Creating a Solana Wallet Mnemonic (Seed Key) from the CLI

Jun 7, 2022, 12:51 PM

about9mins to read

Top
Background
Creating a Mnemonic from the CLI
Obtaining Key Information from a Mnemonic
Summary

As mentioned in the official Solana documentation, I found some additional information and summarized it.

Background

Solana is economically friendly, allowing us to divide wallets into smaller units, reducing security risks in case a key is stolen. This is user-friendly.

Phantom and other wallet apps have an "add" button that creates a derived key. This is generated from a single mnemonic seed key, making management easy. However, if the mnemonic is leaked, all wallets will be compromised. It's a good idea to use different mnemonics for important wallets.

Solana CLI can also create new mnemonics easily, so let's try it.

Creating a Mnemonic from the CLI

First, install Solana CLI.

$ sh -c "$(curl -sSfL https://release.solana.com/stable/install)"

After installation, create a mnemonic using the solana-keygen command. Normally, the byte sequence is written to a file, but by specifying --no-outfile, the mnemonic is displayed on the screen. You can also specify the length with --word-count, up to 24.

$ solana-keygen new --no-outfile --word-count 24

You will be prompted for a passphrase, but it's not necessary. If you don't want to be prompted, specify --no-bip39-passphrase.

========================================================================================================================================================================
Save this seed phrase to recover your new keypair:
float cancel (ry) horror
========================================================================================================================================================================

By the way, mnemonics are available in various languages. Specifying --language japanese will generate a Japanese mnemonic.

========================================================================================================================================================================================================================================================================================================
Save this seed phrase to recover your new keypair:
ぞんぶん せっかく (ry) まわす
========================================================================================================================================================================================================================================================================================================

Once created, be sure to take note of it carefully. Mnemonics can be imported into wallets like Slope. On the other hand, Phantom only allows importing mnemonics for the first time, so let's generate private keys from here.

Obtaining Key Information from a Mnemonic

You can obtain public and private keys from a mnemonic using the following TypeScript code.

import * as bip39 from "bip39";
import { derivePath } from "ed25519-hd-key";
import * as web3 from "@solana/web3.js";
import * as bs58 from "bs58";

const showKeys = async (mnemonic: string) => {
  const seed = await bip39.mnemonicToSeed(mnemonic);
  const seedBuffer = Buffer.from(seed).toString("hex");
  const path = `m/44'/501'/0'/0'`;
  const derivedSeed = derivePath(path, seedBuffer).key;
  const keypair = web3.Keypair.fromSeed(derivedSeed);

  console.log(`pubkey: ${keypair.publicKey}`);
  console.log(`secretKey: ${keypair.secretKey}`);
  console.log(`secretKey (BASE58): ${bs58.encode(keypair.secretKey)}`);
};

The flow is as follows: first, generate a seed key from the mnemonic using bip39.mnemonicToSeed(). Then, specify a BIP32 path to obtain a derived key. Finally, use that to generate a Solana KeyPair.

Here's an explanation of the code:

Mnemonics follow Bitcoin BIP39. BIP39 has an npm package and is easy to handle. For a detailed explanation, refer to this Japanese article that explains BIP39 in detail.

The path specified when creating a derived key is the incantation m/44'/501'/0'/0'/0. Increasing the last digit will generate a different derived address. For an overview of paths, refer to this article or BIP32.

Solana keys use ED25519. Although I'm not familiar with cryptography, ED25519 is a secure and fast method, similar to RSA used in SSH. Mozilla's article provides more details.

Summary

Let's divide wallets wisely according to their purpose, as managing too many can be troublesome