Hcfyk

Can not upgrade Kali,not enough space in /var/cache/apt/archives

Why do IPv6 unique local addresses have to have a /48 prefix?

Will the technology I first learn determine the direction of my future career?

Pre-mixing cryogenic fuels and using only one fuel tank

Will adding a BY-SA image to a blog post make the entire post BY-SA?

When were female captains banned from Starfleet?

Should I install hardwood flooring or cabinets first?

why `nmap 192.168.1.97` returns less services than `nmap 127.0.0.1`?

Difference between -| and |- in TikZ

Flux received by a negative charge

Are the IPv6 address space and IPv4 address space completely disjoint?

Has any country ever had 2 former presidents in jail simultaneously?

How do you respond to a colleague from another team when they're wrongly expecting that you'll help them?

Filling the middle of a torus in Tikz

Can somebody explain Brexit in a few child-proof sentences?

How should I respond when I lied about my education and the company finds out through background check?

We have a love-hate relationship

Biological Blimps: Propulsion

When quoting, must I also copy hyphens used to divide words that continue on the next line?

How is flyblackbird.com operating under Part 91K?

Closed-form expression for certain product

A social experiment. What is the worst that can happen?

Journal losing indexing services

THT: What is a squared annular “ring”?

How to create a wallet in Ledger Nano S?

How do I know my password or backup information is not being shared when creating a new wallet?How do I confirm my Tezos wallet is up to date; most current version etc.?How can I sign a message with my Ledger?What are the best cold-storage methods available for XTZ?How can I use Kukai wallet on alphanet?How do I know my password or backup information is not being shared when creating a new wallet?Why is my faucet wallet on Alphanet not recognized?Issues resetting the ledger HWMWhy won't tezos-client find my Ledger Nano S?Can I transfer a delegated KTZ account from one TZ1 account to another?Recurring “No Ledger found” error by endorser

4

Context of this question here.

I want to create a wallet (by which I mean a tz1 address) using my Ledger Nano S. All I find online is how to create a wallet using software (e.g. Galleon Wallet) or web application (e.g. Tezbox). However, as I understand it, the whole point of a hardware-based wallet is that the keys are created and stay in the hardware. A key created via software can be intercepted or (more sinister) stored by the software or even sent to a third party.

Now, when I initialised my Ledger, I did create the key (setting a PIN and then the 24-words security). So, in principle, the key is in the hardware. However, nothing assures me the key is not being seen by the software by which the wallet is created and linked to the Ledger.

So, how can I create a wallet securely using the Ledger hardware? Perhaps using the CLI tezos-client? (but the latter means I need to run a node?).

ledger wallets

share|improve this question

asked Mar 18 at 14:35

luchonacholuchonacho

421214

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  There is no way for apps to extract and misuse your key that is stored within the hardware wallet device unless you expose your seed words.
  
  – Stephen Andrews♦
  Mar 19 at 17:06
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @StephenAndrews Thanks. How exactly do you know this is the case? For instance, what if Ledger Live has sudo access?
  
  – luchonacho
  Mar 19 at 18:21
  
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  It uses a Hardware Security Module - this is a separate chip that does not allow to extraction of your private key. HSM are well known and used around the world for many secure applications.
  
  – Stephen Andrews♦
  Mar 19 at 20:15
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @StephenAndrews I see. That sound more like an answer than a comment. Ca you add it please? It also seems to go against the other answer.
  
  – luchonacho
  Mar 20 at 9:20
  

  
  
  
  

add a comment | 

4

Context of this question here.

I want to create a wallet (by which I mean a tz1 address) using my Ledger Nano S. All I find online is how to create a wallet using software (e.g. Galleon Wallet) or web application (e.g. Tezbox). However, as I understand it, the whole point of a hardware-based wallet is that the keys are created and stay in the hardware. A key created via software can be intercepted or (more sinister) stored by the software or even sent to a third party.

Now, when I initialised my Ledger, I did create the key (setting a PIN and then the 24-words security). So, in principle, the key is in the hardware. However, nothing assures me the key is not being seen by the software by which the wallet is created and linked to the Ledger.

So, how can I create a wallet securely using the Ledger hardware? Perhaps using the CLI tezos-client? (but the latter means I need to run a node?).

ledger wallets

share|improve this question

asked Mar 18 at 14:35

luchonacholuchonacho

421214

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  There is no way for apps to extract and misuse your key that is stored within the hardware wallet device unless you expose your seed words.
  
  – Stephen Andrews♦
  Mar 19 at 17:06
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @StephenAndrews Thanks. How exactly do you know this is the case? For instance, what if Ledger Live has sudo access?
  
  – luchonacho
  Mar 19 at 18:21
  
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  It uses a Hardware Security Module - this is a separate chip that does not allow to extraction of your private key. HSM are well known and used around the world for many secure applications.
  
  – Stephen Andrews♦
  Mar 19 at 20:15
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @StephenAndrews I see. That sound more like an answer than a comment. Ca you add it please? It also seems to go against the other answer.
  
  – luchonacho
  Mar 20 at 9:20
  

  
  
  
  

add a comment | 

Context of this question here.

I want to create a wallet (by which I mean a tz1 address) using my Ledger Nano S. All I find online is how to create a wallet using software (e.g. Galleon Wallet) or web application (e.g. Tezbox). However, as I understand it, the whole point of a hardware-based wallet is that the keys are created and stay in the hardware. A key created via software can be intercepted or (more sinister) stored by the software or even sent to a third party.

