I’m writing this up as a guide on how to make an existing EOSIO account use a Ledger device. If you don’t have an EOSIO account already, you’ll need to create one first before this guide is applicable to you - however one thing to note is that if you use a service that asks what you’d like your public keys to be, you can use the public key of your Ledger during creation to start with a Ledger controlled account.
The steps in converting an account to use a Ledger (or any hardware wallet) are as follows:
- Find the PUBLIC key of your Ledger device.
- Load the PRIVATE key of your account into Anchor.
- Change the PERMISSIONS of your account to use the PUBLIC key of the Ledger.
- Remove and re-import your account in Anchor.
Just as a word of warning for those going through this process… be very careful when changing the keys of your account. If you change the keys to a private key you don’t have control of, you may not be able to recover the account or any tokens held by that account.
The first thing you’ll need to do is figure out what the PUBLIC KEY of the Ledger device is for EOSIO. Each Ledger device internally generates its own keys, which are based on the seed phrase of the Ledger itself. You can find the public key of the Ledger from within Anchor by using the “Ledger” tool found in the “Tools” section.
With the Ledger connected, unlocked, and with the EOS app running on the Ledger, go into Tools and then Ledger. You’ll be greeted with this screen:
The Ledger here shows that it’s connected as well as displays a number of pieces of information about how the Ledger and Anchor are connected.
The blue button towards the bottom lets you “Load Public Key”, which asks the Ledger device for the public key at a certain index. You can (and probably should) leave the index at 0, which essentially means “load the first public key”. Hit the button, and you’ll be given a PUBLIC KEY. It will appear right below this load button.
The public key will look like this:
Right below the key is also an option to request that the Ledger display its key on the screen. You click this button and the Ledger will show the exact same key to verify that Anchor hasn’t shown you the wrong key.
Copy this public key to a text file or someplace you can access it again, you’ll need it in later steps.
You can also come back to this screen inside Anchor to get the key again.
If you haven’t already, you’ll need to load the account you’d like to convert to the Ledger keys into Anchor. If you have your keys already loaded in Anchor, you can likely skip this step. One thing to note however is that there are 2 keys for each account, the OWNER and the ACTIVE keys. If you want to change both of these keys to the Ledger you’ll need to ensure you either have the OWNER key loaded, or both the OWNER and ACTIVE keys (if they are different).
Importing an account can be done through the “Manage Wallets” interface. You will want to:
- Import Existing Account
- Import via Private Key
- Enter the Private Key
- Select the account(s) to import
Now with the account you’d like to convert imported, select it using the account dropdown.
With the account you’d like to modify selected, go back into “Tools” and look for the “Permissions” section. This area lets you change which keys control your account, and we’ll be using it to update those keys to match that of the Ledger. Make sure you have the correct PUBLIC KEY from step 1 for this.
If you are changing both the OWNER and ACTIVE keys for the account, I would recommend you change the ACTIVE key first. By changing the ACTIVE key first, your OWNER key will remain as-is, so if something goes wrong while changing the ACTIVE key you’ll be able to recover your account with the OWNER key.
To change the ACTIVE key, click the purple Modify button on the active permission. A popup will appear that asks you for the new PUBLIC KEY to use for this permission.
Enter the PUBLIC KEY from Step 1 here, ensure it is correct, and submit the transaction. If this transaction is successful, the loaded account will now be controlled by the Ledger and its keys.
You can repeat this same process for the OWNER key - but I would first make sure the ACTIVE key is setup properly and perform at least a test transaction first to ensure everything is setup properly.
You can verify your accounts keys have been updated by visiting a block explorer like bloks.io or EOSAuthority.com and searching for your account name. Look at the “Keys” section of the block explorer and check if they match. One thing to note is that some explorers show the
PUB_ format of keys instead of
EOS, and if you click the icon next to the key it should swap between them. These two formats are compatible with each other - don’t let that throw you off.
Once you see your keys are updated successfully, you can move to the next step and setup Anchor to use the Ledger + New Permission.
As of writing this, Anchor does not automatically have a feature that switches from using a private key to using a Ledger for an already imported account. So, you’ll need to remove the account and then set it up again using the Ledger process.
To do this, go into the “Manage Accounts” section of Anchor. You’ll want to find the account/permission you just changed, and then use the dropdown on the right side of the account to remove the account. After the account is removed, you the import feature to import it, except this time instead of using a private key you’ll use the Ledger option:
- Click “Import Existing Account”
- Click the “Load from Ledger” option
- This will find accounts associated to your ledger, select it, and then import.
You should now have your account loaded and this time it’ll use the Ledger. Any time you want to use this account, you’ll need your Ledger device connected with Anchor and all transactions will require approval from the Ledger device.
Perform a test transaction, try sending a small amount or voting for block producers, and see if it all works. Once you’re confident in it working, you can go back and change your owner key in the same process (if you’d like).
Questions? Feel free to ask below.