Generating a Key Pair
About Key Pairs
Two different key pairs are relevant to node operators:
- Wallet keypairs you generate with the steps provided here
- libp2p keypairs that are gossip network identities
To use Mina on Mainnet or to fully participate in a Mina test network, the first step is to generate a wallet key pair that consists of a public key and a private key. The public key identifies each block producer on the network.
In some cases, you want to generate more than one wallet key pair. For example, to run a block producer most securely, it is advisable to have accounts on both hot and cold wallets. See Hot and Cold Block Production.
The libp2p keypairs are not necessary for the daemon to function properly. If you do want to generate them, don't generate it to the same file storing wallet keys.
The supported tools for generating public/private key pairs are:
- mina advanced generate-keypair mina subcommand
- mina libp2p generate-keypair mina subcommand
- Mina Signer
- Mina command line wallet package that interfaces with your Ledger device and Mina blockchain to generate addresses on the Ledger hardware wallet
Always give out your public keys. Mina will never ask you for your private keys. Be sure that your private keys are stored safely.
Never give out your private key.
If you lose your private key or if a malicious actor gains access to your private key, you will lose access to your account and lose your account funds.
Using mina advanced generate-keypair
The mina advanced generate-keypair
command line utility is the simplest method to create a public/private key pair.
$ mina advanced generate-keypair -help
Generate a new public, private keypair
mina advanced generate-keypair
=== flags ===
--privkey-path FILE File to write private key into (public key will be
FILE.pub)
(alias: -privkey-path)
[-help] print this help text and exit
(alias: -?)
Preparations
Create a folder on your system where you can store the key files. By convention, the
~/keys
folder:mkdir ~/keys
Ensure the permissions are set properly for this folder to prevent unwanted processes from accessing these files:
chmod 700 ~/keys
If you're using Ubuntu/Debian and would like to generate it out of a container environment, please go to Generate keys on Ubuntu or Debian. Otherwise, please go to Generate keys on Docker
Make sure to set a new and secure password for commands in follow-steps . Mina will never ask you for this password. Do not share this password with anyone.
Generate keys on Ubuntu or Debian
- Install the mina node:
echo "deb [trusted=yes] http://packages.o1test.net $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/mina.list
sudo apt-get update
sudo apt-get install -y mina-mainnet=3.1.0-ae112d3
- Verify that mina installed correctly:
mina -version
The expected output is:
Commit ae112d3a96fe71b4ccccf3c54e7b7494db4898a4
- Run the
mina advanced generate-keypair
command:
mina advanced generate-keypair --privkey-path ~/keys/my-wallet
- When prompted, type in the password you intend to use to secure this key. Do NOT forget this password. If already set, the tool uses the password from the
MINA_PRIVKEY_PASS
environment variable instead of prompting you.
Generate keys on Docker
- Use the
minaprotocol/generate-keypair
Docker image:
cd ~
docker run -it --rm --entrypoint "" \
--volume $(pwd)/keys:/keys \
minaprotocol/mina-daemon:3.1.0-ae112d3-bullseye-mainnet \
mina advanced generate-keypair --privkey-path /keys/my-wallet
When prompted, type in the password you intend to use to secure this key. Do NOT forget this password.
Two files are created for your public/private key pair:
~/keys/my-wallet
: the encrypted private key~/keys/my-wallet.pub
: the public key in plain text
Finally, ensure the permissions are set properly for the private key file to prevent unwanted processes from accessing it.
chmod 600 $(pwd)/keys/my-wallet
Be sure to store the private key file and password you used in a secure place, such as a password manager.
Validate your private key
Now that you've created your key, validate that it works. It's sufficient to use the mina advanced validate-keypair
command to verify that you can sign a transaction.
On Ubuntu/Debian:
mina advanced validate-keypair --privkey-path <path-to-the-private-key-file>
On Docker:
docker run -it --rm --entrypoint "" \
--volume $(pwd)/keys:/keys \
minaprotocol/mina-daemon:3.1.0-ae112d3-bullseye-mainnet \
mina advanced validate-keypair --privkey-path /keys/my-wallet
Generating and using your libp2p keys
To ensure connectivity across the network, it is essential that all seed nodes start with the same libp2p
keypair.
This consistency allows other nodes in the network to reliably connect.
Use the libp2p
subcommand of mina
CLI utility to create a libp2p key pair.
mina libp2p generate-keypair --privkey-path <path-to-the-key-file>
Generated libp2p keys can then be used with the Mina Daemon startup command like this:
mina daemon ... --libp2p-keypair <path-to-the-key-file> ...
Ledger Hardware Wallet
You can use your Ledger Nano S hardware wallet to securely store your Mina private keys. To get started, install the Mina app on the Ledger Hardware Wallet.
Mina Signer
You can also use Mina Signer to generate key pairs and sign transactions.
Next steps
Now that you have created a public/private key pair, you are ready to connect to the network or share your public key.