# Eth 2.0 Key Generation: Tails Live USB
This guide demonstrates how to generate Eth 2.0 validator keys using Tails to boot from USB.
{% hint style="info" %}
The Eth 2.0 Beacon Chain launched on Dec 1, 2020 with around \~21k validators.
New users are encouraged to join the [EthStaker Discord](https://invite.gg/ethstaker) and practice running validators on the Pyrmont testnet **before** using mainnet. You can find additional Eth2 resources [here](https://agstakingco.gitbook.io/eth-2-0-key-generation-tails-live-usb/eth-2.0-resources).
{% endhint %}
## Eth 2.0 Prymont Staking Guides:
Prymont is the current Eth2 testnet. See here for my [Lighthouse guide](https://app.gitbook.com/@agstakingco/s/pyrmont-lighthouse-eth-2-0-staking-guide/), or follow one of Somer Esat's:
### Somer Esat Pyrmont Guides: [Lighthouse](https://someresat.medium.com/guide-to-staking-on-ethereum-2-0-ubuntu-pyrmont-lighthouse-a634d3b87393?sk=459494148fdab0b03c675ea0864d7486) || [Nimbus](https://someresat.medium.com/guide-to-staking-on-ethereum-2-0-ubuntu-pyrmont-nimbus-e6592c110843?sk=c0ef6aefdf68305739832a569ed0a454) || [Prysm](https://someresat.medium.com/guide-to-staking-on-ethereum-2-0-ubuntu-prysm-56f681646f74?sk=b61691b713d37802b8345855dc356b02) || [Teku](https://someresat.medium.com/guide-to-staking-on-ethereum-2-0-ubuntu-teku-e4247e7c75a1?sk=6d63b55ebe821bd18788c99fa81e437c)
## DISCLAIMER - FOR EDUCATIONAL PURPOSES ONLY
{% hint style="danger" %}
## USE AT YOUR OWN RISK
### There is no guarantee this guide will function for mainnet deposits.
Ethereum 2.0 is experimental software. Staking is inherently risky. Generating keys is risky.\
I am not an expert. This guide should not be relied upon for any mainnet transactions.
### **Practice on testnet before attempting any mainnet transactions.**
{% endhint %}
## Guide Summary:
1. [Why Tails || Security Concerns](#why-tails)
2. [Download `eth2.0-deposit-cli` Key Generator](#step-1-download-eth-2-0-deposit-cli-key-generator)
3. [Download Tails for USB](#step-2-download-tails)
4. [Burn Tails ISO Image to USB](#step-3-burn-tails-iso-image-to-usb)
5. [Disconnect Internet || Create Air-gap](#step-5-tails-live-usb-boot-process)
6. [Boot into Tails USB](#step-6-tails-startup-screen)
7. [Generate Eth 2.0 Keys](#step-7-extract-eth-2-0-deposit-cli)
8. [Safely store `mnemonic seed` (24 words)](#step-9-mnemonic-seed)
9. [Save `deposit_date` and `validator_keystore`](#step-10-save-deposit_data-and-keystore)
10. [Pyrmont Guides || Eth2 Launchpad](#step-11-prymont-testnet)
{% hint style="info" %}
You'll need a PC or server running [Ubuntu](https://ubuntu.com/) and 2 USB memory sticks.
{% endhint %}
## Why Tails?
**Tails**, or **The Amnesic Incognito Live System**, is a security focuses OS aimed at preserving privacy and anonymity. Tails has a few characteristics that make it ideal for Eth 2.0 key generation:
* Designed to be booted as a live USB (secure boot from any computer)
* Leaves no digital footprint on the machine unless explicitly told to do so.
* Ability to disable all networking capabilities on boot screen
* All its incoming and outgoing connections are forced to go through Tor
### Security Concerns
{% hint style="info" %}
Please ensure you understand basic security precautions. If you are unfamiliar with certain topics, you should learn, practice, and come back when you're ready.
{% endhint %}
This guide focuses creating a secure desktop environment for key generation. There are thousands of different aspects of security that this guide will not address.
Remember that a [$5 wrench attack](https://xkcd.com/538/) is probably be your biggest security threat.
{% hint style="danger" %}
### This guide **uses** the following mnemonic seed to generate keys:
**text patch phone badge special hurry apart teach control smoke frost cherry urban quote segment polar depend camera inherit this limit damp soccer cement**
### **NEVER USE THIS SEED TO GENERATE MAINNET KEYS**
{% endhint %}
## Step 1 - **Download `eth2.0-deposit-cli` Key Generator**
{% hint style="danger" %}
Please be sure you are using the official Ethereum Foundation GitHub account.
{% endhint %}
### Visit
{% hint style="info" %}
Choose the file ending in `linux-amd64.tar.gz` and complete the download.
