Private keys security

Key deletion

In practice it is impossible to be 100% sure you deleted your private key.

Even if it's only stored locally, it is hard to guarantee it's completely removed. (even after you explicitly delete it)

Because, for example, there are always software programs that could read deleted sections of the hard disk on your computer and your security might be compromised.

(in case someone was to gain physical access to your computer)

Other times, you might have left your computer unattended and you cannot be completely sure if someone accessed/copied your private key or not.

The only (proper) solution

In all these aforementioned situations, your only 100% safe course of action is to replace the (public) key in the ledger. Regardless of whether:

your security is compromised due to a human error
or you're only suspecting your security was breached (and the private key was leaked)

STEP 1.

First you create a new key pair (signer).

STEP 2.

And then you just update the public key in the ledger access rules like we described in the previous lesson.

For example, let's say the initial version of the access rules was this:

{
  "action": "any",
  "record": "any",
  "signer": {
    "public": "old-public-key"
  }
}

And you change it to this:

{
  "action": "any",
  "record": "any",
  "signer": {
    "public": "new-public-key"
  }
}

Now the old signer will no longer work even if someone has your old private key.

Key updating process for the banks (participants)

You, as a clearinghouse and the creator/owner of the entire ledger, can update your private keys yourself.

Your participants (banks) cannot do this themselves, so the process for them is to:

send you their public key
and then you can simply update it

The new private key is in banks' sole possession, and they can start using it to sign all their actions in the ledger.

Private keys security

Key deletion

The only (proper) solution

Key updating process for the banks (participants)

On this page