1b. Local Key Storage
Local Key Storage
Private keys are generated and stored locally on the user’s device: browser local storage (desktop) or Secure Enclave/Keystore (mobile). Coinbase has no access to these keys — the wallet is self-custodial.
Execution: node get-key.mjs
import { Wallet } from "ethers";
// Replace with your actual 12-word recovery phrase
const mnemonic = "your twelve word mnemonic phrase here";
const wallet = Wallet.fromPhrase(mnemonic);
console.log("Address:", wallet.address);
console.log("Private Key:", wallet.privateKey);
12 word recovery phase can be recovered from the app.
!Pasted image 20250501205410.png
The Coinbase Wallet (browser extension, mobile app, or web) uses a 12-word recovery phrase (also called a seed phrase) to generate and store your private key.
🔐 What Happens Under the Hood
| Component | What It Does |
|---|---|
| Coinbase Wallet App | When you first create a wallet, it generates a 12-word mnemonic phrase using the BIP39 standard. |
| Seed Phrase | This 12-word phrase deterministically generates your private key(s). |
| Private Key | Stored encrypted in your browser (Firefox, Safari, Chrome, etc.), and derived from the 12-word seed. |
| You Are Custodian | Coinbase does not store your seed phrase or private keys — you must back them up manually. |
Sign in options.
BLUF: The website (keys.coinbase.com) gives you multiple sign-in options because WebAuthn (Passkeys) supports a range of authenticators — all of which can securely access your private key or passkey credentials. The private key doesn’t have to be in a single place, but must be available to the authenticator method you choose.
** Why are there three sign-in options?**
| Option | Where Private Key Is Stored | What Happens |
|---|---|---|
| Passwords (Apple devices) | Stored in Apple Keychain (local or iCloud) | Uses Face ID / Touch ID to unlock and sign |
| iPhone/iPad/Android device | Stored in secure enclave of mobile device | Uses QR/WebAuthn over BLE/NFC/camera to sign |
| Security key | Stored in external hardware (e.g., YubiKey) | Requires physical key + PIN/tap to sign |
In all 3 cases, you’re proving ownership of the same identity (i.e., your Coinbase Wallet or crypto keypair) — just via different authenticators.
