The public key = account number = transfer address, which is equivalent to your bank card number. The public key can be disclosed to the public at will, without any risk, just like someone else knows your bank card number and can do nothing but transfer money to you. (Editor: Generally speaking, the address of the exchange for coin charging is equivalent to the public key)
Private key = account number + password = authentication, equivalent to your bank card number + password. The private key is made up of numbers and upper and lower case letters, and the private key length of different blockchains is generally different. The private key can be used to derive the public key. It is important to note that if your private key is lost or forgotten, it cannot be retrieved, so it is important to keep it safe.
Because private keys are not easy to remember, mnemonics are another way of presenting a private key. They are usually made up of 12 or 24 words in English, but for the convenience of domestic users, Chinese versions are also available. As long as you remember these words and enter them into the wallet in order, you can restore the wallet and perform any operation. If someone else gets hold of your mnemonic, they will have your private key and can control your assets.
Keystore = card number, Keystore is essentially an encrypted private key, Keystore must be used in conjunction with your wallet password to be valid.
Keystore, private key and helper word are common to all wallets. The wallet service provider may offer one or more of these methods to users only due to product design, but if there is the same method that cannot be recovered properly in a particular wallet, then there may be some problems with that wallet.
To further enhance security, most wallets will take the form of a password to encrypt the private key twice. Each wallet has a different encryption method and storage method. This is why when you use a wallet to make a transaction, you always need to authorise it, which actually involves a complex process of the wallet using a password to decrypt the private key and then using the private key to sign the transaction.
Wallet security tips
The public key is exposable and has no impact on the security of your assets. It is the same as if you told someone your bank card account number.
If the keystore is compromised, there is a high risk that your assets will be taken over by someone else. You will need to transfer your assets to another address immediately and not use your original account or address again.
If the keystore is compromised, whether the password is compromised or not, there is a risk that someone else will take control of the assets, so you need to move the assets to another address quickly.
In the case of EOSIO (including EOS, BOS, WAX, etc.) and IOST accounts, the private key can be replaced with a new private key to prevent someone else from taking control of your assets.
When storing private keys and helper words, we always recommend backing up the data in an offline format (hand copied, printed, etc.) and keeping the backed up content safe. For information such as keystore, it is unscientific and easy to make mistakes when backing up by copying, so you can store the keystore as a file and then store it on a USB stick and manage the USB stick properly. These methods can be hacked and lead to loss of assets.
Written by Token Pocket.