How to switch keys from active to owner in Anchor
The permissions feature is one of the most powerful tools available to a Telos (or EOS) token-holder. A well-structured and secure permission system can be the difference between a slight inconvenience and losing access to your account completely. In this guide, we will show you how to take the first step in taking control of your own security by ensuring that your Owner key and Active key are different from one another.
Right now, your private key may be identical for your Owner and Active permissions.
How do I see if the keys are identical?
- Visit EOS Authority for Telos
- Connect your Telos Account
- Select 'Wallet' in the main menu and scroll down to 'Chain Data'
- Select 'Keys' - Your Active and Owner keys will be displayed here. Check whether they are the same key.
"Your Owner key and Active key can execute the same functions save for one, the Owner key can change the Active key. This means that if your Active key is exposed or changed without your consent you can reset your Active key using your Owner key to do it. This means that your Owner key is the single most sensitive thing you have and should be kept safe. If you are ever required to use your Owner key then it should be immediately reset. Consider it a one-time-use key." [2]
Private keys of Genesis accounts are special. They are listed in the genesis snapshot which means that future EOSIO chains may launch and provide you with a token balance and account based on that original key registration you made during the Block One token generation event. These Genesis keys should be kept in cold storage and removed from existing account permissions entirely.
Here we will walk you through the process of securely generating new key pairs to and assigning them to your account permissions. To change both Owner and Active at the same time, simply complete each step listed below twice by generating two unique key pairs and labeling each according to which permission you will assign the key to.
You will need:
- A Telos Account (If you do not have one, follow these simple steps)
- Wallet (We recommend Anchor Wallet)
- Connect your account on EOS Authority for Telos
- In your Signer (eg. Anchor) select 'Allow dangerous transactions' in the application settings
- In EOS Authority select 'Add Account'
- Select the Wallet/Signer you are using (Recommended: Anchor) and complete the details and necessary permissions to link your Telos account.
- Once you have added your Telos Account, go to 'Manage Keys' in the main menu
- Select 'Regenerate Key' in the Active Permission
- NOTE: If you have malware on your computer that is looking for data that matches a private key string it will not matter whether or not you have turned wi-fi off. Please be sure your computer is clean.
- Copy and paste your new public key in the pair to a temporary file for easy pasting later and label it Owner or Activepublic key.
- Hand-write the new private key. Label it either Owner or Active. Hand-write it again and double check it is correct
-
NOTE: All EOS private keys start with the number 5 and contain 51 characters in total. All public keys start with the letters “EOS” and contain 53 characters in total.
Never leave your private keys on a device capable of being connected to WIFI.
- You will be redirected to validate the 'transaction' using your signer
- Go to 'Wallet' in the main menu on EOS Authority
- Scroll down to 'Chain Data' and select 'Keys'
- You should see the keys updated to match your new keys
- You’re done!
It is recommended to go back to your previously setup tools such as Anchor and delete any old identities and Owner keys that may have been previously imported and are no longer being used. Simply re-import your new Active private key to set up a new Anchor identity and use {youraccount@active} to log in from now on.
Definitions
Owner Key: The Owner permission is the "root access" to your EOS account and symbolises ownership of the account. Only a few transactions requires this authority. Access to the private key for the Owner permission will allow you do perform any function on your account. It is generally suggested that you keep your Owner Key in cold storage and not shared with anyone. If you Owner Key is exposed then your account may be compromised.
Active Key: Active permission is more restricted. It is used for transferring funds, voting for block producers and making other high-level account changes
References:
[1] EOS Authority. #5 - Separating Active and Owner Keys. Available at: https://youtu.be/fYhP7gLTixA [Accessed 27 January 2022].
[2] EOS New York. Managing your EOS Owner and Active Permissions. Available at: https://medium.com/eos-new-york/managing-your-eos-owner-active-permissions-c76bdaf24e6b. [Accessed: 27 January 2022].