All articles

Public & Private Keys

We are all familiar with the phrase "not your keys, not you coins," but what does that really mean?

Public and private keys play a fundamental role in securing your cryptocurrency assets when using a Trezor hardware wallet. This article will help you understand the concepts of public and private keys, their importance in the world of cryptocurrencies, and how they work with your Trezor hardware wallet.

 
"you only own bitcoin if you alone hold the private keys" -- Trezor blog
 

Imagine cryptographic keys as unique, long codes that work together as digital locks and keys. Every user on the blockchain network has a pair of keys:
 

Private Keys:

  • A private key is a unique and secret alphanumeric code that grants access to your cryptocurrency assets.
  • It serves as a digital signature when authorizing transactions, proving your ownership of the assets.
  • Private keys are used to decrypt transaction data and authorize outgoing transactions.
  • Keeping your private key confidential is vital; if someone gains access to it, they can control your cryptocurrency assets.
 
Be careful! If you share your keys with someone else - or even if you trust a custodial exchange to hold them for you - your funds may be taken at any time.
 

Public Keys:

  • A public key is derived from a private key through a cryptographic process.
  • It serves as a digital address that you can share with others to receive cryptocurrency transactions.
  • Public keys are used to encrypt transaction data, ensuring that only the intended recipient can access it.
  • Since public keys do not reveal sensitive information, they can be safely shared with others.
 
Anyone can send funds to a public key address, but only the private key holder can send money from the address.
 

The role of public and private keys with Trezor

Public and private keys are essential in maintaining the security and integrity of cryptocurrency transactions. They work together to ensure that only the rightful owner of the assets can access and authorize transactions, without revealing sensitive information. This makes it extremely difficult for unauthorized parties to gain control of your cryptocurrency assets.


Secure key generation

Trezor wallets generate private keys using a secure hardware random number generator. This process is isolated and offline, ensuring that your keys never leave your Trezor device. The private keys are then used to generate public keys through complex mathematical operations, creating a matched pair.
 

Offline key storage

Your Trezor hardware wallet stores your private keys offline, which protects them from potential hacks or unauthorized access. By keeping your keys in a secure, offline environment, you can minimize the risk of losing your funds.
 

Recovery seed and passphrase

During the setup process of your Trezor wallet, you will be prompted to write down a recovery seed, which is a list of words that serves as a backup of your private keys. In addition to the recovery seed, you can also set an optional passphrase for added security. These measures enable you to restore your wallet and access your funds if your Trezor device is lost, damaged, or stolen.
 

Transaction signing and verification

When you initiate a transaction, your Trezor wallet uses your private key to create a digital signature. This signature is then verified using your public key, proving that you are the rightful owner of the funds associated with the transaction.
 

 

Hardware wallets like the Trezor Model One and Model T are primarily used for storing your keys, but can also be used for other purposes e.g. a security token for 2-Factor Authentication.
 

Although the keys are related, it is not computationally feasible to deduce a private key from a public key - this is why public keys may be shared.
 

Together, the public key and private key ensure the security of the cryptocurrency ecosystem.


By understanding the role of public and private keys with your Trezor hardware wallet, you can enhance the security of your cryptocurrency assets and protect them from unauthorized access.