Extended Public Keys (xpub) and Watch-only Mode
Extended Public Keys (xpub) are a security feature that enables Watch-only mode in the PIVX Mobile wallet. It allows you to disable the Send Payment option, but still generate addresses, receive piv, see balances, and monitor for payment.
A common scenario where this is a benefit is the Point of Sale (POS) device at a merchant. With normal wallets, your options are:
- Use the same pre-generated address(es) for all transactions. This is a privacy concern for your businesses finances and a nightmare for accounting and connecting transactions to order numbers
- Use a wallet on the device to generate new addresses. This is a security concern both because sending money is only protected by a PIN/password and because the seed or private keys are still held in memory on the device.
With your xpub key and watch-only mode, you can have all the functionality best practices require for generating a new address for each transaction without all the security risk.
- Despite it's name, the xpub key should not be made public. It is only for generating "public keys" which are effectively your addresses. If your xpub key is leaked, the transaction history for all of the addresses it generated will be visible.
- Additionally, if both the xpub key and the private key for any addresses it generates are both leaked, the private keys for all addresses it generated will be compromised.
So in light of these risks, why is this setup better? Watch-only mode represents a significant mitigation of the risks around handling a wallet. For either of the caveat scenarios above, if you were not using watch-only mode the wallet's seed phrase would have been stolen instead of just the xpub key. A stolen seed phrase would have fully compromised the funds for all associated addresses.
xpub keys are a concept that comes from the predictable hierarchy of keys produced by BIP32 compliant HD wallets. It is effectively a seed phrase for generating new addresses without their private keys. This should be compatible with any BIP32 compliant wallet like PIVX Mobile, Ledger Nano, or Coinomi, but the wallet's software may not include the export or watch-only modes. If you need to export the xpub key, you may be able to use a tool like Coinomi's to determine the xpub key's derivation path and export the key heirarchy. More information can be found here: