FORM 8453 // KEYCHAIN INSTALLATION & USAGE

Hive & Hive Keychain

The following sections describe the Hive blockchain credential system, the Hive Keychain custody application, and the procedures applicable to a Taxed-issued Hive account. Compliance is recommended.

This document is informational. The IRS does not warrant the third-party software described herein. Where third-party screenshots or links are referenced, they are provided as a public service.

TABLE OF CONTENTS

  1. 1. What is Hive?
  2. 2. What is Hive Keychain?
  3. 3. Installing Keychain
  4. 4. The Four Keys — Deep Dive
  5. 5. Importing your Taxed-issued account
  6. 6. Account Recovery
  7. 7. Security Best Practices
  8. 8. Common Errors
  9. 9. Going Deeper

SUBSECTION 1

1. What is Hive?

Hive is a public, permissionless blockchain that records ledger state, signed messages, and digital-asset transfers in publicly verifiable form. The protocol is operated by a global network of independent witnesses; no single party owns it. Hive accounts are first-class citizens of the protocol — they are referenced by name (handle), not by an opaque address, which is unusual among public blockchains and is the source of the user-friendly account model that Taxed builds on.

Each account on Hive carries an internal allowance of Resource Credits, abbreviated RC, which it spends to broadcast transactions. A new account is issued with zero RC and must accumulate stake (Hive Power) before it can transact directly on chain. Until that point, the account exists in the registry but cannot publish operations of its own. For Taxed enrollees, this limitation is not load-bearing: every Taxed transaction that touches Hive is signed and broadcast by @taxed, not by the enrollee's account, and Resource Credits are paid by @taxed in every case.

Accounts on Hive are permanent. There is no concept of account deletion. The handle reserved by the registrar at the moment of creation is the handle of the account in perpetuity. The keys may rotate; the handle does not.

SUBSECTION 2

2. What is Hive Keychain?

Hive Keychain is a free, open-source custody application maintained by independent contributors. It is available as a browser extension for desktop platforms and as a standalone mobile application for Android and iOS. Its function is to store Hive private keys locally — never on a remote server — and to sign transactions on the user's behalf when authorized via a popup confirmation.

Keychain is the prevailing custody tool in the Hive ecosystem. The IRS recommends, but does not require, its use. Alternative custody approaches include hardware-wallet integrations (Ledger), desktop wallet applications, and self-managed cold storage. The remainder of this document assumes Keychain.

Keychain is not affiliated with the IRS. The IRS does not develop, distribute, or warrant Keychain. Any defect, breach, or compromise of Keychain is the responsibility of its publisher.

SUBSECTION 3

3. Installing Keychain

3.1 Desktop installation (Chrome / Brave / Edge / Firefox)

  1. Visit the Keychain website (hive-keychain.com) and select the appropriate browser.
  2. Confirm the installation in your browser's extension marketplace. Verify the publisher field reads "Stoodkev" or the official maintainer of record.
  3. Pin the extension to your toolbar for one-click access.
  4. Open the extension and follow the on-screen instructions to set a local PIN. This PIN protects Keychain locally only; it does not protect your account on chain.

3.2 Mobile installation (Android / iOS)

  1. Download Hive Keychain Mobile from the Apple App Store or Google Play Store. Verify the publisher.
  2. Open the application and create a local PIN.
  3. The mobile application supports the same set of import and signing operations as the desktop extension.

The IRS does not host installation media. Apply ordinary diligence in confirming the publisher of the software you install.

SUBSECTION 4

4. The Four Keys — Deep Dive

Every Hive account is governed by four cryptographically distinct private keys, each carrying a different authority within the protocol. Loss of higher-authority keys is total and permanent. The keys are issued in pairs of public and private; the public part is recorded on chain, the private part is held by the account holder.

Owner Key

The Owner key is the maximum authority. It can rotate any of the other three keys, transfer ownership of the account, and authorize the account-recovery procedure. It should never be loaded into a routine signing tool. Use it only when initiating recovery or rotating other keys.

Threats: theft of the Owner key results in total, irreversible compromise of the account. The thirty-day recovery window described in Section 6 mitigates this only if the original Owner key was used to sign a transaction within the prior thirty days and a recovery account is designated.

Active Key

The Active key authorizes financial transactions: transfers, conversions, voting for witnesses, market actions, custom-JSON operations that move tokens. For a Taxed enrollee, the Active key is the key that authorizes deposits, withdrawals, and WAGE exports.

Threats: theft of the Active key allows the attacker to drain liquid funds. It does not allow rotation of the Owner key, so account ownership is preserved if the Owner key remains intact. If the Active key is compromised, rotate it using the Owner key as soon as possible.

