The owner of a private key holding a blockchain asset determines the ownership of that asset. These private keys (also known as a wallet) can technically be stored in many ways: on your computer, on a USB stick or dedicated hardware wallet, or even an old-fashioned piece of paper. However, it is not uncommon to forget where users put these or throw them away without realizing their significance.
Securely managing and storing private keys is complex, even for the blockchain enthusiast. Losing your private key is one of the most damaging situations that can happen. Horror stories are well documented. Many wallets and solutions use 'seed phrases' (a long sequence of words), in order to allow the user to regenerate their private keys. Unfortunately, these seed phrases are subject to the same secure handling and storage challenges faced by private keys.
Most of the time, you can do nothing when your users lose private keys or seeds, but with an advanced and unique Key Management System (KMS), Upvest can help relieve the pain, and make blockchain use accessible to a much wider range of users.
The Upvest KMS securely manages users' cryptographic keys and transaction operations, while removing the burden for the user to create, handle, store, and backup their keys, which can be easily lost or stolen.
But how does it work? Using Upvest, end-users are able to manage their digital assets with just a username and password (a well understood and accepted paradigm), abstracting the complexity of securely handling and storing private keys and seed phrases.
In the background, all operations involving private keys are executed within the Upvest Enclave, a specialized cryptographic engine, and private keys are securely stored at rest using a process involving multiple encryption layers and Hardware Security Modules (HSM). As a result, neither Upvest nor the Upvest customer is able to access the user's private keys or initiate transactions without the user's involvement.
Upvest Recovery Kit
In case the user forgets their password, there's the option to perform a password reset and recover their account, using their unique Recovery Kit.
You can create wallets (public/private keypairs) for a user while creating the user or anytime afterward on their behalf, with specifying the Asset ID that the wallet should hold. The KMS then stores the private key encrypted with a key securely derived from the user's password. You can find the reference for user creation here and the one for wallet creation here
One account, many wallets
A single user account can provide access to any number of blockchain wallets.
The Offboarding endpoint allows end-users to take full control and ownership of their private keys, and thus permanently offboard them from the Upvest platform. Making a request to the endpoint will return a JSON response that contains all encrypted wallets that user owns, for both Bitcoin and Ethereum, and includes a zip file containing all of these for convenience. All private keys are offboarded encrypted with the user’s Upvest account password.
Ethereum wallets are individually offboarded as encrypted Keystore files (JSON-formatted text files). These can be imported into any wallet software that supports this format, including Binance's Trust wallet, Metamask and MyEtherWallet.
Bitcoin wallets are individually offboarded in encrypted BIP38 format. This is commonly represented as a QR code (in both SVG and PNG formats, to facilitate importing into other wallet software), however we also output the raw encrypted private key in text format. These can be imported into any wallet software that supports this format, including Coinomi, Bitcoin.com Wallet or even bitcoinpaperwallet.com and bitaddress.org.
Upvest makes no assurances of the security of third party wallet providers. Use these at your own risk! Although encrypted, offboarded wallet files are subject to discovery and compromise if left unprotected on the end user's machine or if the user's password is weak.
When a user has been offboarded from the Upvest platform, their wallets are no longer accessible through the Upvest APIs. This is because Upvest cannot provide assurance around the security of keys, which are no longer within the secure architecture of our platform
Updated 3 months ago