Generating and Managing User Private Keys

It is critical for users' private keys to be kept secure. While we are able to freeze and restore users with new addresses in case of security crisis or fraud, this is by no means a desirable situation; too many private key hacks and your application could be at risk for having production access revoked or diminished.

The private key layer must be better left concealed from users there for applications will need to generate private keys for each of their users.

Use HD (hierarchical deterministic) wallets if you are managing users' private keys.

  
wallet = sila.generateWallet()
from silasdk import EthWallet

EthWallet.create("provide some entropy for randomness")
// Generate wallet
$wallet = $client->generateWallet();
echo $wallet->getAddress(); // Wallet public address
echo $wallet->getPrivateKey(); // Wallet private key
// Generate wallet
Wallet wallet = api.generateWallet();
System.out.println(wallet.getBlockChainAddress()); // Wallet public address
System.out.println(wallet.getPrivateKey()); // Wallet private key
// Generate wallet
var wallet = api.GenerateWallet();
Console.WriteLine(wallet.Address); // Wallet public address
Console.WriteLine(wallet.PrivateKey); // Wallet private key

Private keys should be maintained in a Key Management Service platform to prevent loss or theft. For example, Amazon KMS, Google Cloud Key Management or Very Good Security, Vault by Hashicorp, meet Sila's security requirements for this purpose.

Private keys should never be transmitted over any network. Private keys can be generated by your application, or you may wish for your users to generate their own private keys and store them on a local device i.e. local storage on a mobile phone, or offline i.e. cold storage.

If you suffer a data loss or security breach, then immediately contact [email protected] for further instructions.

📘

App private/public key pairs

Unlike User private key the App private/public key is generated in the Console.
When you created your App Sila only stored the public key therefore if your App private/public key is lost or becomes compromised you need to immediately generate a new App private/public key pair in the Developer Console by clicking on the generate button next to the ETH address.

Refer to the Register Your Application docs for more details of where to find this in the Console.


Did this page help you?