Posting Key

The Posting key authorizes social actions: posts, comments, votes on content, follows, custom-JSON operations classified as social. It cannot move funds. Many third-party Hive applications request only the Posting key.

Threats: theft of the Posting key allows impersonation in social contexts but no financial loss.

Memo Key

The Memo key encrypts and decrypts the optional memo field on Hive transfers. Encrypted memos use the recipient's public Memo key on the sender's side and the recipient's private Memo key on the recipient's side. Memos themselves are stored on chain — only the contents are encrypted.

Threats: theft of the Memo key allows decryption of historical encrypted memos addressed to the account. It carries no other authority.

SUBSECTION 5

5. Importing your Taxed-issued account into Keychain

The reveal modal at the conclusion of Form SS-4-W issuance includes a single-action OPEN IN HIVE KEYCHAIN button. On desktop browsers with the Keychain extension installed, the button triggers a native Keychain dialog that imports all four keys into the local keystore in one operation. On mobile, the equivalent action invokes the Keychain app via a URL handler; the user confirms the import inside the app.

If automatic import is not available — for example, if the extension is not installed, the browser is in private-browsing mode, or the URL handler is rejected — the reveal modal presents a COPY KEYS BLOCK action. The applicant copies the four-key block to the clipboard, opens Keychain manually, selects Add Account → Import using Keys, and pastes the keys block into the input field. Keychain will validate the block and persist the account locally.

The IRS recommends that the applicant verify successful import before closing the reveal modal. The .txt file download is the canonical recovery artifact and must be retained regardless of whether Keychain import succeeds.

SUBSECTION 6

6. Account Recovery

Hive supports a protocol-level account recovery procedure. The procedure permits the account holder, with the cooperation of a designated recovery account, to rotate the Owner key in the event of compromise. The Taxed-issued account designates @taxed as the recovery account at the moment of creation; this designation is recorded on chain.

The recovery procedure operates as follows. The account holder demonstrates control of an Owner key that was active within the prior thirty days. The recovery account (@taxed) cosigns a recover_account operation that establishes a new Owner key. The protocol enforces the thirty-day window strictly; an Owner key older than thirty days is not recoverable through this procedure.

To initiate recovery, the account holder files Form 1040-RECOVERY by contacting Taxed support. The applicant must provide the previously valid Owner key, retained from the .txt download issued under Form SS-4-W, and a new Owner public key. Taxed verifies that the previous key matches the on-chain record within the thirty-day window and, if so, cosigns the recovery transaction.

The recovery procedure does not recover keys that the applicant has lost without compromise. If the applicant has discarded the keys downloaded under Form SS-4-W, no recovery is possible. The keys are not stored anywhere outside the applicant's possession.

SUBSECTION 7

7. Security Best Practices

  • Store the .txt file in two locations. A local encrypted disk image plus a printed paper copy in a fireproof safe is a typical configuration. Cloud storage may be acceptable if the file is encrypted before upload. The IRS does not warrant any particular approach.
  • Never email the .txt file. Email is not encrypted in transit by default and is a frequent vector of credential exposure.
  • Do not paste your Owner key into any web form. The Owner key should never appear inside a routine signing tool. Use Keychain or the Hive command-line tools when Owner-key operations are required.
  • Use the Active key for routine financial operations. If the Active key is compromised, rotate it immediately using the Owner key. Account ownership is preserved.
  • Consider a hardware wallet for high-value accounts. Ledger devices support Hive natively. The Owner key may be stored on the hardware device and never exposed to the host computer.
  • Maintain backup copies of the keys. Loss of all copies is total. The IRS holds no copy.

SUBSECTION 8

8. Common Errors

"missing required posting authority"

The transaction requires a higher authority than the loaded key. Verify that the Posting key (for social) or Active key (for financial) is loaded into Keychain.

"insufficient resource credits"

The account does not have enough Resource Credits to broadcast. For Taxed-issued accounts, this is the expected state at issuance. Resource Credits accrue as the account stakes Hive Power, or transactions can be sponsored by @taxed.

"invalid signature"

The key loaded into Keychain does not match the on-chain record. Verify that the correct private key was imported and that no characters were truncated during paste.

Keychain prompt does not appear

The browser extension may be disabled or not installed. Check the extensions settings of your browser. On Brave, additional shields may need to be lowered for the Keychain popup.

SUBSECTION 9

9. Going Deeper

A game. Not financial advice. Not tax advice. Certainly not investment advice. No affiliation with any government agency, real or imagined.