How to add a regular key pair to your XRP account using Xumm
A regular key functions the same way a normal key or account does. It has a public 'r' address and a secret. Below is a description what it is used for and how to set it up using Xumm.
Regular key is often used to protect your account, which can sign transactions for your account instead of using the master key.
If, for whatever reason, your regular key gets compromised and the master key is not, you can set a new regular key using a tool like xrpl.services to regain control of your account.
If you already have a regular key pair with an XRP account you can just import your XRP account as a read-only account and the regular key pair as a full read/write account and you're set to go!
Step 1: Generate a key pair
You can generate a new key pair using the Xumm app to generate a new key pair.
Make sure you save the secret numbers in a safe way. You can read more about saving the secret key here.
Go to settings → Accounts → ➕
Or switch accounts and click on add
Now you should see this screen and create a new account.
After walking through the process of generating a new account you should see it in your account list.
When you've generated your new key pair you're set to go to the next step where you will assign the new key pair to your account.
Step 2: Assign key pair to account as a regular key pair
This step will set the new key pair to your account using your master key. After completion you can sign using both your master key and the regular key.
Use a tool like xrpl.services where you can set a regular key and input your newly generated XRP account 'r' address.
Be sure when submitting your regular key to your account to use the right account for this. After scanning the QR code, signing & submitting you should see this in the Xumm app:
Now you can sign using your newly generated account and is now a regular key. Now under your new account there is a button like this.
The next step is a verification if the account is properly set up and if you can sign using your newly generated key pair.
If you configured a "Regular Key" as a back up account, you should stop following this tutorial right here.
If you want to re-key your account because you believe your keys may be compromised, please continue following this tutorial.
Step 3: Verify the Regular Key Pair
A very important step especially before disabling your master key on the account. Check if the regular key pair works. But you don't have to disable your master key that is up to you.
To check if the account can sign using your new key you can now change your account access level to read only.
You can change this in settings → accounts → click on the account you want your master key to be removed from the app. Now you should see this screen and can change the access level to read only.
For the actual check use the tools tab on the xrpl.services website and go to Raw JSON Transactions. Select the account set template and delete everything except the first two lines. The important part is that the account is correctly set, it should be the account which you just changed the access level of to read only. Just like this.
Now you can sign and submit the transaction. If it shows that it was successful you're set to continue to disable your master key. Or to leave it as is.
Optional Step 4: Disable your master key ⚠️
This is an additional step which will disable your master key.
⚠️ Warning ⚠️: You will not be able to access the XRP account using your master key hereafter. Only your regular key pair will be able to sign.
The only way to disable your master key is to import your master key again, just by upgrading the account from read only to full access read/write.
After this step go to the xrpl.services for the last step.
Under the option for Account Set there is a checkbox Disable Master Key, check it and then you are good to go to sign that transaction using the account you have just re-keyed and you want to delete the account with. It will look like this:
When you have signed the transaction your account is now fully re-keyed and is not able to sign using its own master key anymore.
Fully sign now with the regular key pair that you've just created 🎉