Extracting Keys from a Ledger Device

Alain Mebsout
Dune Network
Published in
3 min readDec 12, 2019
Photo by Silas Köhler

Let’s say that you don’t want to use your Ledger Nano S anymore (for whatever reason), or that Ledger goes out of business and that you lost your Ledger device, or that it stops working. Worry not. You can recover your private keys. Ledger uses standard protocols and cryptography primitives so there is a way to import your accounts in any other wallet.

You don’t need to have a device for that, but you absolutely need your recovery mnemonic that was given at initialization (this is the seed for all your private keys).

Ledger already has a support article on how to do that, which recommends to use the bip39 tool developed by Ian Coleman. However this tool uses Javascript libraries which only support the Bitcoin cryptographic curve (Secp256k1), so if you use e.g., Ed25519 you are SOL.

We have developed a small tool which can derive private keys for use with Dune (as well as Tezos) which uses Ed25519 by default (i.e. if you have a dn1… address).

The following section gives you the basics on how to use this tool while the second one explains how to extract private keys securely.

I’m in a hurry, give me my private key!

This tool can be accessed at https://dune.network/ledger_extract/ (this tool is free software, and its source code can be read on Gitlab at https://gitlab.com/dune-network/ledger-extract)

You simply have to input your recovery phrase (the BIP39 mnemonic) and the derivation path (the Dune client uses the hardened path m/44'/1729'/0'/0'by default), click on the button, and voilà !

You can now save (preciously) your secret key (the one that starts with edsk…) and import it in any other wallet of your choice.

The slower but safe way to extract your private key

There is also a link on the page to download an standalone version of the html webpage with all the javascript code embedded for you to run on an offline computer (which you absolutely should do if you care about this private key).

If you download this page you should also check the SHA256 checksum against the version published on our Gitlab at https://gitlab.com/dune-network/ledger-extract/blob/master/Readme.md.

At the time of this writing the checksum is:

dc6bbed859d674c2da620fe0f5550a77331127531ad55e818945c716a3854497

You can make sure it’s correct by running the following command:

echo dc6bbed859d674c2da620fe0f5550a77331127531ad55e818945c716a3854497 ledger_extract.html | sha256sum  --checkledger_extract.html: OK

In fact, you can even copy the standalone web page on a brand new, air gapped, offline laptop. Run it with the browser of your choice (or use the command line tool), and if you have tons of money to waste, make sure to destroy the computer afterwards.

--

--