Steem Basics: Understanding Private Keys

in #steem4 years ago (edited)

Steem Basics Private Keys v4.jpg

In a previous post we discussed how we are in the process of splitting Condenser (the open source software that powers into two separate applications that will work together seamlessly. One application will handle all the financial functions (wallet) that require a higher level of security, and the other application will handle all the social functions that require a relatively lower level of security. The end result will be two applications that are more secure and optimized for their specific functions.

Private Key Management

This “separation of concerns” is similar in concept to the different types of keys every Steem account holder is given when they create an account. These keys “unlock” different levels of control over an account. One of the advantages of the split will be that it will enable us to create a more intuitive user experience with respect to the use of your keys. For that reason we thought we would take this opportunity to educate any users who are still confused by the private key system on what these keys do and how they can be used safely.

Posting Key

In today’s post we want to focus primarily on the Posting Key and Master Password as these help explain the overall design of Steem’s private key system. Steem’s private keys are “hierarchical” which means that each one enables the key holder to perform a wider variety of activities with the associated account. The “Posting Key” is at the bottom of the hierarchy because it can do the least. It can only be used to perform social activities like posting, commenting, upvoting and downvoting. While these activities are common, they do not require a high level of security, because they do not authorize any operations which can negatively impact token balances.

If you prefer watching to reading, check out this video in which Steemit’s Content Director (@andrarchy) explains Steem’s Private Key system:

Screen Shot 2019-02-20 at 1.55.11 PM.png

To retrieve your Posting Key, go to the permissions tab inside your Steemit wallet. Your public Posting Key will be at the top of the page and alongside it you will see a button that says “SHOW PRIVATE KEY.” When you click on that button you will be prompted to input your Active Key or Master Password. Once you do so, your private Posting Key will be displayed. At this point you might want to consider saving this key to a password manager like LastPass or Dashlane for safe storage.

Permissions v2.png

A user’s keys are vulnerable any time they are entered into an application. A malicious actor could create a fake interface at a domain that is a common misspelling of and that requests you input your private keys (phishing). A malicious browser plugin can also gain access to keys stored in your computer’s memory or your web browser’s cookies. Having a Posting Key ensures that the key that is used the most–and is therefore most likely to be acquired by a malicious actor–conveys the least authority. Even if a hacker does get this key, the only things they can do with the account are the social activities (as opposed to financial).

Key Hierarchy v2.jpg

Because the Posting Key has the fewest authorities, there is no harm in always attempting to use the Posting Key if you are not confident about which key should be used. In other words, if all of this sounds confusing, all you need to remember is that the safest option is to only use your Posting Key. If a key with higher authority is required to perform the action, you will be informed by the interface that the Posting Key is insufficient and that another key is required.

In the vast majority of such cases, you will then use your Active Key. But remember to be more cautious in those circumstances. That being said, the Posting Key can certainly be abused too, so users should always be vigilant. We will continue to release posts like this to educate users about how they can protect themselves within the Steem ecosystem.

Master Password

While a hacker acquiring a Posting Key might be unpleasant for the account holder, as long as the rightful account owner still has their Master Password (or their Owner Key), they can always change all the other keys and regain total control over their account.

Password v. Key

One might wonder why the Master Password isn’t also called a “key.” That’s because all of the keys are actually derived from this single password. That’s why it’s called the “Master” password. It is also called the “seed” because it is the first password that is created, and it is from that the rest of the keys spring forth. That’s why it can be used to perform any function on Steem, from social activities to financial activities. Its convenience has led many to use this password for everything, but this is the precise opposite of its intended use.

Since keys can be used to do any activity in Steem apps like, the Master Password should be securely stored in a password manager (like LastPass or Dashlane), or offline entirely, and only used for highly-trusted applications, minimizing the risk it could be acquired by a malicious actor. Remember, if you use your private keys right, you be unlikely to use the Master Password ever, therefore sacrificing some convenience for the benefit of security is a worthwhile tradeoff.

Steem Connect and Keychain

Users should always be careful when signing into any site that requests any of their private keys. We at Steemit, Inc. can only speak to the security of Otherwise, we recommend only signing into websites through SteemConnect which is an open-source, universal, login layer for Steem Apps, built by a community developer (@fabien) in collaboration with Steemit, Inc. Think of it as “Facebook Connect” for Steem apps.

