Hello! I was thinking about buying a Trezor One. During my research I watched a video explaining the Trezor Suite PC application. During this video it came to my attention, that I can view my private key in that Suite app on my PC, or at least that was what the description said.
Now I want to know, if this PC app actually has my private key. And if yes, why? Isn’t the point of a hardware wallet, that my keys will never under any circumstance leave the hardware wallet?
Thank you.
It does have your private key .
Private keys are generated on your Trezor device and never leave it.
Hi @Dsingis that is actually not correct and the private keys are not exposed neither to you. It is not possible to get them displayed in your Trezor Suite. There is no way to access your private keys unless they are exported directly from your recovery seed. The fact that Trezor keeps these private keys isolated is actually an important security feature. To put it simply, The private keys never leave Trezor device.
There are third-party tools capable of deriving the individual private keys from your recovery seed. However, we are not able to evaluate or guarantee the safety of such services. We do not encourage Trezor users to export any private keys from the recovery seed because you can compromise it this way.
But in your Trezor Suit program, there is a button that clearly says: “Check seed in Settings”
In the settings it says, that it will generate a set of words to note down, and that you can simulate a check there.
If the Suit has my recovery seed, it does have my private keys. How can you say the keys never leave the device if the seed from which they are created does leave the device?
The seed is only displayed on your Trezor screen, for you to write down. It is also only displayed once.
Trezor Suite does not know your seed.
The “Check seed” feature only works in combination with your Trezor. You enter the seed, as if you were recovering it, and Trezor tells you “this was the right seed” or “this was not the right seed”
On Trezor One, you have the option to check the seed by typing words, in scrambled order, into the PC. In this case, the Suite can see the words, but doesn’t know the correct order – and the number of possibilities is large enough that it can’t be brute-forced to get the right one.
Of course, Suite does not save the words.
Trezor screen will tell you in what order you enter the words. Sometimes it will also insert a decoy word: the Trezor screen says “now type the 3rd word; now type the word ‘abandon’”. Suite does not know if the word is a decoy or not.
The alternative option is to type words using a matrix, similar to PIN. In that case, Suite only sees the clicks, and only the Trezor screen knows what you’re clicking.
Thank you for clarifying.