How to Use Cryptographic Keys and Digital Signatures to Protect Your Crypto Transactions

What you’ll learn and what you need

In this tutorial you’ll walk through the same steps I use when I explain “how crypto actually works” to new engineers and friends:

• See how a hash function makes even a tiny change in data obvious.
• Generate a public/private key pair in Python so the wallet jargon starts to make sense.
• Sign and verify a message so you can visualize what happens when you click “Sign” in a wallet.
• Connect these pieces back to real wallets and basic safety practices.

You don’t need to be a developer to follow along, but you’ll get the most value if you’re comfortable copying code, running it, and reading the output.

You’ll need:

• A laptop with Python 3 installed.
• A browser wallet such as MetaMask.
• 30 minutes and a bit of curiosity.

Step 1 – Set up your tools

Before touching any crypto or private keys, get a small sandbox in place.

1
python --version

mkdir blockchain-crypto-demo
cd blockchain-crypto-demo

1
pip install cryptography

Step 2 – Try a simple hash

Hashes are the backbone of blockchain immutability. In plain terms: they turn any message into a fixed-length “fingerprint,” and even tiny changes produce a completely different fingerprint.

Create a file called hash_demo.py in your project folder:

1
import hashlib
2

3
message = "Send 1 BTC to Alice"
4
hash_output = hashlib.sha256(message.encode()).hexdigest()
5

6
print("Message:", message)
7
print("Hash   :", hash_output)

Run it:

python hash_demo.py

Now change the message by one character (for example, Alice → Alic3) and run it again. The hash should be completely different. That sensitivity is what lets blockchains detect tampering quickly.

Key takeaway: hashes make it obvious when data has changed, even if you don’t look at the data itself.

Step 3 – Generate a key pair

Wallets talk about “public” and “private” keys, but it’s easier to grasp if you create one yourself.

Create a file keys_demo.py:

1
from cryptography.hazmat.primitives.asymmetric import ec
2
from cryptography.hazmat.primitives import serialization
3

4
private_key = ec.generate_private_key(ec.SECP256K1())
5
public_key = private_key.public_key()
6

7
private_pem = private_key.private_bytes(
8
    encoding=serialization.Encoding.PEM,
9
    format=serialization.PrivateFormat.PKCS8,
10
    encryption_algorithm=serialization.NoEncryption(),
11
)
12

13
public_pem = public_key.public_bytes(
14
    encoding=serialization.Encoding.PEM,
15
    format=serialization.PublicFormat.SubjectPublicKeyInfo,
16
)
17

18
print("Private key (keep secret):\n", private_pem.decode())
19
print("Public key (safe to share):\n", public_pem.decode())

Run it:

python keys_demo.py

You’ll see two blocks of text in PEM format. The private key is what your wallet protects behind a password or seed phrase. The public key is what ultimately becomes an address on networks like Ethereum and Bitcoin.

Key takeaway: a wallet is essentially a user-friendly wrapper around a private key; losing it means losing the ability to sign.

Step 4 – Sign and verify a message

Now you’ll tie hashing and keys together with a digital signature. This is the core of “proving it was you” on-chain.

Create a file signing_demo.py:

1
from cryptography.hazmat.primitives import hashes
2
from cryptography.hazmat.primitives.asymmetric import ec
3

4
# 1. Generate a fresh key pair (like a wallet does behind the scenes)
5
private_key = ec.generate_private_key(ec.SECP256K1())
6
public_key = private_key.public_key()
7

8
message = b"Send 0.1 ETH to Alice"
9

10
# 2. Sign the message with the private key
11
signature = private_key.sign(message, ec.ECDSA(hashes.SHA256()))
12
print("Signature bytes:", signature.hex())
13

14
# 3. Verify the signature with the public key
15
public_key.verify(signature, message, ec.ECDSA(hashes.SHA256()))
16
print("Signature verified!")

Run it:

python signing_demo.py

You should see “Signature verified!” at the end. If you change the message by even one character and run verification again without re-signing, it will fail. That’s exactly what happens if someone tries to alter a transaction after you sign it.

Key takeaway: a digital signature proves “this exact data came from this key holder and wasn’t changed afterward.”

Step 5 – Apply this to your wallet and daily security

Up to now you’ve seen everything “with the hood open.” In normal wallet use, the same pieces are there—they’re just packed behind a clean interface.

Here’s how what you just did maps to everyday actions:

1. Installing a wallet = setting up a key pair
   When you install a wallet like MetaMask and create a new account, it quietly generates a private key and the matching public key for you. The 12 or 24‑word recovery phrase is just a human-friendly way to back up that private key. Losing it means losing your ability to sign, just like deleting the private_key in your Python demo.

2. Your address = a form of public key
   The wallet derives an address from your public key (with some extra steps that depend on the chain). That’s what you copy-paste to receive funds. Anyone can see that address and check its activity—exactly like using the public key to verify a signature, but in a compressed, chain-specific format.

3. Clicking “Sign” = running the signing demo behind the scenes
   Each time you approve a transaction or message, your wallet:

   • Takes the relevant data (to, amount, contract call, or message).
   • Hashes it (so a fixed “fingerprint” is signed, not arbitrary-length data).
   • Signs that hash with your private key using an algorithm similar to the Python example.
     The node or smart contract on the other side uses your public key/address to verify the signature. If anything in the data changes after you sign, verification fails.

4. Transaction hash = fingerprint of what you signed
   After a transaction is broadcast, your wallet and block explorers show a transaction hash. That hash acts like a “receipt number” for the full transaction payload: from, to, value, and additional data. If you ever need to prove “this is the transaction I sent,” that hash is what you share.

Because all of this is wired into the wallet, you rarely think about hashes or elliptic curves in daily use—but knowing they’re there helps you spot when something feels off.

Practical safety habits:

• Never paste your seed phrase or private key into a website or chat—even to “test” something.
• Use hardware wallets for larger balances so the private key never leaves a secure device.
• Double-check the transaction details and domain before approving any signature, especially “Sign Message” or “Connect” prompts on new dApps.

If you keep this mental model in your head—hash → key pair → signature → transaction hash—wallet activity becomes less like magic and more like a series of clear steps you control. That makes it much easier to notice red flags and say “no” before a bad signature costs you real money.