Sharing Private Keys

in #manofcrypto3 months ago (edited)

Hi everyone,

I was looking for a way how to upload a video to Hive, and the first place to go was 3speak (@threespeak). I made an account, wanted to link it to my Hive account, but had to stop it when I was requested to give my Active Private Key.

Why was this a blocking point for me?

First of all, because private keys are not to be shared!

image.png

Why does the 3speak has a need for your private keys?

Hmm... good question!

image.png

On Hive, all the user authentication is based on public & private keys. These are pairs of random numbers, which together with an asymmetric encryption algorithm, have the property that whatever you encrypt with one key, can only be decrypted with the other one. The public key is known by everybody, but the private key is your intimate secret. The result is that whoever wants to tell you a secret, can encrypt it with the public key, send it to everyone (by posting it on a blockchain) but can be on be decrypted by the owner of the corresponding private key.

On Hive these are used to authenticate you as the owner of your posts, to secure your transfers and balance, to transfer encrypted notes, and even to secure the ownership of your account.

Because Hive was designed to enable dApps (decentralized applications), each account was made with different pairs of keys: posting keys for social actions (posting posts commenting and voting), memo keys for encrypting messages (unfortunate not used to full potential), active keys for securing your resources (hive balance, hive power, transfers, claiming accounts, delegating power), and owner keys (used to reset all the other keys). Think on it as an multi - layer security. The idea was that you are sharing your private keys with your preferred dApp (the ones that you trust), but still gives you several layers of control.

As an example, if you are using an specific application to post content on your account (as I do with Actifit), you can only share your Private Posting Key and nothing else. They can post on your behalf, but they will have no access to your balances.

With a multitude of dApps it came also the need to have a a way in which you can share your keys with them. Best would be that this "authority" stays on your computer, stored in a secured way. It stores your private keys and will use them whenever you need to use a specific key in one of hundreds of different applications. This way your private keys will never be stored in any dApp, but provided every time you need to use them in that specific application. And this is exactly what Hive Keychain is doing. You get it as a extension to your browser, you entrust it with your public and private keys, and it will authenticate when you need it.

image.png

Yes, over the years I shared my Posting Private Key with several applications (few games, Actifit, eSteem), but never shared my Active Private Key or my Owner Private Key. Will never do it, and you should not do it as well!

Now coming back to my need to upload videos on Hive. I don't understand why 3speak would like to have access to my Active Private Key, and I will never share it with them. Ok, they might also want to enable people claiming pending rewards, but they should do it by using Hive Keychain.

Does anyone knows if there's any other option to link my Hive account with them? Or any other good alternatives for uploading videos?

Sort:  

Your current Rank (35) in the battle Arena of Holybread has granted you an Upvote of 23%

In order to grant posting authority to another account you need to sign a transaction with your active key. This can be done in your local browser. If 3speak is asking you to input your private key in the website that is not secure. This can easily be done with keychain. Sounds to me that they need to work on that.