Users who do not want to input their private keys into Steem-powered websites can use the the Keychain extension created by the @steemmonsters team. Keychain stores Steem keys in a browser extension which can automatically provide the appropriate keys when prompted by a Steem app, thereby foregoing the need for users to expose their keys by copy-and-pasting them into a website.

steemconnect keychain.jpg


The goal of this post was to focus primarily on the Posting Key and Master Password because understanding these two items delivers the most insight into the overall design of the system. The Posting Key is at the very bottom of the hierarchy because it grants the least authority, but it is also the key Steemians should be using the most since it governs social functions. The Master Password, on the other hand, is at the very top of the hierarchy because it grants the most authority and is almost never necessary.

We will cover the rest of the keys in future posts, so if you found this informative, be sure to follow @steemitblog and please share this post with anyone who is trying to gain a better understanding of the private key system.

The Steemit Team


Great post. What is the memo key for and where does it fit in the security hierarchy?

Posted using Partiko iOS

I am new here. Can you put me through on how this works?


Muy buena pregunta, estoy interesado también en esa clave que no entendí como usarla.

A lo que leí, es básicamente para poder desencriptar mensajes que te fueron enviados, pero con baja autoridad.


It seems that I did not understand the lesson well


Halloo..... please help me to get some points

I agree about the Memo key and where it fits or is it a security risk. I feel vulnerable with all the changes going on with the wallet security. If you read my blog the other day I was frustrated and angery enough to get what I could and get lost. I need some one line solutions and I could settle down and hash my way through it, until then the old hawgwild is on a short leave, (Doctors orders; don't get to stressed out).

hola soy nuevo alguien me puede explicar como comenzar en la actividad, y que paginas serian mas productivas para unirme a la comunidad steem

Nice information thanks You So much

Hi. I am steemit new dist ibo tar

The write up nice. It eleborate more about the security keys.

New here, can anyone show me around???

You will receive all the information in the video

This is crazy I upvoted you hours ago. maybe I didn't press post button hard enough the comment for you end up below danielndt or maybe it is because I was messing around with my setting, but my post of 11 hours ago was meant for you apshamilton.

I see you post under mine. The changes are confusing but for the better eventually I think. I use SteemPeak and Partiko rather than Steemit in any case.

Confusing plus I am going to just take it slow let all the info soak in thanks for your reply and advise. I will be following you.

Adakah yang bisa memberi tahu saya gimana cara kerjanya?

Good and advantage posting

hey bro what you doing??

What is Memo in Steemit

Memos (in steemit specifically ) are the short messages attached with the crypto transaction (that is steemit tokens).

What Memo key is used for:

Memo key is used to decrypt private transfer memos or in simple words to create and read memos.

Where it fits in the security hierarchy:

Well it comes under master and owner key but separately, I mean separate diagram for it because it doesn't cover active key and posting key. This (Memo key) is exceptionally different (than active and posting keys) and specifically used for on Memos (short messages). It useless now and can be ignored like hardly few people use it. see here :

Bunun olayı ne

when i try to view my private posting key it wont let me, i click reveal, log in, and then im logged in but it is still hidden, how do i fix this?

Magic Dice has rewarded your post with a 3% upvote. Thanks for playing Magic Dice.

Very nice tutorial! So glad to see this coming from the Steemit blog, simple to understand information like this is exactly what new users need. I agree with Crim, we need this in one easy to find location with some other FAQ. Nice progress!

Easy for you to say, I still feel vulnerable with things being changed fast.

This is really well put together! Well done~ I'm going to carry it through into some of the new user communities. I hope to see this rolled into the FAQ here or into however you refresh the introductory new user experience for front ends with the upcoming split~

Thanks Crim! That's the idea!

Couple of years ago, on recommendation of PBG, I opened an account and invested couple hundred bucks into SP (and even made a post); sorry to say - very very confusing site(s). For I have user name and all my keys; for Steem Chat I have another user name AND password. To get to my wallet I have to print one of the keys! But the worst thing it is impossible to find Support or Help on your site, to ask questions (not addressed to in FAQ), e.g. how do I assign a password (rather than key), to acess my wallet? what is the address to use, to access Hive blockchain, to see the results of the recent fork? Can anybody contact me via [email protected] ? Thanks.

Superb video. Having things like this to send new users to when they ask about the keys, or even linking to from the FAQ in different dApps will be really helpful!

Shame I can't flag people who comment on YouTube though.

lol, why'd you make me look?!

Great video! This really breaks it down so it's useful to newbies but many users that have been here for a long time might have an 'aha' moment too :-)

Thanks for commenting, things are getting better in #Steemit and at #Steem network especially in the area of communication, information, advertising, and projecting Steem to the far ends of the planet earth!

Thanks @steemitblog for the reminder cum information.

I never got this one:
Master Password (or their Owner Key).
Are these two different names for the same thing or I'm missing something?

