Public & private keys explained

Taking control of your cryptocurrency with self-custody is an important step toward financial independence. With this control comes the need to understand some core concepts, like public and private keys.
 

These two concepts are essential for managing your crypto securely and avoiding mistakes. If you know how passwords work, you’re already on the right track.
 

This article will explain public and private keys in a simple, clear way so you can confidently manage your cryptocurrency.
 

What are public and private keys?

If you’ve ever sent cryptocurrency, you’ve already interacted with a public key—you probably think of it as an address. A public key is a unique string of characters that anyone can use to send cryptocurrency to your wallet. For instance, when you withdraw funds from an exchange to another address or exchange, or if you send someone crypto, you’re working with public keys.
 

A private key, on the other hand, gives complete ownership and control to the funds.
 

Every public key (or address) is mathematically derived from a private key through a one-way process. This ensures your private key remains secret and secure since it can’t be reverse-engineered from the public key.
 

To simplify, think of a bank account:
 

• Your public key is like your bank account number—you can share it with others to receive payments.
• Your private key is like the password to your account—but with some differences:
  • The private key creates the public key through a mathematical formula, meaning your password essentially generates your account number.
  • Unlike a bank account password, a private key can’t be changed.
  • You don’t choose your private key—it’s generated securely by your wallet.

This pairing ensures cryptocurrency transactions are both secure and private, empowering you to fully control your funds.
 

How do public and private keys work together?

Pairing mechanism

Public and private keys work together to enable secure transactions. The public key is used to generate addresses where funds can be received, while the private key provides access to those funds.
 

Digital signatures

A digital signature ensures that only the owner of the private key can authorize transactions. When you send a transaction, your wallet uses your private key to "sign" it, creating a unique signature. This signature proves that the transaction was authorized by the holder of the private key. The network then uses your public key to verify the authenticity of the signature.
 

Use case

Imagine you want to send money from your wallet to another wallet. To do this, your private key "signs" the transaction, proving that you own the funds and are authorizing the transfer. The network uses your public key to verify the signature and ensure the transaction is valid—all without ever exposing your private key.
 

Why public and private keys are essential for crypto security

At its heart, cryptocurrency is about self-custody—the ability to own and control your funds without relying on a third party. This is made possible through public and private keys, with the private key granting exclusive control over your funds. Unless your private key is physically taken, no one else can access your assets.
 

By keeping your private key offline and never entering it into an internet-connected device, you safeguard your funds against hacking. This is a massive benefit when compared to storing funds on an exchange, where a stolen password can result in unauthorized access and loss of funds.
 

Cryptography empowers individuals to achieve true financial independence. With cryptocurrency, you are free from the constraints of banks, and your funds cannot be frozen or seized—giving you full control over your financial future.
 

Common myths and misconceptions about public and private keys

Myth 1: If I lose my public key, my crypto is gone

Losing a public key is generally not an issue because public keys can be regenerated from your private key unless you have a multisig wallet. 
 

Myth 2: It’s OK to share my private key with trusted people

You should not share your private key with anyone. Even in trusted situations, sharing your private key grants full control over your wallet and its funds. In some cases, sharing a private key with a family member or a spouse is appropriate, although you should be aware that doing so grants them the exact same permissions over your funds that you have.
 

There is an exception to this rule - advanced setups like multisig or SLIP39 wallets, where full access to the funds is intentionally split into parts, are designed to be shared with trusted parties. However, even in these cases, careful planning and security measures are crucial. Sharing a full private key compromises your wallet and funds entirely.
 

Myth 3: Crypto is anonymous because of these keys

Cryptocurrency is often misunderstood as being fully anonymous. In reality, blockchain transactions are pseudonymous, meaning they are tied to wallet addresses rather than names on accounts.
 

Because all transactions are recorded publicly on the blockchain, it’s possible to trace the flow of funds and link addresses to identities, especially if one of your transactions is connected to a service that knows your name or other personal details.
 

Always use caution and consider privacy measures to protect your identity when transacting with cryptocurrency.
 

How to keep your private key safe

For more information, please read our article called Keeping your wallet backup safe.
 

Most likely, you know your private key as your wallet backup—the 12, 20, or 24 words you wrote down when setting up your Trezor device. These words are the key to your funds, and it’s critical to handle them securely. Never enter your wallet backup into any device that isn’t a cold storage hardware wallet. This includes phones, computers, or any internet-connected device, as doing so could compromise your funds.
 

To enhance the physical security of your wallet backup, Trezor offers the Trezor Keep Metal. This solution allows you to engrave your backup into metal, providing a more durable and robust alternative to storing it on paper.
 

Another option is using a SLIP-39 Multi-share Backup, which lets you avoid a single point of failure by creating a future-proof backup, which can be split into multiple shares and distributed geographically.
 

This method not only provides redundancy but also reduces the risk of losing access due to a single point of failure. To learn more about how Multi-share Backups work, check out this article on SLIP-39 backups.
 

Public and private keys beyond crypto

Public and private keys are not exclusive to cryptocurrency; they form the backbone of modern digital security and encryption. These keys are part of the same technology that powers encrypted communication apps like WhatsApp or Signal, ensuring your messages are private and secure from prying eyes. Similarly, encrypted email services rely on this technology to protect sensitive information shared over the internet.
 

The concept of public and private keys has existed for decades, originally developed to enable secure communication in the digital age. It laid the groundwork for many innovations we rely on today. This same robust encryption is what allows cryptocurrency to operate securely without needing intermediaries, making it a critical building block in the evolution of decentralized digital money.
 

FAQs about public and private keys

Should I give out my private key?

Never share your private key. It grants complete control over your wallet and funds. Anyone with access to your private key can move or spend all the cryptocurrency in your wallet without your consent.
 

How to generate a public key?

Public keys are derived mathematically from your private key. Wallet software, like Trezor Suite, handles this process securely and automatically, allowing you to share public addresses for receiving funds. For more details, explore our guide on Extended Public Keys (XPUBs).
 

What can someone do with a private key?

A private key gives full access to a wallet, enabling the holder to control all associated funds. For this reason, keep your private key or wallet backup secure and never share it with anyone.
 

Who generates public and private keys?

Public and private keys are generated by your wallet software or hardware wallet using cryptographic algorithms. Here's how it works:
 

Step one: Private key generation 

• Your wallet creates a random number
• This random number becomes your private key
• The private key is a long, unique number that cannot be guessed thanks to the strength of modern cryptography.

Step two: Public key derivation 

• The wallet then uses the private key to mathematically generate a corresponding public key.
• The public key is derived through a one-way function, meaning the private key cannot be reverse-engineered from it.

Step three: Address creation

• The public key is further processed (also known as being hashed) to create a wallet address, which is shared to receive funds.

This entire process is handled securely by the wallet, ensuring that the private key remains hidden and protected. Users never need to manually create or handle keys directly; the wallet takes care of this behind the scenes.
 

Conclusion

Public and private keys are the foundation of cryptocurrency’s promise: financial independence and self-sovereignty. They empower you to own and control your funds without relying on intermediaries like banks, ensuring your assets remain secure as long as your private key stays private.
 

Understanding how these keys work—and how to protect them—is crucial for safely navigating the crypto world. Whether you're sending funds, receiving payments, or simply holding Bitcoin, safeguarding your private key is a must.
 

If you're ready to take the next step in securing your crypto, explore Trezor's hardware wallets and accessories like the Trezor Keep Metal. These solutions make protecting your financial future easy and reliable. Start your journey to ultimate self-custody today!