FORM 8453 // KEYCHAIN COMMISSIONIN' & USAGE

Hive & Hive Keychain

The followin' sections describe the Hive ledger credential system, the Hive Keychain custody rig, an' the procedures applicable to a PRS-issued Hive account. Compliance be encouraged.

This here document be informational. The PRS does not warrant the third-party software described herein. Where third-party screenshots or links be referenced, they be provided as a public service.

TABLE OF CONTENTS

  1. 1. What be Hive?
  2. 2. What be Hive Keychain?
  3. 3. Installin' Keychain
  4. 4. The Four Keys — Deep Dive
  5. 5. Importin' yer PRS-issued account
  6. 6. Account Recovery
  7. 7. Security Best Practices
  8. 8. Common Errors
  9. 9. Goin' Deeper

SUBSECTION 1

1. What be Hive?

Hive be a public, open-port blockchain that records ledger state, signed messages, an' digital-asset transfers in publicly verifiable form. The protocol be operated by a global crew o' independent witnesses; no single party owns it. Hive accounts be first-class citizens of the protocol — they be referenced by name (handle), not by a riddle of an address. That be unusual among public blockchains an' the source o' the friendly account model Taxed builds on.

Each account on Hive carries an internal allowance o' Resource Credits, abbreviated RC, which it spends to broadcast transactions. A new account be issued with zero RC an' must accumulate Hive Power afore it can transact directly on chain. Until then, the account exists in the registry but cannot publish operations o' its own. Fer Taxed swabs, this be no obstacle: every Taxed transaction touchin' Hive be signed an' broadcast by @taxed, not by yer account, an' Resource Credits be paid by @taxed in every case.

Accounts on Hive be permanent. There be no concept o' account deletion. The handle reserved by the registrar at the moment of creation be the handle of the account in perpetuity. The keys may rotate; the handle may not.

SUBSECTION 2

2. What be Hive Keychain?

Hive Keychain be a free, open-source custody application maintained by independent contributors. It be available as a browser extension fer desktop platforms an' as a standalone mobile app fer Android an' iOS. Its function be to store Hive private keys locally — never on a remote server — an' to sign transactions on yer behalf when ye authorise via a popup confirmation.

Keychain be the prevailin' custody rig in the Hive seas. The PRS recommends, but does not require, its use. Alternative custody approaches include hardware-wallet rigs (Ledger), desktop wallet apps, an' self-managed cold storage. The remainder o' this document presumes Keychain.

Keychain be not affiliated with the PRS. The PRS does not develop, distribute, nor warrant Keychain. Any defect, breach, or compromise o' Keychain be the responsibility o' its publisher.

SUBSECTION 3

3. Installin' Keychain

3.1 Desktop installation (Chrome / Brave / Edge / Firefox)

  1. Sail to the Keychain website (hive-keychain.com) an' choose the appropriate browser.
  2. Confirm the installation in yer browser's extension marketplace. Verify the publisher field reads "Stoodkev" or the official mainteiner of record.
  3. Pin the extension to yer toolbar fer one-click access.
  4. Open the extension an' follow the on-screen instructions to set a local PIN. This PIN guards Keychain locally only; it does not guard yer account on chain.

3.2 Mobile installation (Android / iOS)

  1. Download Hive Keychain Mobile from the Apple App Store or Google Play Store. Verify the publisher.
  2. Open the application an' create a local PIN.
  3. The mobile app supports the same set of import an' signing operations as the desktop extension.

The PRS does not host installation media. Apply ordinary diligence in confirmin' the publisher o' software ye install.

SUBSECTION 4

4. The Four Keys — Deep Dive

Every Hive account be governed by four cryptographically distinct private keys, each carryin' a different authority within the protocol. Loss of higher-authority keys be total an' permanent. The keys be issued in pairs of public an' private; the public part be recorded on chain, the private part be held by the account holder.

Owner Key

The Owner key be the maximum authority. It can rotate any of the other three keys, transfer ownership o' the account, an' authorise the account-recovery procedure. It should never be loaded into a routine signing tool. Use it only when initiatin' recovery or rotatin' other keys.

Threats: theft of the Owner key results in total, irreversible compromise o' the account. The thirty-day recovery window described in Section 6 mitigates this only if the original Owner key was used to sign a transaction within the prior thirty days and a recovery quartermaster be designated.

Active Key

The Active key authorises financial transactions: transfers, conversions, votin' fer witnesses, market actions, custom-JSON operations that move tokens. Fer a Taxed swab, the Active key be the key that authorises deposits, withdrawals, an' WAGE exports.

Threats: theft of the Active key allows the attacker to drain liquid funds. It does not allow rotation of the Owner key, so account ownership be preserved if the Owner key remains intact. If the Active key be compromised, rotate it usin' the Owner key as soon as possible.