Yes I was confused by this as well for a long time but I'm pretty sure that yes Master/Owner key is the same, then you have the active and the posting key.

To oldtimer(74) Another old timer with some steem power and experience and you don't know either that's puzzling a minnow like me does not have a chance it seems. I wish I could give you the answer. Another fear of mine is bungling around and making the same mistake 3 or so times and lock myself out of my own blog and wallet sites. I thought I was locked out an hour ago, luckily I recorded all these keys and codes on paper 3 months ago. I had to try 3 of them and finally the type fest ended. whoever is implementing these changes would slow down so us Minnows can have some fun Please

Definitely one of the most useful posts on sorting steemit out I have seen in a long time excellent post.

This video was very good ... and it helps lot :)

Excellent work with this! :)

Thank you @steemitblog
This information is very useful especially for new users on our pride platform...

I think this blockchain-based social media would push speaking freedom. but I wish it could be like Bitcoin, people can sign up freely instead of requiring email and phone number, people can use many opensource client instead of single website.

Thank you! keep it up! good day everyone!

Thank you so so much. This is very clear. I do appreciate your effort in achieving this platform keys. Keep aiming higher. I'm in love with steemit

Wow amazing ,this is a great post and !! Thank you

Thank you for this informative blog. I somehow feel a little bit clarified on what key should I used since I am still a neophyte here I get to know more about the keys and their uses. Great content.

Wow thanks for this great post

After changing the keys some time ago, I can only log in to my account with the Posting Key, I try to reveal the other keys by entering the password Posting Key and nothing has the same asterisks, I have the old Active Key but it doesn't work well.
Thank you



Posted using Partiko iOS

Allow me to translate this post into Indonesian :)

nice tutorial :-)

Great! Steemit needs more official tutorials. This may also be of interest: Steemconnect login with posting key instead of active key

Great tutorial. Quite informative even though short. Would like to know, which category does the password generated using the link sent to our emails during sign-up, fall in?

Hi. I visited for the first time.

Im confised. I have 1 password and after some days i got one transaction id ..what is that then?

And when i have to use master key?

Thanks.. This post is very good

STEEM, is a token that can be transferred and traded like Bitcoin. STEEM can be converted to STEEM POWER.... Steem is the best. I think, Steem is A Proof of Concept (POC) and are a small exercise to test the design idea or assumption.

For me absolute stupid way here. Plaese dont name it private key if it is server key. Real private keys should be generate offline and never put into any open file on internet.

I'm having immense trouble with this - I can't get into my wallet to obtain the private key because it requires a private key to get in.

Is there a way to reset this with Steem or is there another way to get this securely?

Mi pregunta con cual clave ingreso a mi monedero para gestionar?

Again and again I try to withdraw SBD to Bittrex from my wallet and get -
"Transaction broadcast error"
I did it before hundreds of times.
I have read all instructions and manuals here,
I enter my Active Key
I enter memo and...
Again the same...
"Transaction broadcast error"
What is going on? Could anyone help me?

PS. OK, guys I have helped myself.
I have read the instructions one more time and it helped)))))
So, for transactions Withdrawal SBD for example - you need NOT all those keys, that are mentioned in your account. But that one, that is saved (if you had done transactions before, at Google Password manager.
IMPORTANT. This password start not from "S", or "5" but from "P" only.

dams ahole are gonna try stealing our Steem - having the same issue. This platform is getting to be a joke.

Very nice tutorial & very helpful and concise.

I resteemed this article. Thank you for the information.

Posted using Partiko iOS

I don't get it yet :(
I click on the reveal button but the passwords stay the same (***************) like that.
I click reveal, I log in, but any of the keys reveal
help me out please?

Much more informative writings.

I think the picture of wallet should be changed as below.

SnapQuiz, alat pembantu pembelajaran siswa. Bank soal luas mencakup Matematika, Fisika, Kimia, belajar menjadi mudah dan efisien:

I cant sell my steem... everytime i try to transfer to blocktrades it says "transaction broadcast error missing active authority..." it's driving me crazy! Help me i want the money back

I understand the key process and its' need but what I don't understand is when I log into my account and navigate to "key/permissions" and try to copy any key so I can save it outside my account , I cannot. I click "reveal" and it takes me to the log in page. I log in and that sends me back to permissions where I hit reveal again and I am sent back to login. How do i reveal my keys??????? Help!

Very nice tutorial! So glad to see this coming from the Steemit blog, simple to understand information like this is exactly what new users need.

Thanks, I could enter again

Definitely very helpful and concise!

