The owner of a private key holding a blockchain asset determines the ownership of that asset. These private keys (also known as a wallet) can technically be stored in many ways: on your computer, on a USB stick or dedicated hardware wallet, or even an old-fashioned piece of paper. However, it is not uncommon to forget where users put these or throw them away without realising their significance.
Securely managing and storing private keys is complex, even for the blockchain enthusiast. Losing your private key is one of the most damaging situations that can happen. Horror stories are well documented. Many wallets and solutions use 'seed phrases' (a long sequence of words), in order to allow the user to regenerate their private keys. Unfortunately, these seed phrases are subject to the same secure handling and storage challenges faced by private keys.
Most of the time, you can do nothing when your users lose private keys or seeds, but with an advanced and unique Key Management System (KMS), Upvest can help relieve the pain, and make blockchain use accessible to a much wider range of users.
The Upvest KMS securely manages users' cryptographic keys and transaction operations, while removing the burden for the user to create, handle, store, and backup their keys, which can be easily lost or stolen.
But how does it work? Using Upvest, end-users are able to manage their digital assets with just a username and password (a well understood and accepted paradigm), abstracting the complexity of securely handling and storing private keys and seed phrases.
In the background, all operations involving private keys are executed within the Upvest Enclave, a specialised cryptographic engine, and private keys are securely stored at rest using a process involving multiple encryption layers and Hardware Security Modules (HSM). As a result, neither Upvest nor the Upvest customer is able to access the user's private keys or initiate transactions without the user's involvement.
Upvest Recovery Kit
In case the user forgets their password, there's the option to perform a password reset and recover their account, using their unique Recovery Kit.
You can create wallets (public/private keypairs) for a user while creating the user or anytime afterwards on their behalf, with specifying the Asset ID that the wallet should hold. The KMS then stores the private key encrypted with a key securely derived from the user's password. You can find the reference for user creation here and the one for wallet creation here
One account, many wallets
A single user account can provide access to any number of blockchain wallets.
The Offboarding endpoint allows end-users to take full control and ownership of their private keys, and so to speak, “offboard” them from the Upvest platform. In order to do so, just send a POST request to the
/offboard endpoint with the password of the user. This will return a zip file containing encrypted Ethereum keystore files in the response. These keystore files are encrypted with the user’s account password.
Due to the fact that Upvest uses a larger cipher keylength than that used by the mainstream Ethereum keystore format (256 vs. 128 bits), offboarded Upvest keystore files are not currently compatible with other wallet solutions. However, we provide a conversion tool (please email: firstname.lastname@example.org), which will take an Upvest keystore file and output a keystore file compatible with third-party Ethereum wallets solutions. We plan to modify the Offboarding endpoint to return keystore files compatible with third-party wallets by default.
When a user has been offboarded from the Upvest platform, their wallets are no longer accessible through the Upvest APIs. This is because Upvest cannot provide assurance around the security of keys, which are no longer within the secure architecture of our platform
Updated 2 months ago