You are viewing a single comment's thread from:

RE: Hate putting private keys into websites? Introducing Steem Keychain!

in #steem6 years ago

Hi @haejin

The following instructions have been written for a Mac computer, but for a Windows computer, it's very similar:

  • Go to the Steem Keychain GIT repository: https://github.com/MattyIce/steem-keychain
  • Click on the "Clone or Download" green button
  • Select "Download ZIP"
  • Once the ZIP file download successfully, unzip it somewhere on your local HD. For the purpose of this mini-guide, I will assume you have unzipped it under Documents/steem-keychain-master
  • Now, launch Chrome and in the address bar, type chrome://extensions
  • On the top right of the screen, enable the "Developer mode"
  • Now you have three new button showing at the top left, click on "Load unpacked"
  • Browse to Documents
  • click on the folder steem-keychain-master
  • click on the "Select button"
  • You should now see the extension appearing on the screen

To upgrade you will have to download and unzip again and overwrite the files on your local harddrive then go back to chrome://extensions and click the circular arrow icon to reload the extension. Verify its version number to confirm the upgrade.

This is what Chrome extension developers do to test their extensions before uploading it to the Chrome Web Store.

Sort:  

Thanks! Very helpful!
Would an upgrade wipe out prior entered keys?
If one had used steemconnect or entered keys via cop paste in the past, should new keys be generated for the Key Chain; in the event steemconnect or steemit inc. get hacked?

An upgrade should not wipe the entered keys if you don’t remove the extension prior to the upgrade. I have not checked how the extension stores the keys but beware when you clear the browser’s cache as it might also clear the keys depending on the cache clearing options you checked. After checking the extension and testing on another computer, it seems that clearing cache does not clear your keys from the extension, to remove all store keys, you would need to remove the extension itself.

To my knowledge, SteemConnect (from v2) does not store your private keys, it uses you active key to grant posting authority to the dapps that was using SteemConnect. The key is not needed later on when posting or upvoting. The private key is still requested for each transfer or settings request. Utopian got hacked in the past, the hacker could not retrieve the keys because there was nothing to retrieve, they could only use the SteemConnect token to perform the upvotes. If SteemConnect get hacked, just revoke your tokens.

However, if you want to be 100% you have not leaked your keys somehow then yes, go regenerate them. I still recommend you kept your owner key somewhere else safe.

Posted using Partiko iOS

Do you know which option that is, so that I can look out for it if I decide to update or erase cache?

Posted using Partiko Android

I've updated my comment above, but it seems that clearing cache didn't remove the keys but removing the extension from Chrome does.

Thanks for the detailed explanation Q. I'll look into it and follow your instructions. 👍

You're welcome :-)