Wallet Security
DgenFren takes wallet security seriously. Here’s how your keys are protected.
Encryption
All private keys are encrypted using AES-256-GCM with PBKDF2 key derivation before being stored in the database.
- Algorithm: AES-256-GCM (authenticated encryption)
- Key derivation: PBKDF2 with a server-side encryption key
- What’s encrypted: Solana private keys and EVM private keys
- What’s stored: Only the encrypted ciphertext + IV + auth tag
The encryption key is a 32-byte hex value stored as a server environment variable (ENCRYPTION_KEY). It never touches the database.
Non-Custodial Design
DgenFren is non-custodial in spirit:
- Your wallets are generated on the server
- Private keys are encrypted and stored — not held in plaintext
- You can export your keys at any time using
/export - If you export and import into another wallet, you have full independent access
Exporting Your Keys
/export
This displays your decrypted private keys. Handle with extreme care:
- Do not share the export message with anyone
- Delete the message after saving your keys
- Store keys in a secure password manager or hardware wallet
What DgenFren Cannot Do
- Cannot access your keys without the encryption key
- Cannot spend funds without executing a trade command
- Does not hold or pool user funds
- Each user has completely separate wallets
Wallet Architecture
| Wallet | Chains | Key Type |
|---|---|---|
| Solana | Solana only | Ed25519 keypair (base58) |
| EVM | Ethereum, Base, Arbitrum | secp256k1 private key (hex) |
Your EVM wallet uses the same address across all EVM chains. One key, multiple networks.
Database Security
- The PostgreSQL database stores only encrypted key blobs
- Database access is restricted to the application server
- No external database access is exposed
Recommendations
- Export and back up your keys after creating your account
- Don’t keep large amounts in the bot wallet — deposit what you plan to trade
- Use
/balanceregularly to verify your holdings - See Best Practices for more security tips