Bitcoin users are used to seeing alpha numeric strings of data on the blockchain all the time. These strings represent public addresses and transaction hashes for example, but where are the private keys?
More importantly, what are these private keys a lot of experts talk about but cannot be seen? At its core, a Bitcoin private key is a number. That number is associated with a public address and it is used to sign a transaction, but this is just the tip of this cryptographic iceberg. Here is everything you need to know about Bitcoin private keys, how they work, where you can find them and how to protect them.
What is a Bitcoin Private Key?
A Bitcoin private key is a secret number that allows the user to spend or control their Bitcoins. It is stored inside your Bitcoin wallet.
Basic Characteristics of a Bitcoin Private Key
Bitcoin private keys are secret numbers. They are always paired with a certain public address, which is what our Bitcoin balances are referenced to on the blockchain. Whomever knows this secret number, can sign a message or transaction from its corresponding Bitcoin address. This is the reason why most users never see their private keys. Wallets have mechanisms to hide those keys.
Nevertheless, if you were to see a Bitcoin private key on your screen or a piece of paper at any point, this is what you should expect to see:
- A 256-bit number in hexadecimal
- This means an alpha numeric – that is a line containing numbers and letters – string of 64 characters
- The numbers on that string will range from 0 to 9; letters will range from A to F – hence hexadecimal, or a number based on the combination of 10 different digits and the first 6 letters of the English alphabet
Why can’t I See my Private Key but I can Still Use it?
Given the nature and sensibility of Bitcoin private keys, you might never see one, even if you make millions of transactions. But how is this even possible if you can actually use the private key to sign a transaction? The best explanation is that most of the wallets we use nowadays are the result of BIP32 and BIP39 – BIP meaning Bitcoin Improvement Proposal.
- BIP32 allows a wallet to generate multiple public addresses and corresponding private keys without requiring periodic backups, using elliptic curve mathematics, which allow computers to calculate public keys without revealing private ones.
- BIP39 allows a wallet to create multiple public addresses with their corresponding private keys from a seed
This means that if you can see your 12 or 24-word seed, you are actually looking at the source of your private keys. Therefore, these seeds should always be kept in a safe place, away from the eyes of anyone else. This system presents a custodianship problem when it comes to Bitcoin inheritance, but for everyday purposes it is relatively safe and sufficiently resilient for the average Bitcoin user.
Bitcoin Private Keys on Hardware Wallets
Hardware wallets are probably the best example of how the seed system generates Bitcoin private keys automatically while keeping them safe. Devices like Trezor and Ledger generate public addresses for you automatically and require a physical input on the device for you to transact – the pin is actually optional although highly recommended. They place a few more layers of security on your Bitcoin funds also by displaying the public addresses they generate on the device’s screen to help prevent man in the middle attacks. Everything these hardware wallets do, from Bitcoin private and public key generation to the ability to sign messages from specific addresses, is based on the 24-word seed you get from the device when you are setting it up. Therefore, the Achilles heel of these devices is arguably that piece of paper you used to write those words on.
Protecting What you Can’t See
If access to the seed grants you access to your Bitcoin private keys, then how can you afford to keep them written on a piece of paper? The short answer to that is that you should use a superior mechanism to keep your seed safe if you can. Cryptosteel products for example, give you added protection for your seed. They protect it from hazards like fire or flooding and make it more difficult to use the seed for anyone who comes across it. So, if you have a pin-protected hardware wallet, and you use Cryptosteel or any similar mechanism to keep your seed safe, your Bitcoin private keys are reasonably well protected, even if you can never see them.
Knowledge is Power!
Now that you know the basics about Bitcoin private keys, you will be able to become a more sophisticated as well as a safer Bitcoin user. Just remember, whomever has those Bitcoin private keys, has the coins. Make sure you control those at all times – yes, that means getting your coins off exchanges – or at least limit or hedge your exposure to third parties if you are trading. Keep your private keys – and seeds – safe and enjoy transacting with Bitcoin!