The Blog

An advisor’s guide to: Public vs. private keys


Public and private keys are used by cryptoasset investors to store, receive, and transfer their assets online. Before we get to the differences between the two types of keys, an understanding of cryptography is imperative. Since cryptography is what allows for the secure transfer and storage of cryptocurencies via public and private keys, it is a process advisors must be able to discuss with clients who are curious about the foundations of the asset class.

Cryptography and keys

Both public and private keys are generated using cryptography, one of the backbones of blockchain technology. Cryptography helps to maintain the security and trustworthiness of crypto transactions by using a set of rule-based calculations and mathematical concepts to encode and decode information and communication-related messages. 

In addition to ensuring the safety of online transactions, cryptography also solves the issues of relying on a central authority. Two individuals, each with their own public and private keys, can transact by directly sending cryptoassets to each other without the need of an intermediary, such as a bank. In other words, they allow for peer to peer transactions.

Cryptography also prevents double spending, or, the ability for a cryptoasset to be spent more than once. In the case of bitcoin, transactions are time stamped and then broadcast to all of the nodes in the Bitcoin network, eliminating the possibility for a bitcoin to be spent multiple times.

Public and private keys: what’s the difference?

Public keys are digital addresses used by investors to send and receive cryptocurrencies. They are broadcast on the blockchain, show ownership of an account, and can be shared openly without fear of assets being stolen. Think of public keys like a Twitter account. The username is visible to all, and an individual can send and receive any number of tweets to and from their public account without reasonable fear of being hacked, because only that individual knows the password to their account.

Private keys are digital addresses that investors use to sign transactions and spend funds. Unlike public keys, private keys should be kept confidential and in a safe location. If accessed by anyone other than the owner, they would allow for access to the crypto wallet and make the funds vulnerable. In reference to the public keys example, a private key would be more like a Twitter account password. The owner has the ability to access the funds in the account, so only they can spend, send, and withdraw the funds in the account.

What do they look like?

Public and private keys are both randomly generated 64-letter strings (256 bits) made up of characters and numbers making them verifiable, counterproof, and secure. Your public key is digitally tied to, and created from, your private key. What is “broadcast” to the network is a mathematical permutation of the public and private keys, designed such that even knowing this transactional combination and the public key is not sufficient to derive the private key. 

What if the key gets lost?

It is possible to recover the public key if you own the private key. However, just as it is impossible to use a Twitter account without knowing the password, it is impossible to find the private key using only the public key.

How to store keys

There is a popular saying in the crypto world, “Not your keys, not your crypto,” which means if you do not hold your keys, particularly your private keys, you don’t actually hold your cryptoassets. Remember, without the private keys investors are not able to control their cryptoassets.

Given the importance of public and private keys, proper storage of each is important to protect against the loss or theft of cryptoassets. There are a number of options through different wallet applications and exchanges for storing cryptographic keys. The investor’s risk tolerance, comfort with their ability to safeguard their keys, and philosophical outlook on the cryptoasset space will influence which storage option is best. There are multiple choices:

Online wallets 

When purchasing crypto on an exchange like Gemini or Coinbase, investors are issued their public and private keys, with the private key being held in cold storage, or offline, managed by the exchange. Keeping private keys at the exchange is convenient and relieves investors of the risk of losing their keys.

Hardware wallets

Hardware wallets are basically thumbdrives. Common hardwear wallet brands are Ledger or Trezor. When purchasing a hardware wallet, the investor receives both public and private keys, giving them total control, and responsibility, over their funds. 

Software wallets

Storage of keys can be managed through wallets installed on your computer or mobile device. Many software wallets are coin-specific, such as Monero wallet, which is used solely for transactions sending and receiving Monero, a cryptocurrency. Since keys are stored on a device, i.e. in hot storage, the wallet is always at risk of being hacked. However, the ease of accessibility via a computer or smartphone allows for swift transfer of funds should the need to do so ever arise.

Paper wallets 

Keys stored in a paper wallet are exactly as they sound: on paper. Investors have the option to store their public and private keys offline and, in this instance, the investor has physical possession of their keys. Physical possession allows the investor full control, as he or she can store the information in any location they deem secure. 

How do you choose which one to recommend?

The storage of keys is an extremely important decision for investors, and advisors investing on behalf of clients must consider the pros and cons of each option including the level of security, compliance, and reputation of the digital wallet company or exchange. No asset is “risk-free,” but many of the early security concerns around the idea of “digital cash” have been laid to rest. Speak to your client about what methods of storage they prefer.

What’s a seed phrase?

Both private hardware wallets and some online wallets like Metamask issue investors a 12-word seed phrase as an extra layer of safety. This seed phrase must not be lost because without it wallets, private keys, and related objects cannot be accessed and investors run the risk of losing their funds. It is recommended to store the seed phrase in a safe location like a safe or safety deposit box and to have a backup storage option. Merely by memorizing this seed phrase, an investor can access their crypto from anywhere in the world. 


Public and private keys allow investors to be self-sovereign over their cryptoasset investments. The keys allow for anonymity, control of cryptocurrencies, and the ability to send or travel with funds anywhere in the world. The tradeoff for greater control is greater responsibility. In traditional finance, if your bank account is hacked, you can go to your local branch and they will help to recover your funds. In contrast, if your crypto funds are stolen or your wallet is hacked, there is no central authority to help you recover your assets – they are gone forever. This is why it is imperative that advisors properly educate clients on the importance of said private keys and the role they play when investing in cryptoassets, as well as putting in the time to build a functional knowledge of cryptographic security.