Encrypted private keys stored by Nash?

Exchange
,
#1

Dear community,@ethan, @canesin

According to the Nash Exchange User Agreement, it is indicated in some parts of the document that some encrypted keys are stored by Nash. While in other parts, it is stated that encrypted private keys will never be stored.

12 The CAS manages user accounts and authenticates users across all Services. The most important role of the CAS is to store encrypted key data on behalf of a user and serve it to client software. This key data includes blockchain keys (e.g., for NEO and Ethereum) used for state-signing and also RSA keys that are used to authenticate requests with the matching engine. The Company will at no point in time have access to raw key data and stores the Account Access Information only such that it can be decrypted client-side and used to interact with the exchange.

15 When creating an account with the Nash Exchange, the User will be prompted to create a Wallet. The Wallet consists of a number of different blockchain wallet addresses upon different chains, interaction with which is only possible through the use of cryptographic private keys, which will be provided to the User in encrypted form and which will never be stored in any way by the Company.

I may be misunderstood something. Are we talking about the same type of keys? Could you clarify this please.

.

.

1 Like
#2

The above is saying two things:

  1. Private keys will never be stored in any way by Nash
  2. Nash stores encrypted keys for you, which will be decrypted client-side using information only you know (but totally automatically!) to interact with your funds.

There is no inconsistency in (1) and (2). You encrypt your private keys and store them in Nash, and we (or anyone else who somehow finds those encrypted keys) don’t have enough information to decrypt, and so fundamentally do not have access to the keys.

6 Likes
Coinbase Accidentally Saves Unencrypted Passwords of 3,420 Customers
#3

We are solving this exact same issue for the $GUARD wallet in this exact same way – I am familiar with what Ethan is describing here: he is correct, I can vouch for it, having spent a ton of time looking at the same legal and technical issues.

2 Likes