Understanding Wallets, Private and Public Keys, and Your Self-Custody

As you begin your journey into proper bitcoin self-custody, there are a few concepts that can be helpful to understand. You’ve probably heard of public and private keys, but what exactly are they? What is a passphrase, and how does it increase security of your bitcoin? What does my hardware wallet do, and what is the role of my software wallet?

These are all great concepts for which you may want a basic understanding. Let’s dive in.

Your Seed Phrase

When we help you set up your hardware wallet, one of the first things it will do is help you generate what is called a seed phrase.Your seed phrase is a list of 24 words that serve as one component of the backup to access your bitcoin in the event your hardware wallet is ever lost, stolen, broken, or otherwise inaccessible to you. 

Your seed phrase is generated by the hardware wallet and should never, ever be stored online or on a computer; it should exclusively be stamped into a steel or titanium plate to withstand flooding, fire, corrosion, or other unfortunate events. It is worth noting, too, that the order of these words matters, so stamp them cautiously and in the proper sequence.

Your seed phrase is generated randomly. These are not words that you choose.

Your Passphrase

In addition to the seed phrase, you’ll also create something called a passphrase. Think of a passphrase as a “25^th word”that you must remember to access your bitcoin.

One key difference is that you get to decide your passphrase. You can use special characters (e.g., !, #, $, %), letters(uppercase and/or lowercase), numbers, and any combination of these. So, while your seed phrase will be 24 words randomly generated from a standard list, your passphrase could be much more creative and should be very difficult for someone else to guess.

When using a passphrase, securing it properly is just as important as the seed phrase. If your hardware wallet becomes inaccessible, you will need both the seed phrase and passphrase to recover your Bitcoin.

While your seed phrase should remain 100% offline, you should store your passphrase in an encrypted vault and, ideally, commit it to memory. Your seed phrase and passphrase should never be store together; if someone gains access to both, they have access to your bitcoin.

‍

Your Private Key 

Combined, your seed phrase and passphrase are used to generate your private key. 

Your private key looks like a long line of random letters and numbers, but this isn’t something you’ll ever really “see” because it’s stored on your hardware wallet. This key is generated by feeding your seed phrase and passphrase through an encryption algorithm, but the technical details as to how that works are unimportant.

Your private key is used for two purposes:

1.       To generate a public key (more on that ina moment)

2.       For signing transactions (i.e., sending bitcoin)

This key is referred to as private because it should never be shared, be stored on an Internet-connected device, or be access by anyone but you.

Your Public Key and Public Addresses

As mentioned, your private key is then used by your hardware wallet to automatically determine your public key, also known as an xpub.

Don’t let the word “public” confuse you, though. You don’t want your public key being made publicly available. Your public key is used to derive a public addresses that you’d share with someone to receive bitcoin in your Sparrow Wallet. If the public key itself becomes known to others, all public addresses to which you’ve received bitcoin can be traced back to your public key, limiting your privacy.

Your wallet will automatically generate new public addresses and, as needed, new public addresses may to be sent to other to receive bitcoin.For privacy purposes, it is important to not re-use the same public address when receiving bitcoin. Sparrow Wallet makes it easy to generate a new public address for each transaction in which you receive Bitcoin.

Your Software Wallet

Your software wallet, Sparrow Wallet, acts as an interface for receiving and sending bitcoin.

You’ll use your hardware wallet, which alone knows your private key, to create a file that is then imported into Sparrow Wallet to generate this new wallet on your computer.

With this new wallet created in Sparrow Wallet, you can begin receiving bitcoin that is accessible only to you. As mentioned, Sparrow Wallet will also automatically generate new public addresses for you to receive bitcoin. Your hardware wallet is not required for receiving Bitcoin; your new wallet in Sparrow Wallet can do this on its own.

Your Sparrow Wallet cannot, however, allow you to send bitcoin by itself. Your hardware wallet is required for this.

Your Hardware Wallet

You’ve already learned that your hardware wallet helps you securely generate a seed phrase, that you get to input a unique passphrase, and, when combined, provides you with a private key.

That private key is then used to generate a public key for use in receiving your bitcoin and that public key information is imported into your Sparrow Wallet to make all this simple and possible.

But what if you want to send bitcoin? You can’t do that just with Sparrow Wallet because a private key is required to send bitcoin and Sparrow Wallet doesn’t know your private key.

This is where your hardware wallet becomes into play.

You can think of your hardware wallet less as a “wallet” and more as a “signing device.” If you want to send bitcoin, you’ll initiate the transaction in Sparrow Wallet and then need to grant permission for this to be completed with your hardware wallet.

In short, Sparrow Wallet will generate a QR code or a small file that must be read and approved on your hardware wallet. In doing so, you are signing a transaction.

Once Sparrow Wallet received this “signature” from your hardware wallet, the transaction is sent out to nodes on the network and is placed in what is called the mempool.

The Mempool

You can think of the mempool as a place where nodes – these little computers all over the world running the Bitcoin software – store non-finalized transactions. Technically, there is no “the mempool,” but rather thousands of mempools of which one is managed by each Bitcoin node. But it’s sometimes easier to just imagine a single, collective place where all these unfinished transactions reside awaiting being added to a block on the Bitcoin blockchain.

These nodes communicate to Bitcoin miners that you have initiated this transaction and would like it added into a new block to be finally sent and settled with the receiving party.

After a bit, a miner will find a block with your transaction included in it and the process will be complete – your bitcoin will officially be sent and no longer accessible to you.

Summary

Under the hood, so much of what is described above is incredibly technical. There are advanced cryptographic algorithms, hashing, and other robust tools used to make it all happen so elegantly. 

But the important takeaway is understanding that your seed phrase and passphrase are combined to generate a private key that resides exclusively on your hardware wallet. That private key is used to create a public key, and that public key is used to create a new wallet in SparrowWallet and is then used to generate public addresses for receiving bitcoin on your Sparrow Wallet.

But if you want to send your bitcoin, you’ll need to use your hardware wallet to sign the transaction (because that is where your private key is), using Sparrow Wallet to initialize the sending and to then share and proliferate the transaction to the Bitcoin network.

We hope this is a helpful primer. We’d encourage you to keep learning and seeking an understanding of some of the basic mechanisms in place that make Bitcoin such a powerful monetary technology.

And, of course, The Bitcoin Way is always here to help and answer questions. Don’t ever hesitate to reach out on your Bitcoin journey.