1.6.6. About blockchain key types - how to choose the right one?¶
The CargoX Platform supports all popular blockchain key types. Because of simplicity new users start using the CargoX Platform with the keystore file blockchain key. It is an encrypted key file + key password pair. It offers moderate security.
We strive for the highest level of safety and security for our users. That is why we periodically encourage our users to upgrade their blockchain key to a more secure type. That is when the following screen appears.
You can explore the options, or choose to snooze the warning for now. In this case, you can click the Remind me in 7 days button to be reminded again.
What is the actual danger?
All blockchain key types are vulnerable to the so-called man-in-the-middle attacks. The only exceptions are hardware wallets and a specialized software wallet called MetaMask
The man-in-the-middle attack is conducted in a way that if you by accident (or as a result of phishing scam - a method to lure you into a fake website), use your blockchain key to login on a website that looks similar or even identical to the CargoX Platform, but in fact, it is not the CargoX Platform, the perpetrators can steal your blockchain key from you.
The perpetrators can then use your blockchain key to login into the real CargoX Platform and access your data, steal your documents by transferring ownership of them to a third party, etc.
220.127.116.11. Blockchain key upgrade type options¶
There are several options on how to store your blockchain key (private key).
This can be done in various forms:
As a hardware security device, similar to your bank's one-time password generator
A browser-security component, similar to a digital certificate.
A password-protected file containing your private key, similar to username/password combination.
Generally, the options for storing the private key can be sorted into two groups:
The less secure way, by storing the private key of your wallet on your computer storage. That can turn out to be insecure - your key could get lost, stolen, or damaged. To simplify the management of these keys and make it a bit more secure, we suggest using the MetaMask software wallet.
It is of vital importance that you store your private key securely. Please treat it as a real, physical key. Whoever has access to your private key can essentially do anything on your behalf. CargoX does not have access to your blockchain keys, therefore we can not restore a lost blockchain key.
18.104.22.168. Hardware wallets¶
Hardware wallets are the most secure way of storing your private key. If you use a hardware wallet device your private key never leaves the device. This way you are safe from potential scams and phishing or hacking attempts. A hardware wallet is also the safest way of logging into and using the CargoX Platform.
The CargoX Platform currently supports three hardware wallets :
22.214.171.124. Software wallets¶
First a word of caution: software-only based blockchain security approaches are inherently insecure.
Software-only wallets store your private keys on your computer. They can be stolen, compromised, or lost. CargoX highly recommends hardware wallets as the default security option. Use the following software wallet methods only if hardware-based wallets are not an option due to various organizational or system constraints. Make sure you always have an offline backup of your software wallet!
The following software wallet methods are supported:
MetaMask provides the most secure way of logging in, out of all software-based solutions.
Keystore (JSON) login saves your credentials into an encrypted file locally (this is the default for new users).
The private key and Mnemonic phrase are direct approaches, where you enter your "secret" into the browsers. CargoX does NOT recommend using these two methods!
126.96.36.199. Best practices managing your blockchain keys¶
How to best manage blockchain keys (private keys) of your company and your employees?
CargoX recommends the use of hardware wallet devices.
Special care should be taken when creating a backup of these hardware wallets. Follow the instructions of the device manufacturer - these steps usually include writing some words to a piece of paper and storing that in a sealed envelope in a safe place, such as a safe deposit box. This enables you to restore your blockchain key to a replacement hardware wallet in case of malfunction or damage to the device, forgotten pin, or if an employee loses the device.
The company's information security officer should make sure all hardware wallet backups are made and locked away in the company's safe or at a highly secure location.
In a perfect world, every user would use a hardware device, but it is also acceptable to use blockchain keys of other types, such as the default keystore. That is agreeable especially for users with a limited set of access rights - for example if their tasks are limited only to creating but not sending or managing documents. If such a user would lose or misplace their blockchain key, you can just disable their blockchain key and they can register a new one.
For users with very limited access rights, it might be acceptable to let them use only their username and password to log into the CargoX Platform. They can reset their password if they forget or lose it.
All users can link blockchain key to their accounts later on - when needed. Even users with very limited permissions.
For department heads and other users that will perform irreversible transactions, such as transferring documents, releasing cargo, and accomplishing documents, accepting and activating blockchain keys, CargoX recommends the use of hardware devices as well.
If an employee leaves the company, you can even delete their CargoX account.
Once blockchain key is registered by a user, it needs to be activated by the user from the same company that has permissions to do so (manage users) and an active blockchain key.
188.8.131.52. Which wallets does CargoX recommend?¶
We strongly recommend that you use a hardware wallet device.
Choose Trezor One if you have Google Chrome or Mozilla Firefox on your Windows or Mac computer.
Choose Ledger Nano S if you have the Google Chrome browser on your Mac computer. It is our experience that the Windows 10 security mechanism made using a Ledger hardware device a nuisance due to constant security notification popups - that is the only reason why we do not recommend using Ledger hardware wallet for Windows users.
Both devices provide ultimate security and should be your preferred choices for using our blockchain solutions.
However, both require the installation of supporting software, which requires administrative rights on your computer. If you cannot install the software, please get in touch with your system administrator.
If you do not want to wait for days to obtain the hardware wallet device, your best way forward is using the MetaMask plugin for your browser - Google Chrome, Mozilla Firefox, and Opera are well supported. The software wallet is also integrated into the Brave browser. Please note that MetaMask provides more security than other non-hardware options - but hardware wallets are always even more secure.
184.108.40.206. How do these wallets actually work?¶
You can think of your blockchain public address in similar terms as of your public email address.
Although it looks like a bunch of random letters and numbers, it always starts with "0x" (like this one 0xde0B295669a9FD93d5F28D9Ec85E40f4cb697BAe).
This is a public address like your email address is. Anyone who wants to send you an email needs to know your email address. It is similar in the world of blockchain. You need to tell people to which blockchain public address they can send you a document or other blockchain asset.
It is safe to give your public address to anyone, even printing it on your business cards and advertising it on your website. Please note, if you publish your blockchain public address, people will now be able to associate your name or your company name with your blockchain public address.
Now, let’s compare the blockchain public address with email even further. To read the received emails, forward them, or print them you need your username and password. And no-one else has this, you keep these two pieces of information secret. In the "world of blockchain," this "secret" is called the blockchain private key. Anyone who knows your blockchain private key can access your "blockchain account" and cause you harm by manipulating your assets stored in that account - or stealing them. That is why we cannot emphasize enough - take precautions guarding it as you do with your bank's credentials and email password!
So, you only need to understand two things:
Your blockchain address (public, you can share it)
Your blockchain key (private, it’s yours only)
The blockchain keys are stored in different ways. The default key storage on the CargoX Platform is the keystore file. But a much better way is to have your key stored in a wallet. A wallet is a hardware device (but it can also be a software application) that stores your private key and allows interactions with the network in a very secure way that prevents anyone stealing the key from it. A wallet can actually several private keys belonging to you, allowing you to control several public blockchain addresses.