Profile

Does counterwallet hold your private keys?

Does counterwallet hold your private keys?

Transcription

What's up, party people? Chris DeRose here, Community Director of the Counterparty Foundation, and today we're trying something a little different. I'm here driving west bound on Sawgrass Expressway. It's one of our larger roads here in the state. It goes from east to west. I'm on my way to the Bitcoin Bowl. I'm really hyped.

Filming this is one of my friends from the South Florida community, and we decided to do a video. Let's do something a little different today. So the question that was post was this, "Does the counterwallet server hold your private keys?" This question was asked by David Madris, and David, hope this answers your question. So this is a common source of confusion. I've seen this thrown out there a couple times. It's not too hard an issue really to grasp, if you look for the source code and you spend some time on these things.

The gist of it is this: the counterwallet server does not hold your keys in escrow or in its custody in any way. What happens is when you connect to the counterwallet system, you're running in JavaScript all of the code that signs your transactions. In the Counterparty system, there is a feature, whereby when you perform an action, it communicates to the Counterparty server. The Counterparty server returns to you what's called a "raw transaction." It's the same format of raw transaction that you see that Bitcoin uses because it's basically Bitcoin. It is a Bitcoin transaction.

This raw transaction needs to be signed with your private key in order to be eligible for entry onto the blockchain. So what happens is that the counterwallet system does all of the work that's necessary to prepare the transaction minus the signing feature. When it does that, it sends via JavaScript the raw transaction to the client browser, at which time the key, which is known to your browser only, is then used to sign off on the transaction, making it valid. It does that in the memory of your personal computer, at which point when its done, it sends that signed transaction back to the counterwallet server, and then the counterwallet server broadcasts on the Bitcoin network where it's entered at the blockchain. At no point during that process does the Counterparty server actually hold any secret information. And there's a couple other ways certainly to understand this at a simpler level.

Certainly, when you log into Conterparty your using, I think, what is it, BIT38, I believe, the BIT38 key to log into the system, that key isn't transmitted to the server, it's merely stored in your user session there in your personal web browser, at which point the system then queries the server for various details related to your public key that corresponds with that. The Counterparty team or the counterwallet team can't actually retrieve your private key. If you lose it, you're stuck. So that's assuredly one indication that they don't keep it. But also the code is publicly available. So you can go through it, as well, and you can look at this process.

It's a feature that really I think started with the blockchain.info/wallet, and it very very closely resembles what they did on the blockchain.info/wallet. I'm sure that was the lead inspiration for that whole interface design. It's a smart system. It's something that I've been looking into more lately, as I've been developing the Clydeside Libraries.

I've been doing the Ruby Library with my time recently. That should be up soon. You can check that out on my giga profile, which is accessible on my website. There's a signing method you can see. If anybody wants to know where the line is just comment me and I'll tweet you back the citation, or you can see how that process works. It's good to understand if you're a developer.

It's important to understand if you're a Counterparty user. You should expect that level of privacy in any crypto technology they use at this point. I think it's going to be a standard interface. It's certainly a good one. So that's it. I mean that's an easy question of today.

David, I hope that answered some of your confusions. If you liked what this video was about, subscribe to the channel. I'd love to have you around, and certainly tweet me with your questions on Twitter. I'm DeRosetech, or email me chris@chrisderose.com.