Eth 2.0 Key Generation: Tails Live USB
This guide demonstrates how to generate Eth 2.0 validator keys using Tails to boot from USB.
Eth 2.0 Prymont Staking Guides:
Prymont is the current Eth2 testnet. See here for my Lighthouse guide, or follow one of Somer Esat's:
DISCLAIMER - FOR EDUCATIONAL PURPOSES ONLY
USE AT YOUR OWN RISK
There is no guarantee this guide will function for mainnet deposits.
Ethereum 2.0 is experimental software. Staking is inherently risky. Generating keys is risky. I am not an expert. This guide should not be relied upon for any mainnet transactions.
Practice on testnet before attempting any mainnet transactions.
Guide Summary:
Why Tails?
Tails, or The Amnesic Incognito Live System, is a security focuses OS aimed at preserving privacy and anonymity. Tails has a few characteristics that make it ideal for Eth 2.0 key generation:
Designed to be booted as a live USB (secure boot from any computer)
Leaves no digital footprint on the machine unless explicitly told to do so.
Ability to disable all networking capabilities on boot screen
All its incoming and outgoing connections are forced to go through Tor
Security Concerns
This guide focuses creating a secure desktop environment for key generation. There are thousands of different aspects of security that this guide will not address.
Remember that a $5 wrench attack is probably be your biggest security threat.
This guide uses the following mnemonic seed to generate keys:
Step 1 - Download eth2.0-deposit-cli
Key Generator
eth2.0-deposit-cli
Key GeneratorPlease be sure you are using the official Ethereum Foundation GitHub account.

SHA256 Checksum - OPTIONAL
cd ~
cd Downloads
ls
Run sha256sum - OPTIONAL
sha256sum eth2deposit-cli-ed5a6d3-linux-amd64.tar.gz

Move the tarball to the 2nd USB:

Step 2 - Download Tails

Step 3 - Burn Tails ISO image to USB
Search startup disk creator
and click the icon:
startup disk creator
and click the icon: 
Choose ISO and Make Startup Disk
:
Make Startup Disk
:The USB will be completely wiped, be sure to back up any important data!

Installation Complete:

Congratulations, You have successfully created a Tails secure boot USB!
Step 4 - Disconnect Internet
DISCONNECT INTERNET || aka AIR-GAP
Physically unplug all modems, routers, and Ethernet cables. Make sure you never turn on WIFI or any networking capabilities. It should be IMPOSSIBLE to connect to the internet.
Step 5 - Tails Live USB: Boot Process
Ideally you would use a new computer that has never connected to the internet, but it is generally safe to use a personal computer that is virus free and air-gapped
Tails Live USB - Boot Process
Begin with the computer powered down
Plug the Tails live USB into the computer
Start the computer and continually press
F-10
until you enter one-time boot menuChoose the Tails USB in the boot menu
Step 6 - Tails Startup Screen
This screen is GRUB for Ubuntu, but tails should look similar:

Startup Options:


Step 7 - Extract eth2.0-deposit-cli
eth2.0-deposit-cli


File Viewer

Plug in the second USB stick

Click on the USB drive

Double-click on the eth2deposit-cli tarball to extract the binaries

Click Home
in the top left, then click Extract
Home
in the top left, then click Extract

Extraction Completed Successfully

Click Show the Files
Show the Files

Enter the /home/amnesia
folder
/home/amnesia
folder
Rename the extracted Eth2 deposit folder eth2.0-deposit-cli
eth2.0-deposit-cli

Updated Home Folder

Step 8 - Generate Eth 2.0 Keys
Open a new terminal window

Tails Terminal Window

Change directory to eth2.0-deposit-cli
eth2.0-deposit-cli
cd eth2.0-deposit-cli
Run ls
to check folder contents
ls
to check folder contentsls
Run ./deposit new-mnemonic
./deposit new-mnemonic
./deposit new-mnemonic

Deposit script parameters

Step 9 - Mnemonic Seed
The 24 word mnemonic seed is necessary to withdraw your staked Eth. Without the seed, you will be unable to transfer/withdraw and your Eth will be lost forever.
You need enough copies in case of disaster (fire, flood, theft), but additional copies increases chances of falling into the wrong hands. If someone finds your mnemonic, they get your Eth.
After confirming the password, you'll be given a mnemonic seed phrase:

Write down the mnemonic, then reenter to ensure it's correct:


Run clear
to clear the terminal window:
clear
to clear the terminal window:clear
Navigate to the /home/eth2.0-deposit-cli
directory:
/home/eth2.0-deposit-cli
directory:

THESE FILES ARE VERY IMPORTANT
Files can be found at:/home/amnesia/eth2.0-deposit-cli/validator_keys
deposit_data-[timestamp].json
contains data used to register your validator on the Eth2 launchpad
keystore -[timestamp].json
validator keystore file protected by password (aka validator signing key)
The mnemonic seed (24 words) is used to create the keystore file and withdrawal signatures.
If you lose the mnemonic seed, your stake is lost forever.

Open the deposit_data
json file
deposit_data
json file
Open keystore
file
keystore
file
Step 10 - Save deposit_data
and keystore
deposit_data
and keystore
Open a new file viewer window

Copy validator keys to external USB

Confirm that the validator_keys
folder is saved on the USB:
validator_keys
folder is saved on the USB:
Shut down the Tails OS

Step 11 - Prymont Testnet

You can test your newly generated keys using the Launchpad and following one of these Eth2 guides:
AGSC Prymont Guide: Lighthouse
Be sure to join the EthStaker Discord if you run in to any issues when trying to stake!
Last updated
Was this helpful?