Security

SatsVault Private Key Security

SatsVault aims to provide maximum security when storing private keys for customers with a multisig wallet subscription. If you are new to the world of Bitcoin, don't worry, we will explain the security measures in plain language.

How Are Private Keys Created?

When you open a multisig wallet with SatsVault, one private key is generated for you. Because we only manage one private key, we never have direct access to your bitcoin. Here is how this private key is generated:

  1. Master Key: We start by creating a new key or using an existing Master Key.
  2. Child Key: Next we generate a Child Key according to the BIP85 specification.
  3. Customer private key: Finally, we create your customer private key based on a unique BIP32 Account Index.

We store the following data for each wallet:

  • Master Key Identifier: This is a unique identifier for your Master Key.
  • BIP85 Child Index: This is the number that identifies your Child Key.
  • BIP85 Child Path: The specific location of your Child Key.
  • Account Index: A number that identifies your specific account.

How Are These Keys Secured?

MasterKey: The Master Key is split into several parts using a special mechanism (SeedXOR). These parts are stored securely in various physical vaults, managed by professional companies. Most importantly, these parts are never in the same location, so they can never be accessed at the same time.

Child Key: The Child Key, which is required to sign your wallet, is stored on a signing device that is well protected against unauthorized access. This device is kept securely in a physical safe.

How Is the Health of the Keys Monitored?

We perform a health check every six months. This includes signing a test transaction as proof that SatsVault still has access to your private key. This is an extra security measure to ensure the integrity of your keys.

What If the Keys Are in Danger?

In the rare event that the Master Key or Child Key is compromised, we will notify you immediately. We will then set up a new multisig wallet for you as soon as possible and safely move your bitcoin there. 

What If SatsVault No Longer Exists?

If SatsVault is no longer able to provide our services for any reason, for example if the administrator is no longer available, for example due to death, the company will be continued or transferred to the heirs. This ensures that your Bitcoin investment remains safe and managed by professionals, even if circumstances change.

Moreover, by regularly taking a ghealth check of your private keys further reduces your dependence on SatsVault. This gives you proof that you still have full access to the necessary number of private keys to conduct transactions. This allows you to maintain control over your own bitcoin, even in situations where you cannot reach SatsVault.