Best thing to do with my keys (public and private)?

[meegwell]

I had a rippex wallet years ago and obviously they are no longer.  I have and still make deposits to my wallet, and I have my secret key associated with said wallet stored securely offline.  As my xrp account grows, I have increasing anxiety about whether or not I can access the XRP.  At a minimum, I would like to do some sort of simple test - I have at least two other wallets, exchange-based,  for various reasons with much smaller balances, coinbase and something else I dont recall at the moment.  Is transferring a small amount of XRP from my primary (former rippex) wallet to say the coinbase exchange wallet a safe way to test that I can access my XRP?

 

Going forward, and assuming all is good related to the above test, am I OK just keeping things as-is:  know my wallet key and periodically check the balance and make deposits; have my private key securely stored and safe offline. ??  Or should I change this setup to a hard wallet for some reason?

[PunishmentOfLuxury]

If I had serious doubts about the validity of the secret key, I'd make a small test transaction as you propose, but it's not strictly necessary. I'm sure I've read that there's another way to validate a secret key without making a transaction - hopefully someone else will chime in with the details.

If you're super cautious you may also want to read up about the biased nonce vulnerability (don't do anything drastic - it's a very small risk applying to accounts created with old versions of Rippled, and as long as you have not made more than one signed transcation with the account, you're safe).

For cold storage, transferring to a hardware wallet just introduces potentially more vulnerabilities, room for errors, and you still have to keep the recovery mnemonic for the wallet safe somewhere, so your XRP would be no safer, as far as I can see.

EDIT: This was an answer, but the links are dead (btw the whole thread is worth reading):

@Warbler is trustworthy. I had a quick look at his Bithomp Tools, which is claimed to be able to validate secret keys, but it wasn't obvious how. Maybe Warbler will elucidate.

Edited September 20, 2019 by PunishmentOfLuxury

[Warbler]

@PunishmentOfLuxury

we moved our open-sourced libraries to bithomp account

https://github.com/bithomp

the small tool to validate secret is deprecated now, as it's possible to check secret in the bithomp-tools

https://github.com/Bithomp/bithomp-tools

download the index.html page, open it on the clean and trusted offline computer.

agree to terms, choose offline mode, enter your secret key and the tool will show you the xrp address.

If the xrp address matches to the one you have, means it's a correct pair.