{% endhint %}
### SHA256 Checksum - OPTIONAL
{% hint style="info" %}
You can use SHA256 to ensure that your download is correct and intact. Follow these steps to run a checksum on the eth2.0-deposit-cli tarball:
{% endhint %}
```
cd ~
cd Downloads
ls
```
{% hint style="info" %}
The `ls` command should show the name of the eth2.0-deposit-cli tarball. You can highlight and copy using `CTRL + SHIFT + C` within the terminal window.
{% endhint %}
### Run sha256sum - OPTIONAL
```
sha256sum eth2deposit-cli-ed5a6d3-linux-amd64.tar.gz
```
{% hint style="info" %}
Confirm that the checksum matches the one found on the [EF GIthub release page](https://github.com/ethereum/eth2.0-deposit-cli/releases/)
If the checksums match, you can be certain your file has not been altered.
{% endhint %}
### Move the tarball to the 2nd USB:
## Step 2 - Download [Tails](https://tails.boum.org/install/download/index.en.html)
{% hint style="info" %}
Tails 4.13 USB image comes with everything needed for Eth 2.0 key generation.
{% endhint %}
## Step 3 - Burn Tails ISO image to USB
{% hint style="info" %}
### You can open "Show Applications" by clicking the bottom left icon: 
{% endhint %}
### Search `startup disk creator` and click the icon:
### Choose ISO and **`Make Startup Disk`:**
{% hint style="danger" %}
**The USB will be completely wiped, be sure to back up any important data!**
{% endhint %}
### Installation Complete:
{% hint style="success" %}
Congratulations, You have successfully created a Tails secure boot USB!
{% endhint %}
## Step 4 - Disconnect Internet
{% hint style="danger" %}
### **DISCONNECT INTERNET || aka AIR-GAP**
Physically unplug all modems, routers, and Ethernet cables. Make sure you never turn on WIFI or any networking capabilities. It should be IMPOSSIBLE to connect to the internet.
{% endhint %}
## **Step 5 -** Tails Live USB: Boot Process
{% hint style="info" %}
**`F-10`**at computer startup is the standard method to enter the one-time boot menu. \
If that doesn't work, search online for your machine ( e.g. "Dell XPS 15 one time boot menu")
{% endhint %}
Ideally you would use a new computer that has never connected to the internet, but it is generally safe to use a personal computer that is virus free and air-gapped
### Tails Live USB - Boot Process
1. Begin with the computer powered down
2. Plug the Tails live USB into the computer
3. Start the computer and continually press **`F-10`** until you enter one-time boot menu
4. Choose the Tails USB in the boot menu
## Step 6 - Tails Startup Screen
{% hint style="info" %}
Tails should boot into the GRUB screen, with Tails OS being the first option.
{% endhint %}
This screen is GRUB for Ubuntu, but tails should look similar:
{% hint style="info" %}
Tails OS will be the first option. Hit `ENTER` to continue on to startup settings.
{% endhint %}
### Startup Options:
{% hint style="info" %}
Click the + sign in the bottom left corner
{% endhint %}
{% hint style="info" %}
Click `Network Connection` and change to DISABLE ALL NETWORKING
{% endhint %}
## Step 7 - Extract `eth2.0-deposit-cli`
{% hint style="info" %}
Move your mouse to the upper left corner to open the application viewer, and search "files".
Click on the icon or press `ENTER` to open the file viewer.
{% endhint %}
### File Viewer
### Plug in the second USB stick
{% hint style="info" %}
The USB drive should automatically appear in the bottom left when you insert the USB.
{% endhint %}
### Click on the USB drive
### Double-click on the eth2deposit-cli tarball to extract the binaries
### Click `Home` in the top left, then click `Extract`
### Extraction Completed Successfully
### Click `Show the Files`
{% hint style="info" %}
Clicking on "show the files" won't actually bring you to the extracted files. It brings you to the following home screen. You can then click the "amnesia" folder.
**Note:** `amnesia` is the default username within Tails OS.
{% endhint %}
### Enter the `/home/amnesia` folder
{% hint style="info" %}
**Note**: In Linux systems `$HOME/amnesia` is the same as `/home/amnesia`
{% endhint %}
{% hint style="info" %}
You should see a folder with the same name as the tarball file.
