One of the most important concepts in web3 technology is self-custody. It means you and only you hold the power to access your digital assets as well as restore your wallets if they are ever lost.
This is incredibly powerful for freedom, but it also comes at a price: there is no customer service and there is no lost & found.
If you lose your keys, you will lose access to your account and the assets in it.
So I'd like to share some information as to what your keys are and a couple of recommendations on how to keep them safe.
Let's start with what they are.
What are HIVE keys?
On the HIVE blockchain, the private key-public key pair is a fundamental part of its cryptographic security system, enabling users to securely manage their accounts, sign transactions, and prove ownership.
The Private key is a secret, randomly generated string of characters (essentially a long, unique password) that you must keep confidential. It’s like the key to your digital safe.
while the public key is derived mathematically from the private key and can be shared publicly. It’s like the address of your safe that others can use to send you assets or verify your actions.
The relationship between the two is one-way: the private key generates the public key, but you cannot reverse-engineer the private key from the public key (thanks to complex math involving elliptic curve cryptography).
Now, instead of providing users with only one key pair, Hive takes security a step further with a hierarchical key system with different levels of authority for each account. Each level has its own private-public key pair, and these keys are used to sign transactions or authorize actions.
Here they are, with the first one being the most sensitive:
Owner Key: The "master key" with full control over the account. It can change all other keys and recover the account if compromised. You rarely use this key for security reasons.
Active Key: Used for financial transactions (e.g., transferring HIVE tokens, powering up/down) and some account management tasks.
Posting Key: Used for social actions like posting, commenting, and voting on content.
Memo Key: Used to encrypt and decrypt private memos (messages) attached to transactions.
Each of these has its own private-public key pair. For example:
Private Posting Key → Signs a post or vote.
Public Posting Key → Verifies that the action came from you.
When you create a HIVE account, the blockchain generates these key pairs for you (or you can generate them yourself using tools like @keychain). The public keys are linked to your account name (e.g., @alex-rourke) and stored on the blockchain, while you keep the private keys.
To perform an action (e.g., send HIVE or upvote a post), your wallet uses the appropriate private key to create a digital signature. This signature proves you authorized the action without revealing the private key itself.
The HIVE network uses your public key to verify the signature. If it matches, the transaction is valid and gets processed.
Let's look at an example:
Let’s say you want to upvote a post by @alex-rourke (I'm a marketing guy, lol):
- You log into a HIVE frontend (like PeakD) with your posting private key.
- You click "upvote," and your wallet signs the transaction with your private posting key.
- The signed transaction is broadcast to the HIVE blockchain.
- Nodes on the network use your public posting key (tied to your account) to verify the signature.
- If valid, the upvote is recorded.
How to keep your HIVE keys safe
As you might have seen in another video I made on how to use Trust Wallet, I'm a firm believer that you should not keep your keys stored on your computer. As soon as you receive your keys, you should make two copies:
One digital copy on a cold device (one that is not connected to the internet). I use a text file on a simple USB stick like this one and keep it in a fire-proof safe.
Another copy should be in a different location, ideally in a non-digital format like good old pen and paper.
Account recovery on HIVE
There is another important feature you should absolutely take advantage of as early as possible, it's called account recovery. This is super important in case your account is compromised by a malicious actor. If you're using a front end like @peakd, you can set your recovery account by going to your wallet and clicking on "account actions"...
Followed by "Keys and permissions" and finally "Recovery Account"
Make sure this recovery account is someone you know personally and trust to verify that your account was compromised and they can validate that you want to "recover" the account and
they are unlikely to also be compromised at the same time.
You will need to alert them if your account is compromised and ask them to recover your account here: https://hivetasks.com/account-recovery
You will then be able to change the password here: https://hivetasks.com/change-passwordand get your account back.
To understand asymmetric encryption, I used this video
Explanation on Elliptic Curve Cryptography watch this video.
Reference for graphics: The math in public key cryptography in simple words
Worth reading! As a new hiver, it's important to be aware of these things. Thanks for sharing!
Hive keys are much more sophisticated than a regular password. It's important to know how they work, how to keep them safe, and what to do if they are every compromised.
Very informative. Thank you for sharing. I have a question though, what if you lost your hive keys? Is there a way of getting your account back?
If you have your master password, you can generate new keys with this tool: https://hivetasks.com/key-generator.
A super useful way of storing your keys is @keychain. They will remain encrypted on your device and you can export them if you need to .
People forget or underestimate how easily passwords can be obtained. I have seen very old users here have their accounts stolen or scammed. It doesn't matter how experienced you are. I write down my passwords on a piece of paper and keep them in a very safe place.
By the way, your recovery account is also very important. Don't forget to check it. You can check it on https://hiveblocks.com/.
Yes! added a new bit about account recovery to this post. Thanks for bringing that up.
You are welcome man, it's one of the urgent thing on Hive. Especially for old accounts recovery account is Ocdb or appreciator which you might not contact easily
A must Read blog for newbies on hive. I had to go through tough time to understand it better and all thanks to my mentor who tried explaining it well.
This blog is like a Bible for newbies and thanks to you for sharing it. Re-blogged.
Nice and useful post especcially for new users
Great job
@tipu curate
Thanks! I'm sure lots of new users want to know more about these things, so I decided to write about keys today. The more we can help newbies out, the more likely they are to stay and bring more friends.
I think we have a responsibility to share knowledge.
Upvoted 👌 (Mana: 17/47) Liquid rewards.
I have a copy of my keys offline, it felt really crazy when I was doing it a few years back, but I value my account enough to have my keys stashed away from the internet, just in case.
I think there's really nothing hard understanding how Hive keys works, and your explanation makes it simpler.
I don't agree we don't get enough onboarding because of allegedly complex stuffs as keys. Web2 is not web3 and certainly we needed compromise security for anything less
This is so right. Having asymmetric encryption is a feature, not a bug. It just takes slightly more complex mechanisms like public/private key pairs. The fact that HIVE has different key pairs with increasing levels of authority only highlights the importance core devs placed on developing tools for users to keep our information safe.
Self-custody is a different beast than the 4 digit passcode used to unlock your phone.
Exactly, I hope people will understand that his. I've been getting the argument that perhaps we should get ride of the complex key system for something simpler like what we have on Facebook. I don't think these guys understand the concept of self custody, and maintaining complex security mechanisms.
I think one day, people will get to understand this.
There was even a time when I almost lost all my keys
Then, I remembered that I jokingly wrote it somewhere and that’s how I was able to gain access to my account again…
I keep two copies of my keys. Both offline. I also import my posting, active and memo key into Keychain, so I can always download a copy of those at any time.
A very good one!
I also learned a lot in the process of writing this up. Writing helps helps understand ideas more clearly.
I love the complexity of Hive keys, I can imagine company accounts managed thanks to them.
On the other hand, most people are used to simple "mail&password" accounts from web2 social networks, and might feel overwhelmed with this settings :/
i have always worried about the reverse-generating but thanks to the "Elliptic Curve Cryptography" i guess!, also one can b worried about the ability of cracking current encryption with the development of quantum computers!. great post- have a good day
I'm tired of losing my main keys to access @wlffreitas , I always end up creating another account and when I least expect it, I find it in some file in the cloud in an account that I didn't even remember creating. I like ecency because it sends your Master Password to your email, so you can just leave it there. Although it's not as secure.
Theres no worki ng memo key anymore
Tell me the last time anyone used it
Hive blog front end doesnt work with jt anymore. U used to be ablw to use it to login and see private messages in wallet history not anymore
I just sent you an encrypted memo:
You can decrypt it with Keychain if you've imported your memo key.
Tested the decryption. Forks fine.
Keeping keys on paper might sound like old school to some but I completely agree, it just works. I do the same because USB sticks can fail, but paper won’t crash. A very good tip about the fire proof safe too thanks for this man, I'll be secured on multiple levels haha
Low-tech can be resilient to hacks, so it's important to implement it. Glad you found it helpful.
Thanks for your 1% votes on my content.
you're welcome, I'm addicted to voting and I've been advised to either stop or reduce till it can grow enough to give more our 🤣.. you know what fk it I'll adjust to 100 now, what can happen should happen 🤣🤣🤣
You were advised to stop voting or reducing to 1%?
I don't know where you're getting advice from, friend, but here's some advice:
1% votes from an account that has 197 HP don't even make it past the dust threshold. This means:
a) They don't generate anything for the author or the curator
b) They signal that you really don't think much of the value of the piece.
I'd recommend getting some skin in the game and purchasing some very cheap HIVE which is currently at $0.20. Then you can curate and generate some value for you and the authors you curate.
oh wow, dust threshold, now learning about it, I've adjusted anyways so 👍
Congratulations @alex-rourke! You have completed the following achievement on the Hive blockchain And have been rewarded with New badge(s)
Your next payout target is 15000 HP.
The unit is Hive Power equivalent because post and comment rewards can be split into HP and HBD
You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word
STOPCheck out our last posts:
Thanks for this full insight full post. Really useful for newbies like me.