Ethereum: Where are the private keys for EVM accounts stored?
When a user creates an Ethereum account and locks their private key with a machine-specific password, the private key is not stored on the user’s device. Instead, it is stored in a secure location within the Ethereum blockchain, specifically on-chain. This is done to maintain security and ensure that the private key cannot be compromised.
Metamask: The Wallet Service for Ethereum
Metamask is a popular Ethereum wallet service developed by Binance Labs. It allows users to connect to their Ethereum accounts from other blockchains, including EVM (Ethereum Virtual Machine) accounts. When you use Metamask to unlock your EVM account, the private key is stored securely on-chain and is not transferred to the user’s device.
How Private Keys Are Stored in Metamask
When a user creates an EVM account with Metamask, they can recover their account by creating a new mnemonic phrase or seed phrase. The private keys for an EVM account are stored in a special database within the Ethereum blockchain, the “Ethereum Mainnet”. This database is encrypted using a cryptographic algorithm such as Argon2 or PBKDF2.
Private keys are not encrypted before being written to the storage; instead, they are hashed with a random value and salted. This ensures that even if an attacker were to capture the private key, they would not be able to recover it without the mnemonic or seed phrase used to generate it.
Metamask Private Key Security Features
The security features of the Metamask Private Key Storage are designed to prevent unauthorized access and compromise. Some of these features include:
- Encryption: Private keys are encrypted using a secure algorithm such as Argon2 or PBKDF2.
- Extraction: Private keys are hashed and salted with a random value before being written to storage.
- Salt: A random salt value is added to the private key to prevent attacks targeting specific key values.
- Mnemonic phrase store
: Metamask stores the mnemonic phrase used to generate private keys, making it difficult for an attacker to recover private keys without it.
Conclusion
In summary, when a user creates an EVM account with Metamask and locks their account with a machine-specific password, the private key is securely stored on-chain within the Ethereum blockchain. Private keys are not encrypted before being written to storage, but are hashed and salted with random values to prevent unauthorized access. This secure storage mechanism ensures that user data remains safe.
References
- “Metamask Wallet” documentation
- “Ethereum Mainnet Database” documentation
- “Argon2-128” cryptographic algorithm documentation
- “PBKDF2” cryptographic algorithm documentation