Encryption keys are what protects our data here on Steem

in #steem7 years ago (edited)

There seems to be some confusion as to how the Steem blockchain is secured, so I thought I would give a simple introduction into how it works.  If you are not familiar with encryption technology, then Steem may seem rather confusing for you.  

Traditional computer infrastructure used passwords which are like keys that would open a door, with the data sitting inside the room.  The programs and operating systems would then dictate how that data is used based on the settings of that account.  The system administrator determines those rules based on the corporate policies and procedures he / she is using to control access to that data.  The security of the data rests with the guard at the gate to ensure nobody gets past the perimeter to access the data.  Any hole in the perimeter puts the data at risk.  Trust me, there are lots of holes in the perimeter and that is why you hear of so many security issues with computer systems.  

However, the Steem blockchain is very different.  The data is all out in the open, accessible by anybody.  There is no guard at the gate waiting to see if you have the right key to open the door.  You could download the whole entire database if you want.  So how is the data secured?  Encryption.  

Your wallet and capacity to post on the blockchain is controlled by using public and private encryption keys, not passwords.  Public and private encryption technology has been around for years, so how does it work?

Let's assume you wanted to send me a private message.  You would need to send it over a public network that anybody could see.  So how do we keep it private?  Well, if I have a public and private encryption key, I would release the public key to the world and I keep my private key safe and secure.  My eyes only.  You encrypt the message using my public key and the only key that can then decrypt that message is my private key.  Now it is safe for you to send it across any public network as it no longer matters who has a copy of the message.  The chances of them breaking the code is very, very small.  Only a quantum computer would be able to break that code.  (a topic for another post later on)

Well, the Steem blockchain works in a very similar way.  Except it is a bit more complex.  When you first got your account, you were given a master encryption key.  That key allows you to do anything on your account.  You really need to write that code down and store it in a very safe place.  You lose that code, you lose access to your account, including your wallet that stores all your steem and SBD as you have no way of decrypting the data.  If somebody else managed to get access to that code, then they could take over your account, which has happened!  

To be safe, we should be using the other encryption keys that have limited access.  That way if we lose one of those keys, we can easily reset the encryption keys and lock anybody out who managed to get their hands on our private keys.  That is what the master and owner encryption keys are used for.  So we should not be using it for our daily tasks.  There are people out there working hard to get your encryption keys.  Even with due diligence, the best of us slip up.  So it is best that we limit the access we have to our own accounts in the event that somebody tricks us to giving them our private keys.  If somebody got my private posting key, they cannot do any financial transactions or take my account away from me.  That gives me peace of mind and protects myself from errors in judgement and mistakes.

What is neat about this platform is that the system has other keys that allow users to have limit access to the account.  Many groups now share a single account.  By keeping the master key safe, I could give out my private posting key to others to help me post comments or posts.  They don't have access to my wallet, but they can help me with content creation.  I could give another user my active key which allows them to deal with financial transactions, steem delegation and do postings as well.  So now the flexibility becomes interesting as it allows an account to be shared by larger groups of people holding specific responsibilities.  

If you go into your wallet and click on the 'Permissions' option, you will see your public keys.  Everyone has access to these public keys.  They won't be able to see your public keys through the steemit.com web interface, but they can use www.steemd.com to view your the public keys.  


My own public keys.  

To find out what your private keys are, go into your wallet and click on 'Permissions' (left side of the screen).  You will see all your public keys.  To view your private keys, find the small little green buttons to the right of the screen.  Some you can click on to toggle between the public and private key, others require that you log in with your master or owner key to view the private key.  

When you view your private keys, you will notice that a 'print' option shows up in the top right corner of the screen.  Click that button to print off a page with all your private keys.  Make sure you store that document in a safe place.  If you lose your keys, you lose your account and all the hard work you put into your blog and the rewards you received as a result.  

For most of us, we won't have multiple people working on the same account.  As such, I recommend that when you post comments or posts, use your private posting key to log onto your account.  For example, this post was written while I was logged in with my private posting key.  When you want to do any financial transactions, then you will be prompted for your active, owner or master key.  Using the Active key is sufficient to perform those tasks.  It should be a rare case where you would need an owner or master key.  Only use them in the event that you need to reset your encryption keys in the event that the security of your account has been compromised.  

If you think somebody has compromised your account, then break out your master or owner key, log in and change your keys and print out the new keys and keep them in a safe place.  It has been over 10 years since I retired from a 20+ year career in computers as a network administrator and manager.  Please know that the user has always been the weakest link when it comes to security of our data.  We all make mistakes and these steps can help protect you from making a mistake that could end up being very costly to you and your family.  I hope this helps.  

@pfunk wrote a post about 2 years ago about this topic and he has a nice graph to explain what each key can or cannot do.  

https://steemit.com/steemit-guides/@pfunk/a-user-s-guide-to-the-different-steem-keys-or-passwords

Sort:  

Thank you for providing this explanation as well as your suggestions! I will likely have to read this again to gain a better understanding of the topic. This is important information to know and I'm new to these kinds of technical understandings so I really appreciate hearing it from somebody with integrity such as yourself. Thank you!

I have had this up on a tab for days.. Read it several times. Going to try to change to a more secure way to steemit today... I may dm you an SOS... I think I have it though.

Thanks!

I'm sure you will do fine. Let me know if you have troubles.

Great contribution.
Everyone who uses Steemit needs to know the different keys.
Thank you for sharing and keeping the community safe !

One of the better informations I've read about on steemit. I can only say thanks for sharing

great post loads of information sir would you like to post How to send a message privately that nobody can see what we send and whom we send..

Most people use discord to do that. My discord id is @WWF#2870.

You need to log in with your memo key and start your message with an # (space after the hashtag)

Nice. To be clear, if I signed in with my memo key and started this message with a '#', you would be the only one that could see it as it is a reply to your message?

No. It just works with an Memo in a transfer. I thought this is what @xawi means.
The content of the memo is encrypted but everyone can see who it was send to.

Thank you for the clarification. So if I logged in with the memo key, sent you .001SBD and wrote '# hi there security101' in the memo field, nobody would see what I typed as it would be encrypted. I just want to be clear for the other users so that they know how it works.

Yes that’s right !
Of course when doing a transaction from the wallet you need to provide the private active key.