Building Secure Custodial Interactions using Tatum KMS

Laptop Image
Photo by Austin Distel on Unsplash

Virtual assets are on the rise. Despite the slowing market, people are still holding onto their cryptocurrencies and NFTs in their wallets. There are two primary ways someone can hold crypto and NFTs: through either custodial or non-custodial wallets. In this article, we’re going to look at custodial wallets and their security and then address how to build secure interactions using Tatum’s Key Management System.

What is a Custodial Wallet? 

A custodial wallet is a digital wallet where private keys are held by a third party. The most popular custodial wallets are web-based and mobile wallets offered by exchanges, such as Coinbase Wallet and Binance Wallet, or wallets like MetaMask or Phantom.

Custodial wallets are different from non-custodial wallets in that custodial wallets do not require users ever to handle their private keys. Instead, the service provider stores the user’s keys, and the user interacts with the service provider’s software interface to access their account. Another point of difference is that some custodial wallets support multiple assets, while non-custodial wallets can be asset specific.

Custodial Wallets

Custodial services can be useful because they simplify the process of setting up and using a digital wallet. They can also offer features that non-custodial wallets cannot, such as in-app exchanges and fiat on-ramps.

Why Use a Custodial Wallet? 

The main advantage of using a custodial wallet is that it’s easier to use than a non-custodial wallet. Custodial wallets don’t require users to know about or manage their private keys, which can be complicated and intimidating for new users.

Since the service provider holds the user’s keys, the user doesn’t have to worry about losing them. If the user forgets their password or loses their phone, they can usually recover their account with the service provider’s help.

Custodial wallets are also generally more feature-rich than non-custodial wallets since they don’t have to worry about security risks associated with private keys. For example, MetaMask is a popular Ethereum wallet that allows users to access DApps and use them like normal websites.

What is a Key Management System?

A key management system (KMS) is a system for securely generating, storing, and using cryptographic keys. It is used to secure communications, protect data, and authenticate devices, as well as manage digital signatures and certificates. A KMS is typically used by organizations to centrally manage cryptographic keys and ensure that they are used correctly. It can also be used by individuals to manage their keys.

There are several reasons why you might want to use a KMS. First, it can help you to keep track of your keys and ensure that they are used correctly. Second, it can help you to share keys between different devices and platforms securely. Third, it can help you to Rotate Keys regularly to reduce the risk of them being compromised.

What is the Tatum Key Management System?

Tatum Kms

Tatum’s Key Management System is a cloud-based system that allows users to generate, store, and securely use cryptographic keys. It is designed to be easy to use and to provide a high level of security. The Tatum KMS is used by organizations to centrally manage cryptographic keys and ensure that they are used correctly. It can also be used by individuals to manage their keys.

The Tatum KMS is based on the AWS Key Management Service and uses the same encryption algorithms. It is designed to be easy to use, provide a high level of security and supports multiple users and devices, and can be used to share keys between different devices and platforms securely. The Tatum KMS also supports key rotation, which helps to reduce the risk of keys being compromised.

Tatum KMS allows you to be in charge of the final wallet mnemonics and private keys in custodial applications. Critical data is not sent over the web when a blockchain transaction is signed locally. You can quickly create and grow custodial apps with KMS, while also giving your users the highest level of security and enabling them to access blockchain technology without having to worry about private keys or mnemonics. End users may access your app with simply their login credentials, and KMS will take care of the rest.

Using Tatum KMS for a secure custodial transactions using private keys

Generate a wallet

To build a wallet that is managed by the KMS, you can use the generatemanagedwallet command in CLI mode.

tatum-kms –path=wallet.dat –testnet generatemanagedwallet BTC

Enter the password to access wallet storage:*****ta

You will be asked for a password to encrypt your data when you first use the KMS. The first time you type this password, it will be finalized, and you should keep it safe.

The response contains your wallet mnemonic’s signature ID as the first parameter.

Tatum Kms Response

Create a private key

A private key is used to facilitate the transfer of cryptocurrency out of a wallet and demonstrate ownership over any funds held within. You will create a private key for your wallet locally. To create a private key, use the getprivatekey command.

tatum-kms –path=wallet.dat –testnet getprivatekey xxx-59be-4792–81c5-yyy 0

The required parameters are:

  • Your wallet mnemonic’s signature ID 
  • The response is the private key of the derivation index that you have specified.

Generate an address

For the newly generated private key, you will build an address. You can send money from the address using the private key after receiving money to it.

tatum-kms –path=wallet.dat –testnet getaddress xxx-59be-4792–81c5-yyy 0

The parameters required are:

  • Your wallet mnemonic’s signature ID
  • The derivation index of the address 

The response will contain the address you have just generated.

Store the private key to your wallet

The storemanagedprivatekeycommand will now be used to store the newly created private key in the wallet.

tatum-kms –path=wallet.dat –testnet storemanagedprivatekey BTC

Enter the private key and the password you made when prompted. 

The response will contain the signature ID of the private key, which you can then use to sign transactions.

Export the wallet

The wallet can now be reviewed and exported. To export, enter the following:

tatum-kms –path=wallet.dat –testnet export

The response will give you details about your wallet.

This article has covered how to use Tatum KMS for bitcoin, but you can also use it for Solana.


The qualities of a wallet that are most important to you that will help you decide between a non-custodial and a custodial type. Custody wallets are frequently chosen by people who prefer the set-and-forget ease of handling their cryptocurrency through an exchange or other centralized wallet provider. However, you can look for reputable custodial wallet service providers if you’re looking for a company to handle your storage needs while you trade or invest.

The Tatum KMS can be used to create, manage, and sign transactions without ever revealing your private keys to Tatum or any other third party. KMS also offers an export function that allows you to move your wallet to another provider at any time.

Pankaj Kumar
Pankaj Kumar
Articles: 207