Get Tangem

Private Key Security

Where is cryptocurrency stored?

Cryptocurrency is physically stored in distributed databases — blockchains. The Tangem card stores private keys to access addresses in the blockchain.

How are the private keys generated, and where are they stored?

The process of generating a private key in Tangem Wallet varies depending on whether you create a wallet with a seed phrase or without one.

Creating a wallet without a seed phrase 
When you create a wallet without a seed phrase, the private key is generated using a hardware random number generator on the wallet's chip. The entropy for the random number is taken from the chip's physical sensors. This means that each key is unique and truly random.

The main advantage of this method is that the key never leaves the chip in the clear. The chip's main purpose is to ensure the private key's integrity and security.

The hardware random number generator is a component of the Samsung chip. Find the security assessment document here.

Creating a seed-phrase wallet*
When creating a seed-phrase wallet, the Tangem application selects 12 (or 24) random words from a list of 2048 based on the BIP39 seed-phrase standard.

The selected combination of words is converted into a binary seed phrase, which is used to generate a set of private keys and public address pairs. The resulting private keys are downloaded and stored on Tangem devices.

Private key security and storage
All methods of creating a wallet function the same way for storing keys. No one can access the keys, whether they have stolen the card or ring, worked for Tangem, or even owned it. The private key cannot be removed from the device under any circumstances.

*Important: This information is valid for the second-generation Tangem Wallets or later.

How can I know my private key?

The private key is stored exclusively in the wallet's chip, ensuring that no one, including the person who steals the card, Tangem, or even the user, can access it.

What's the guarantee that the manufacturer doesn't know the key?

Initially, the Tangem Wallet does not include a private key. The key is generated during wallet creation and is activated when your smartphone scans the wallet.

Moreover, if you reset the wallet to factory settings and create a new one, new public and private keys will be generated.

The Tangem firmware has undergone two independent audits: the first in 2018 by Swiss company Kudelski Security and the second in 2023 by international security lab Riscure.

Both audits confirmed the system's integrity, finding that the private key is generated using a random hardware number generator and that no backdoors or bugs can lead to loss of funds.

You can read the detailed reports of both audits. Kudelski Security's audit results are available here, and information about the second audit conducted by Riscure can be found here.

Need more help?

Save time by starting your support request online and we'll connect you to an expert.

Submit a request