In my previous post, I made an introduction to this topic:

• What is the difference between a password and a private key(s) on Steemit and how to make your account more secure, by using them correctly.

If you didn't read it, you should do so before reading this article, to make sure, that you understand the role of public and private keys on Steem. Here we are going to explore how all of this works... and to be honest, I am really excited, that I am writing post about it :)

Cryptography of public and private keys - Look how simple it is! :)

In a certain way, you generate a pair of keys (key A, and key B), which will have properties, that:

• everything encrypted with key A, can be only decrypted with key B
• everything encrypted with key B, can be only decrypted with key A

For convenience, you do not refer to them by A/B names, but you treat one of this key as a public key, and the second one as a private key:

_{Fragment of: Public Key Cryptography - Computerphile}

To use system like this, you want to make sure, that:

• you are the only person with access to your private key
• everyone can easily find your corresponding public key

Where my public and private keys from Steem are stored?

Public Keys

Public keys of every user are kept in the Steem blockchain. You can find your public keys on https://steemit.com/@<your_login>/permissions. Those are mine public keys, and I am not afraid showing you this, because those are my public keys :)

If you would like to find out, what are public keys of Ned Scott (CEO of Steemit Inc.), then you can use another website which shows more details from Steem blockchain: http://steemd.com/@ned

Private Keys

You should know, that:

Steemit does not store your private keys on any server.
Steem blockchain does not store your private keys either.

But at the same time, that is true, that you can find your private keys on https://steemit.com/@<your_login>/permissions. So how this works?

For now, just please remember that your keys are generated from your password on the fly every time you provide it, and some of them are stored in localstorage of your browser. One of my next articles will go into details how this is done.

Let's go back to the topic

Two cases where Pair Of Keys can be extremely useful

Public and Private keys can be used in two scenarios:

Encryption

You can encrypt a message, with mine public key, and send this encrypted message to me. Because only I know my private key, only I will be able to decrypt the message.

Right now there is no private messaging feature on Steemit, but encryption of such communication can be done with exactly this mechanism.

Signing

You can encrypt some message (like a transaction), with your private key, and every person who has access to your public keys (so basically everyone...) will have certainty, that only person who poses your private key (hopefully that's only you) could encrypt (authorize) this message.

To make a life of people easier, probably you would publish two messages:

• original message
• encrypted version of original message (which could be treated as your digital signature)

Everyone who would like to verify you identity could then try to decrypt your encrypted version of original message with you public key... and check whether this will produce exactly the same message like original, which you also published.

Summary

Of course, I simplified few things, but the whole concept is described pretty well. I needed to write this article to make a background for my next article, where we will go even deeper :)

Right now we know that without revealing your private keys, everyone can check that you possess your private key, and therefore a transaction/post/comment made by you and signed by your private can be validated by everyone, especially by the witnesses which add valid transactions to each block of Steem blockchain.

Because on Steem you have 4 pair of keys (posting, active, owner, memo), witnesses can validate, that particular transaction broadcasted by your browser was signed by a proper key.

I hope that after my last article, you do not use your Master Password anymore, and you use on Steemit only your private posting key (as it was described why and how to do it).

---

This article belongs to series of articles which describes security on Steemit:

1. What is the difference between a password and a private key(s) on Steemit? How to make your account more secure, by using them correctly.
2. Public and Private Keys - how they are used by Steem, making all of these possible? (this article)
3. Public and Private Keys - how they are working under the hood
4. How passwords are stored by Steemit in your browser, and why it is secure.
5. How to set own password, which is not generated by Steemit
6. How to setup multisig/multiple authorities for your account
7. ...

Make sure to follow my account, if you don't want to miss any of these :)