Ethereum: Where is the Private Key Stored for EVM-Accounts?
When a user creates an Ethereum account and locks their private key using a machine-specific password, the private key is not stored on the user’s device. Instead, it is stored in a secure location within Ethereum’s blockchain, specifically on-chain. This is done to maintain security and ensure that the private key cannot be compromised.
Metamask: The Wallet Service for Ethereum
Metamask is a popular Ethereum wallet service developed by Binance Labs. It allows users to interact with their Ethereum accounts from other blockchains, including EVM (Ethereum Virtual Machine) accounts. When using Metamask to unlock an EVM-account, the private key is stored securely on-chain and not transferred to the user’s device.
How Private Keys are Stored in Metamask
When a user creates an EVM-account with Metamask, they can recover their account by generating a new mnemonic phrase or seed phrase. The private keys of the EVM-account are stored within Ethereum’s blockchain in a special database called the “Ethereum Mainnet”. This database is encrypted using a cryptographic algorithm, such as Argon2 or PBKDF2.
The private keys are not ciphered before being written to storage; instead, they are hashed and salted with a random value. This ensures that even if an attacker were to intercept the private key, they would still be unable to recover it without the mnemonic phrase or seed phrase used to generate it.
Security Features of Metamask’s Private Key Storage
The security features of Metamask’s private key storage are designed to prevent unauthorized access and compromise. Some of these features include:
- Encryption: The private keys are encrypted using a secure algorithm, such as Argon2 or PBKDF2.
- Hashing: The private keys are hashed and salted with a random value before being written to storage.
- Salt: A random salt value is added to the private key to prevent attacks that target specific key values.
- Mnemonic Phrase Storage
: Metamask stores the mnemonic phrase used to generate the private keys, making it difficult for an attacker to recover the private keys without it.
Conclusion
In summary, when a user creates an EVM-account with Metamask and locks their account using a machine-specific password, the private key is stored securely on-chain within Ethereum’s blockchain. The private keys are not ciphered before being written to storage, but they are hashed and salted with random values to prevent unauthorized access. This secure storage mechanism ensures that user data remains safe and secure.
References
- “Metamask Wallet” documentation
- “Ethereum Mainnet Database” documentation
- “Argon2-128” cryptographic algorithm documentation
- “PBKDF2” cryptographic algorithm documentation