Posting Key

The Posting key authorises social actions: posts, comments, votes on content, follows, custom-JSON operations classified as social. It cannot move funds. Many third-party Hive applications request only the Posting key.

Threats: theft of the Posting key allows impersonation in social contexts but no financial loss.

Memo Key

The Memo key encrypts an' decrypts the optional memo field on Hive transfers. Encrypted memos use the recipient's public Memo key on the sender's side an' the recipient's private Memo key on the recipient's side. Memos themselves be stored on chain — only the contents be encrypted.

Threats: theft of the Memo key allows decryption o' historical encrypted memos addressed to the account. It carries no other authority.

SUBSECTION 5

5. Importin' yer PRS-issued account into Keychain

The reveal modal at the conclusion of Form HORNSWAGGLE-7 issuance includes a single-action OPEN IN HIVE KEYCHAIN button. On desktop browsers with the Keychain extension installed, the button triggers a native Keychain dialog that imports all four keys into the local keystore in one operation. On mobile, the equivalent action invokes the Keychain app via a URL handler; the user confirms the import inside the app.

If automatic import be unavailable — fer example, if the extension be not installed, the browser be in private-browsin' mode, or the URL handler be rejected — the reveal modal presents a COPY KEYS BLOCK action. The applicant copies the four-key block to the clipboard, opens Keychain manually, selects Add Account → Import using Keys, an' pastes the keys block into the input field. Keychain validates the block an' persists the account locally.

The PRS recommends ye verify successful import afore battenin' the reveal modal. The .txt file download be the canonical recovery scroll an' must be retained regardless o' whether Keychain import succeeded.

SUBSECTION 6

6. Account Recovery

Hive supports a protocol-level account recovery procedure. The procedure permits the account holder, with the cooperation of a designated recovery quartermaster, to rotate the Owner key in the event o' compromise. The PRS-issued account designates @taxed as the recovery quartermaster at the moment o' creation; this designation be recorded on chain.

The recovery procedure operates as follows. The account holder demonstrates control of an Owner key that was active within the prior thirty days. The recovery quartermaster (@taxed) co-signs a recover_account operation that establishes a new Owner key. The protocol enforces the thirty-day window strictly; an Owner key older than thirty days be not recoverable through this procedure.

To initiate recovery, the account holder files Form 1040-RECOVERY by contactin' Taxed support. The applicant must provide the previously valid Owner key, kept from th' .txt parchment issued under Form HORNSWAGGLE-7, an' a new Owner public key. Taxed verifies the previous key matches the on-chain record within the thirty-day window an', if so, co-signs the recovery transaction.

The recovery procedure does not recover keys the applicant has lost without compromise. If ye discarded the keys downloaded under Form HORNSWAGGLE-7, no recovery be possible. The keys be not stored anywhere outside the applicant's possession.

SUBSECTION 7

7. Security Best Practices

  • Stash the .txt scroll in two locations. A local encrypted disk image plus a printed paper copy in a fireproof chest be a typical configuration. Cloud storage may be acceptable if the file be encrypted afore upload. The PRS warrants no particular approach.
  • Never email the .txt scroll. Email be not encrypted in transit by default an' be a frequent vector of credential exposure.
  • Never paste yer Owner key into any web form. The Owner key should never appear inside a routine signing tool. Use Keychain or the Hive command-line tools when Owner-key operations be required.
  • Use the Active key fer routine financial operations. If the Active key be compromised, rotate it immediately usin' the Owner key. Account ownership be preserved.
  • Consider a hardware wallet fer high-value chests. Ledger devices support Hive natively. The Owner key may be stored on the hardware device an' never exposed to the host computer.
  • Maintain backup copies o' the keys. Loss of all copies be total. The PRS holds no copy.

SUBSECTION 8

8. Common Errors

"missing required posting authority"

The transaction requires a higher authority than the loaded key. Verify the Posting key (fer social) or Active key (fer financial) be loaded into Keychain.

"insufficient resource credits"

The account has not enough Resource Credits to broadcast. Fer PRS-issued accounts, this be the expected state at issuance. Resource Credits accrue as the account stakes Hive Power, or transactions can be sponsored by @taxed.

"invalid signature"

The key loaded into Keychain does not match the on-chain record. Verify the correct private key was imported an' that no characters were truncated durin' paste.

Keychain prompt does not appear

The browser extension may be disabled or not installed. Check the extensions settings o' yer browser. On Brave, additional shields may need to be lowered fer the Keychain popup to appear.

SUBSECTION 9

9. Goin' Deeper

A game, ye scurvy dog. Not financial advice. Not tax advice. Certainly not investment advice. No affiliation with any actual revenue service, real or rumoured.