{% endhint %}
### Rename the extracted Eth2 deposit folder `eth2.0-deposit-cli`
### Updated Home Folder
## Step 8 - Generate Eth 2.0 Keys
### Open a new terminal window
{% hint style="info" %}
Move your mouse to the upper left, then search "terminal"
{% endhint %}
### Tails Terminal Window
### Change directory to `eth2.0-deposit-cli`
```
cd eth2.0-deposit-cli
```
### Run `ls` to check folder contents
```
ls
```
{% hint style="info" %}
You should see a single green file called `deposit`
{% endhint %}
### Run `./deposit new-mnemonic`
```
./deposit new-mnemonic
```
### Deposit script parameters
{% hint style="info" %}
You will be asked to provide the following responses:
1. Mnemonic language: \[default english]
2. How many validators you wish to run
3. Choose network: \[default mainnet]
4. Type a password to secure your validator
5. Repeat password for confirmation
{% endhint %}
## Step 9 - Mnemonic Seed
{% hint style="danger" %}
The 24 word mnemonic seed is necessary to withdraw your staked Eth. Without the seed, you will be unable to transfer/withdraw and your Eth will be lost forever.
You need enough copies in case of disaster (fire, flood, theft), but additional copies increases chances of falling into the wrong hands. If someone finds your mnemonic, they get your Eth.
{% endhint %}
### After confirming the password, you'll be given a mnemonic seed phrase:
### Write down the mnemonic, then reenter to ensure it's correct:
{% hint style="info" %}
A few things to keep in mind regarding the 24-word mnemonic phrase:
* Make sure you use durable paper and permanent pen
* Store in a waterproof, fireproof bag inside a safe
* A bank security box is useful in preventing the [$5 wrench attack](https://xkcd.com/538/)
* Minimum of 2 copies in case of loss
{% endhint %}
{% hint style="info" %}
After reentering the mnemonic, the `validator_keys` and `deposit_data` will be created.
{% endhint %}
### Run `clear` to clear the terminal window**:**
```
clear
```
### Navigate to the `/home/eth2.0-deposit-cli` directory:
{% hint style="info" %}
You should see a new folder called `validator_keys`, enter the folder.
{% endhint %}
{% hint style="danger" %}
### THESE FILES ARE VERY IMPORTANT
**Files can be found at:**`/home/amnesia/eth2.0-deposit-cli/validator_keys`
* **`deposit_data-[timestamp].json`**
* contains data used to register your validator on the Eth2 launchpad
* **`keystore -[timestamp].json`**
* validator keystore file protected by password (aka validator signing key)
The mnemonic seed (24 words) is used to create the keystore file and withdrawal signatures.
### **If you lose the mnemonic seed, your stake is lost forever.**
{% endhint %}
### Open the `deposit_data` json file
{% hint style="info" %}
The above `deposit_data` is for the following mnemonic seed:
**text patch phone badge special hurry apart teach control smoke frost cherry urban quote segment polar depend camera inherit this limit damp soccer cement**
If you use that seed for `./deposit existing-mnemonic`, you'll get the same `deposit_data`
{% endhint %}
### Open `keystore` file
{% hint style="info" %}
Unlike the `deposit_data` file, the `keystores` will vary slightly every time it's generated.
Although some info will change, you'll always generate the same PUBKEY address if you use the same mnemonic (Note: A single mnemonic can generate an unlimited # of keystores)
Practice below with `./deposit existing-mnemonic` to fully understand the concept.
{% endhint %}
## Step 10 - Save `deposit_data` and `keystore`
### Open a new file viewer window
{% hint style="info" %}
You can right click on the USB and choose "Open in New Window"
{% endhint %}
### Copy validator keys to external USB
### Confirm that the `validator_keys` folder is saved on the USB:
{% hint style="info" %}
The `keystore` file is used to create validator signatures. You should keep an extra copy, but you can always use your mnemonic seed to generate a new keystore if necessary.
{% endhint %}
### Shut down the Tails OS
## Step 11 - Prymont Testnet
You can test your newly generated keys using the Launchpad and following one of these Eth2 guides:
### AGSC Prymont Guide: [Lighthouse](https://app.gitbook.com/@agstakingco/s/pyrmont-lighthouse-eth-2-0-staking-guide/)
### Somer Esat: [Lighthouse](https://someresat.medium.com/guide-to-staking-on-ethereum-2-0-ubuntu-pyrmont-lighthouse-a634d3b87393?sk=459494148fdab0b03c675ea0864d7486) || [Nimbus](https://someresat.medium.com/guide-to-staking-on-ethereum-2-0-ubuntu-pyrmont-nimbus-e6592c110843?sk=c0ef6aefdf68305739832a569ed0a454) || [Prysm](https://someresat.medium.com/guide-to-staking-on-ethereum-2-0-ubuntu-prysm-56f681646f74?sk=b61691b713d37802b8345855dc356b02) || [Teku](https://someresat.medium.com/guide-to-staking-on-ethereum-2-0-ubuntu-teku-e4247e7c75a1?sk=6d63b55ebe821bd18788c99fa81e437c)
{% hint style="success" %}
Be sure to join the [EthStaker Discord](https://invite.gg/ethstaker) if you run in to any issues when trying to stake!
{% endhint %}