How to export key from Ledger?
kidinamoto01 opened this issue · 2 comments
In https://github.com/tendermint/kms/blob/master/README.yubihsm.md, there is a description for exporting and reuse existing private keys, can we do the same thing with Ledger?
As far as I know, Ledger keys are deterministically derived from the 24-word phrase you initialize them with, and the derived subkeys cannot be exported.
Hi @kidinamoto01,
Ledger devices are initialized with a mnemonic.
The keys that are used by the validator app are derived from this mnemonic using a fully hardened path: 44'/118'/0'/0'/0'
A reference of the code that Ledger uses for the derivation is here:
https://github.com/LedgerHQ/orakolo/blob/master/src/python/orakolo/HDEd25519.py
you can use that script to go from the mnemonic to the actual public/private keys that the device is using.
While you can go from a Ledger to a Yubi, it is not possible to go from a Yubi to a Ledger.