Now, when I initialised my Ledger, I did create the key (setting a PIN and then the 24-words security). So, in principle, the key is in the hardware. However, nothing assures me the key is not being seen by the software by which the wallet is created and linked to the Ledger.

So, how can I create a wallet securely using the Ledger hardware? Perhaps using the CLI tezos-client? (but the latter means I need to run a node?).

ledger wallets

share|improve this question

asked Mar 18 at 14:35

luchonacholuchonacho

421214

share|improve this question

asked Mar 18 at 14:35

luchonacholuchonacho

421214

share|improve this question

asked Mar 18 at 14:35

luchonacholuchonacho

421214

asked Mar 18 at 14:35

luchonacholuchonacho

421214

asked Mar 18 at 14:35

luchonacholuchonacho

421214

1 Answer
1

active

oldest

votes

3

First: Yes you need to run a node to do this.

Here is a Tutorial, how to do it with CLI:
https://github.com/obsidiansystems/ledger-app-tezos

It looks more than it takes, if you use LedgerLive ( to install the Tezos Wallet (and Baking) App.

share|improve this answer

answered Mar 18 at 14:43

BlindripperBlindripper

1,683421

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  So, using a third-party software to create a wallet for Ledger is not secure then?
  
  – luchonacho
  Mar 18 at 18:17
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Seems to be a super strong conclusion. Basically, only creating a wallet via the node is 100% secure. This is definitely not the impression people get.
  
  – luchonacho
  Mar 18 at 20:23
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  What is 100% secure? :-)
  
  – Blindripper
  Mar 19 at 6:08
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  In this case, that the keys are shielded from external parties before and after creating a wallet. And who knows. Since the firmware of Ledger is not open source, they themselves might be, either directly (malintention) or indirectly (bugs) be a source of risk.
  
  – luchonacho
  Mar 19 at 11:01
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  The private keys are also protected "during" wallet creation, as they never leave the device, under no circumstances whatsoever. What is the leaving the device are only the public keys.
  
  – MarcB
  Mar 20 at 8:31
  
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "698"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2ftezos.stackexchange.com%2fquestions%2f808%2fhow-to-create-a-wallet-in-ledger-nano-s%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

3

First: Yes you need to run a node to do this.

Here is a Tutorial, how to do it with CLI:
https://github.com/obsidiansystems/ledger-app-tezos

It looks more than it takes, if you use LedgerLive ( to install the Tezos Wallet (and Baking) App.

share|improve this answer

answered Mar 18 at 14:43

BlindripperBlindripper

1,683421

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  So, using a third-party software to create a wallet for Ledger is not secure then?
  
  – luchonacho
  Mar 18 at 18:17
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Seems to be a super strong conclusion. Basically, only creating a wallet via the node is 100% secure. This is definitely not the impression people get.
  
  – luchonacho
  Mar 18 at 20:23
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  What is 100% secure? :-)
  
  – Blindripper
  Mar 19 at 6:08
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  In this case, that the keys are shielded from external parties before and after creating a wallet. And who knows. Since the firmware of Ledger is not open source, they themselves might be, either directly (malintention) or indirectly (bugs) be a source of risk.
  
  – luchonacho
  Mar 19 at 11:01
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  The private keys are also protected "during" wallet creation, as they never leave the device, under no circumstances whatsoever. What is the leaving the device are only the public keys.
  
  – MarcB
  Mar 20 at 8:31
  
  

  
  
  
  

add a comment | 

3

First: Yes you need to run a node to do this.

Here is a Tutorial, how to do it with CLI:
https://github.com/obsidiansystems/ledger-app-tezos

It looks more than it takes, if you use LedgerLive ( to install the Tezos Wallet (and Baking) App.

share|improve this answer

answered Mar 18 at 14:43

BlindripperBlindripper

1,683421

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  So, using a third-party software to create a wallet for Ledger is not secure then?
  
  – luchonacho
  Mar 18 at 18:17
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Seems to be a super strong conclusion. Basically, only creating a wallet via the node is 100% secure. This is definitely not the impression people get.
  
  – luchonacho
  Mar 18 at 20:23
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  What is 100% secure? :-)
  
  – Blindripper
  Mar 19 at 6:08
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  In this case, that the keys are shielded from external parties before and after creating a wallet. And who knows. Since the firmware of Ledger is not open source, they themselves might be, either directly (malintention) or indirectly (bugs) be a source of risk.
  
  – luchonacho
  Mar 19 at 11:01
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  The private keys are also protected "during" wallet creation, as they never leave the device, under no circumstances whatsoever. What is the leaving the device are only the public keys.
  
  – MarcB
  Mar 20 at 8:31
  
  

  
  
  
  

add a comment | 

First: Yes you need to run a node to do this.

Here is a Tutorial, how to do it with CLI:
https://github.com/obsidiansystems/ledger-app-tezos

It looks more than it takes, if you use LedgerLive ( to install the Tezos Wallet (and Baking) App.

share|improve this answer

answered Mar 18 at 14:43

BlindripperBlindripper

1,683421

share|improve this answer

answered Mar 18 at 14:43

BlindripperBlindripper

1,683421

answered Mar 18 at 14:43

BlindripperBlindripper

1,683421

answered Mar 18 at 14:43

BlindripperBlindripper

1,683421