Thank you for sharing. I havent been on this for awhile and gotta catch up. There are so many apps to choose from for Steem Connect how does one determine which one is the best to join? Do the posts from one app connect to the other apps? Or do you need an account for all of them? Thank you.

Hi and thank you for the instruction. I am new to the platform and I need help to withdraw steems i bought from Bittrex to my steem wallet. Can you help me please or which is the correct key to withdrawal ?
withdrawal tab on Bittrex has Memo and recipient wallet address. I have tried so many tutorials about transferring the coin but each time was invalid.
Thank you

esteem app asks for master password. What can you say about that?

Esteem has SteemConnect support. It's a great app that has been around for a long time and has a great developer behind it, @good-karma.

Glad to know, im a huge fan

Крутой пост , мне нравится всё стало ясно

well explained
i find it very interesting all this
just learned about it like a week ago

can I get some piont?

techbegins is the best company for social media and digital marketing.
We are a digital marketing expert. More information Please Visit my Site

I appreciate all of the information. I’m new to this site and must admit, there is a significant amount of excitement from what I’ve witnessed thus far. Trying not to become overwhelmed in the beginning is always a challenge. I’m sincerely in awe of the capabilities here. Thanks

Thanks. Being a new steemit user, I am delight to see such a great and helpful post to prevent our account from being abused by hackers. I highly recommend all new steemit should have a read on this post.

To listen to the audio version of this article click on the play image.

Brought to you by @tts. If you find it useful please consider upvoting this reply.

I tried to login with my masterkey which I kept saved over the years, but how can I receive a posting key to get logged in again?

Thank you,
This was a good review of an important topic.
I will resteem this post.

Es mi primera publicación, un poco complicado al tratar de conseguir la clave para el login pero se pudo.

Couldn’t see where to save my pdf password keys page so I screen shot it, wrote it out and try using it but it keeps failing. How can I get my master key like the pdf doc page sent me so I can try saving it directly. .? Pls o need some advise

Nowadays you people are very active. it is very good ♥

We've always been active, we're just communicating a lot more ;) Thanks!

glad to hear this... boss

Buena publicación. ¿Para qué sirve la clave de nota y dónde encaja en la jerarquía de seguridad?

ملصق ممتاز. ما هو مفتاح المذكرة وأين يتلاءم مع التسلسل الهرمي الأمني؟
Отличный пост. Для чего нужен мемо-ключ и какое место он занимает в иерархии безопасности?
زبردست پوسٹ۔ کس میمو کی کلید ہے اور یہ سیکیورٹی درجہ بندی میں کہاں فٹ بیٹھتی ہے؟
महान पद। मेमो कुंजी किसके लिए है और यह सुरक्षा पदानुक्रम में कहाँ फिट होती है?

What is a Memo Key in this regards? I got it when signed up, thank you!

This is interesting. Every Time I try to view my Active key so I can PowerUP I get an error.
RPCError. missing required active authority: Missing Active Authority? Plus it keeps asking me to log in. Before I can freely view all my keys, not its asking me for the password. Well something is obviously wrong, because I have the password written down and stored digitally. And had no issues previously.


Sangat membantu bagi pengguna baru, Terima kasih orang baik

Steemit team may always be best team.
Hope you to accept me as your new member.

Hope you all be your new member. Thank you to send large files up to 30 GB for free with amazing features

Muy buena la inducciòn acerca del manejo de las claves de seguridad de steemit. Gracias.

Baca dari postingan ini memang betul dan menarik, untuk apa key memo atau kunci memo di dalam hirarki keamanan? Benar kan ?

Hi Team, I have a problem when I am on my wallet and try to market my SBD to Steem in order to power up. Nothing happens when I finish the transaction. Is this because I have a new laptop with Windows 10? I also have the same problem on my new Android smart phone. Also unable to power up or do any other transactions on my wallet. Everything worked normally when I had my old laptop. Please help!

Good post. I will translate this and share it with our local communication members.

How do i start

I cannot post on steemit

Hello @steemitteam and @steemitblog the easiest way to explain this is.
(Difference between master key and posting key).

If its accessing a home.

The posting key is the gate key.
It will allow you access the inside of the home that's the compound but it never help you access the house.

The active key can help you get access to the sitting room and the dinning room but never in accessing the bed room.

The master password as its even called master can help one access the compound it can help you access the sitting room and dinning just like the active and it can help you access the bedrooms.

Once one losses the master password he has lost it all.

This is a critical and clear article for perusers. ceme online

can I help you sir?

excelente, tengo algunas dudas pero buena publicacion

Thanks for sharing it's really helpful

What are steem basics

Coin Marketplace

STEEM 0.18
TRX 0.05