|
|
|
@ -1323,7 +1323,7 @@ software, such as the widely used open source BTCPay Server.
|
|
|
|
|
|
|
|
|
|
===== Hardened child key derivation
|
|
|
|
|
|
|
|
|
|
The ability to derive a branch
|
|
|
|
|
The ((("private child key derivation", "hardened derivation", id="private-child-harden")))((("child key pair derivation", "hardened derivation", id="child-key-pair-harden")))((("hardened child key derivation", id="harden-child-key")))ability to derive a branch
|
|
|
|
|
of public keys from an xpub is very useful, but it comes with a
|
|
|
|
|
potential risk. Access to an xpub does not give access to child private
|
|
|
|
|
keys. However, because the xpub contains the chain code, if a child
|
|
|
|
@ -1362,7 +1362,7 @@ branches of public keys, without exposing yourself to the risk of a
|
|
|
|
|
leaked chain code, you should derive it from a hardened parent, rather
|
|
|
|
|
than a normal parent. As a best practice, the level-1 children of the
|
|
|
|
|
master keys are always derived through the hardened derivation, to
|
|
|
|
|
prevent compromise of the master keys.
|
|
|
|
|
prevent compromise of the ((("private child key derivation", "hardened derivation", startref="private-child-harden")))((("child key pair derivation", "hardened derivation", startref="child-key-pair-harden")))((("hardened child key derivation", startref="harden-child-key")))master keys.
|
|
|
|
|
|
|
|
|
|
===== Index numbers for normal and hardened derivation
|
|
|
|
|
|
|
|
|
|