Developer Documentation

Appearance

Key Management

Your crypto keys are the gateway to your digital assets and your cryptographic identity on the blockchain; losing them means losing access to all owned assets and on-chain identity.

Here's how we handle keys:

Key Generation Process

  • Mnemonic Phrase

    • Description: A mnemonic phrase is a sequence of easily recognizable words that simplifies the backup and recovery process of cryptographic keys.
    • Usage: Generate your unique mnemonic using any offline key generation utility/wallet, or take advantage of our built-in tooling for secure and effortless key generation.

  • Master Keys Generation

    • Purpose: Converts the mnemonic phrase into a cryptographic master keys.
    • Description: The mnemonic phrase is processed to produce a master keys.
    • This serves as your primary on-chain identity, and the address generated from this is your primary account.

  • Ethereum Keys:

    • Private Key:
      • A secret key that allows to sign transactions on the network.
    • Public Key:
      • This key is shared with others to verify the transactions. It’s like a public identity on the network and used derive the cosmos and ethereum addresses.
    • Address:
      • The public-facing address on the network to perform transactions, where user can send and receive funds.
    • Extended Public Key (xPubKey):
      • A special version of the public key that can generate more keys. It’s useful for managing multiple accounts or addresses from a single starting point.

Keys Storage

How you store your keys is essential to securing your identity and assets on the chain.

Your keys are stored as the original mnemonic, And can be held in:

Hashicorp Vault With Skuchain's Plugin

Skuchain leverages HashiCorp Vault that provides secure storage and access control for sensitive data such as private keys (mnemonic) to enhance security for blockchain operations and provides tooling for host organizations to set up their own vaults.

A key security feature of this implementation is that mnemonics stored in the vault can never be read directly. They can only be utilized for signing operations within the vault itself, means that the mnemonic never leaves the vault. This significantly enhances security by ensuring that this sensitive cryptographic material remains protected at all times, providing organizations with the assurance that their critical secrets remain securely contained within the vault.

Skuchain Vault Plugin

The Skuchain Vault Plugin is an advanced extension to HashiCorp Vault, designed to meet the specific requirements of blockchain operations.

This plugin introduces a new secrets engine and extends vault's functionality to provide secure management of mnemonics and signing capabilities for various blockchain transactions.

The Skuchain Vault plugin handles mnemonics with the following considerations:

  • Mnemonics are securely stored within Vault using encryption.
  • Each mnemonic is associated with a unique path combining organization name and user name.
  • The storage system is designed to protect mnemonics from unauthorized access.

Key Operations and Algorithms

Security Measures

  • The tooling configures Vault to ensure mnemonics cannot be moved out of it.
  • Access to stored mnemonics is strictly controlled through proper vault configuration and policies.
  • Signatures are generated within Vault, enhancing security by keeping sensitive data protected.
  • The plugin is registered with a SHA256 checksum, ensuring its integrity.

These measures ensure that sensitive cryptographic material remains protected at all times, while providing the necessary functionality for blockchain operations.

TIP

While Skuchain's implementation with Hashicorp Vault is a great option for storing your keys, You can always use your own way to store them using offline hardware security modules.

Here is another option to store and handle your keys: AWS.