Private key management
Protecting a user’s private keys comes with no less responsibility than safeguarding their bank accounts. That puts private key management at the center of all bitcoin application design considerations. It also presents a problem: if your application is not secure enough, you risk losing the user’s funds. But if it’s not convenient enough, you risk losing the user.
This chapter is an overview of private key management schemes, including descriptions of available approaches, advice, and best practices. After this chapter, you should be able to choose a solution suited to your users.
Overview
Get to know the most common bitcoin private key management schemes, then follow our guidelines to pick the right one for your users.
Automatic cloud backup
A single key is stored locally on the device. No user action is required for backup.
Manual backup
A single key is stored locally on the device. User action is required for backup with a recovery phrase.
External signers
Private keys that are not stored on the same device as the wallet application.
Multi-key
A wallet that is managed by multiple independent keys, of which at least one is stored on a separate device from the wallet application. The keys can be owned by one person, or several people in a shared setup.