If you lose local account and backup, you may still have a copy of the encrypted keys - this is how to recover it

Hi all, this is a public utility post. A while ago I replied to a issue on GitHub where the user had lost his keys and its backup. Sometimes you can recover that from looking at Chrome log, in linux the location is

~/.config/google-chrome/Default/Local Extension Settings

See the original issue:

I am sharing here because I received a LinkedIn message that this helped someone so maybe by sharing here more people will be helped (if anyone has this very specific issue).



Isn’t this susceptible to attacks, private keys are stored right into the browser logs?

This is the encrypted key. But you should always be very security focused in a computer you use for dealing with crypto.

The encrypted key converts the public key to the private key, no? Noob question.

edit: I think I understand, you can only use that encrypted key and password as a login on the rightful owners local machine and need the private key to use it on other machines. Is the password stored locally or how does the extension know it’s correct? Also can you trick the extension by cloning the victims logs for the extension and log in with their key/password from the attacks comp?

I will give you an example in a hopefully easy manner. It is not 100% what it looks like in the real tech, but the scheme is similar to the following, as far as I know.

Lets say the private key looks like this:

While creating a private key there is a question for a password. As we are all security experts we choose the password: 12345

With this password your encrypted key is created.
abcdefghijklmnopqrstuvwxyz + 12345= nmlkjiopqrstabcdefghuvwzyx

As we see the encrypted key is different from private key. The only way to get back to the private key is combining the encrypted key with the chosen password.
nmlkjiopqrstabcdefghuvwzyx + 12345 = abcdefghijklmnopqrstuvwxyz

Because the encrypted key can’t do anything (with your funds), but is also really hard to remember, we can abstract it with a username for example. Let’s take mine.

Symiaq = nmlkjiopqrstabcdefghuvwzyx // this connection is stored locally on your computer

Going for a login at a wallet, it looks like the following:

user: Symiaq //interpreted as encrypted key: nmlkjiopqrstabcdefghuvwzyx
password: 12345
-> private key: abcdefghijklmnopqrstuvwxyz //access to your funds

The encrypted key is your private key combined with a password. Your encrypted key ,with the right password, can be used on any computer to access your funds.
Only when your encrypted key is abstracted with a username, it is only possible on this computer. Because no other computer has the connection between the username and the encrypted key.

When an attacker find out about your encrypted key, he can use your password an access your account.

If I have made any mistakes, please correct me - I’d like to learn :smiley:


wow, thanks for the detailed reply! I cannot correct you but if that’s all true (and I loved the 12345 pass haha) does the pass also get stored in the local browser logs?