About Wallets, SDKs, and trust on the blockchain
EOS and Scatter basics
This article is about the basics of how EOS works, what a private key is, and how EOS accounts and private keys are related. If you already know that, go check out some of the apps you can play with.
If all this is new to you, you’ll need to understand it so that you can get your EOS account up and running, and really safely manage your assets.
Let’s get started.
How EOS works and Scatter’s place in it
EOSIO is a blockchain, which is just a tower of building blocks. It is run entirely by users and some of those users choose to run for elected positions (Block Producers or BPs for short) which allows them to add new blocks to the top of the tower in return for pay. However only 21 of the elected BPs are able to add new blocks to the tower and everyone below them with less votes becomes a “stand-by”. Every user on the network can vote on who should be the elected producers.
The top 21 block producers shift around a bit but are largely stable.
The protocol itself gets updated from time to time and a cool feature of the network is that they can all vote and update the network together when there is a consensus of 15 out of 21 block producers.
EOS Mainnet is one of the networks that runs the protocol and has block producers synced up and producing blocks together. We have built a decentralized computer network that people have accounts on with funds in them. Billions of dollars sit in the network. It is mind-blowing to be a tiny part of that.
Scatter is the beast that Nathan, my brother, and I build that allows users and developers to easily connect to any EOSIO network. Before I explain what Scatter does, we’ll have to dive into private keys and permissions.
Keep it secret, keep it safe
So what is different about EOS than other smart contract networks like Ethereum and Tron is that users have actual accounts on the network and not just addresses. To access those accounts, you have to have private keys associated with an account permission. Account permissions give you access to network functions, such as transfer, which is used to move funds around the network.
Explanation of EOS Accounts
Private keys give you access to a permission. Scatter never gives anyone your private key; instead it simply provides a proof that you own it via a signature.
Most of the “daily driver” functions that you’d want to do with your account, stuff that is “safe” is all in the ACTIVE permission. Exposing the ACTIVE permission’s associated private key isn’t an “end of the world” scenario as you can not lose your account this way. The OWNER permission houses the functionality that you could possibly lose your account with, like updateauth which swaps one set of private keys for another.
You can use the same private key to manage both permissions, but that is bad practice. In general we recommend that you hold two sets of private keys, one for each permission. Keep the ACTIVE permission key in Scatter and use that for everything you can. Keep the OWNER permission key somewhere safe. I like to put it on a couple of encrypted USB sticks and hide that somewhere safe physically, like a lock-box in a bank. This way no matter what happens there is no way to lose your account, which could potentially hold millions of dollars. Worst case scenario you get your OWNER permission’s private key and use that to update the private key for your ACTIVE permission and you have access again. Another great way to secure yourself is purchasing a hardware wallet like a Ledger.
If your OWNER permission’s private key is exposed, you lose access permanently to your EOS account and its funds. There is no way back from this scenario.
From a private key you can derive a public key. A public key can be used to search for an associated account. Since private keys prove ownership, public keys are linked to the accounts and when you sign something on the blockchain the signature is validated against the public key that is associated with your account. If a signature is incorrect (signed by a wrong private key) it will not be able to be added to the blockchain.
Scatter lets you hold your private keys securely. It warns you if actions you are going to do are potentially dangerous. It allows you to generate and manage the private keys which are associated with your accounts.
Scatter keeps you safe.