key, leaving him without access to his 7,500 bitcoins. Thousands of coins are lost each year due to similar stories of improper storage.
On the other end of the spectrum, many people purchase cryptocurrencies online and simply leave their holdings in an online wallet, or "on the exchange". In this scenario, the user usually doesn't have access to their private key at all. Rather, you're simply trusting that an online exchange will take care of coins on your behalf. There have been hundreds of major incidents, such as those reported by CNN and Wired, where hackers targeted online exchanges with lax security and made off with millions of dollars in stolen funds.
To avoid such a nightmare scenario, there's a common saying in the crypto space: "not your keys, not your coins." What this means is that, ideally, you should always have access to your own private keys. To make sure your funds stay yours, it's important to avoid storing your cryptocurrencies online and have a backup of your private key. You can either use a physical backup, such as a recovery seed written down somewhere secure, or a hardware backup that will allow you to access your funds if you misplace the primary device where your private key is stored.
For both new and experienced users, Trezor offers hardware wallets that are not connected to the internet and allow you to securely store your keys and digital assets. When setting up your device, you can also generate a recovery seed, essentially a passcode that allows you to regain access to your funds in another wallet should anything happen to your Trezor.
Regardless of the hardware or software wallet that you decide to use, follow these steps to keep your funds safe:
- Never share your private key with anyone.
- Keep a backup of your private key, but not an online backup.
- Don’t leave your crypto on an exchange. If they’re not your keys, they’re not your coins.
For more simplified cryptocurrency definitions, check out Invity’s glossary of important terms that beginners should know.