The owner of a private key holding a blockchain asset determines the ownership of that asset. These private keys (also known as a wallet) can technically be stored in many ways: on your computer, on a USB stick or dedicated hardware wallet, or even an old-fashioned piece of paper. However, it is not uncommon to forget where users put these or throw them away without realizing their significance.
Securely managing and storing private keys is complex, even for the blockchain enthusiast. Losing your private key is one of the most damaging situations that can happen. Horror stories are well documented. Many wallets and solutions use 'seed phrases' (a long sequence of words), in order to allow the user to regenerate their private keys. Unfortunately, these seed phrases are subject to the same secure handling and storage challenges faced by private keys.
Most of the time, you can do nothing when your users lose private keys or seeds, but with an advanced and unique Key Management System (KMS), Upvest can help relieve the pain, and make blockchain use accessible to a much wider range of users.
The Upvest KMS securely manages users' cryptographic keys and transaction operations, while removing the burden for the user to create, handle, store, and backup their keys, which can be easily lost or stolen.
But how does it work? Using Upvest, end-users are able to manage their digital assets with just a username and password (a well understood and accepted paradigm), abstracting the complexity of securely handling and storing private keys and seed phrases.
In the background, all operations involving private keys are executed within the Upvest Enclave, a specialised cryptographic engine, and private keys are securely stored at rest using a process involving multiple encryption layers and Hardware Security Modules (HSM).
You can create wallets (public/private keypairs) for a user while creating the user or anytime afterward on their behalf, with specifying the Asset ID that the wallet should hold. The KMS then stores the private key encrypted with a key securely derived from the user's password. You can find the reference for user creation here and the one for wallet creation here
One account, many wallets
A single user account can provide access to any number of blockchain wallets.
The Offboarding endpoint allows private keys to be retrieve from the Upvest KMS, effectively permanently offboard them from the Upvest platform. Making a request to the endpoint will return a JSON response that contains all encrypted wallets that user owns, for both Bitcoin and Ethereum, and includes a zip file containing all of these for convenience. All private keys are offboarded encrypted with the user account password.
Ethereum wallets are individually offboarded as encrypted Keystore files (JSON-formatted text files). These can be imported into any wallet software that supports this format, including Binance's Trust wallet, Metamask and MyEtherWallet.
Bitcoin wallets are individually offboarded in encrypted BIP38 format. This is commonly represented as a QR code (in both SVG and PNG formats, to facilitate importing into other wallet software), however we also output the raw encrypted private key in text format. These can be imported into any wallet software that supports this format, including Coinomi, Bitcoin.com Wallet or even bitcoinpaperwallet.com and bitaddress.org.
Upvest makes no assurances of the security of third party wallet providers. Use these at your own risk! Although encrypted, offboarded wallet files are subject to discovery and compromise if left unprotected on the end user's machine or if the user's password is weak.
When a user account has been offboarded from the Upvest platform, their wallets are no longer accessible through the Upvest APIs. This is because Upvest cannot provide assurance around the security of keys, which are no longer within the secure architecture of our platform
Updated about a month ago