Color Mode
  • Use system setting
  • Light mode
  • Dark mode
  • Subscribe to our Newsletter Newsletter
    Follow us on Twitter Twitter
    RSS Feed RSS

    How to securely create Cosmos/Osmosis wallet private keys

    In this post, we explain how to create a private key for Cosmos wallets. The use cases include programmers or advanced blockchain and DeFi users. This is especially handy for any keys you need to share with your team: one-off deployment keys, hot wallet keys and so on.

    Preface

    Creating cryptocurrency wallet securely is important, as there have been several issues of weak random number generators causing hacks and losses.

    In this post

    • We create a private key using secure UNIX (Linux/macOS) command line tools. Particularly, we do not use any unsafe websites.
    • We show how to back up the private key securely.
    • We import this to Keplr wallet to.
    • This method is compatible with Cosmos Hub, Osmosis, Juno, EVMOS, Stargaze, Crypto.org and many other Cosmos chains.

    Creating a private key

    A private key is a 256-bit non-guessable integer. There is nothing magical about it, it is just a hard-to-guess number. To create a private key on your developer laptop, you can use console tools. You can even do this offline, so this way the key never leaves your laptop, as opposed to website based key generators.

    Install the OpenSSL command line tool. The openssl can create a random 256-bit number with nice hex output:

    openssl rand -hex 32

    The output is 32 bytes, or 256 bits, and looks like this:

    3d3e2d710052f97ee76e5f8f57734198e2deb92d9f8659051276aec1327a22e2

    This is often called a "raw private key" as it is not derived from any seed words, also known as a mnemonic. The randomness is sourced from a cryptographically secure /dev/urandom random number generator (RNG) device on your laptop.

    Backing up the private key

    • Print it out on a paper
    • .. .or store the generated number in a secure password manager

    As we are going to store this key in our wallet any case, the security of this key is not going to be the maximum security. For more security, you should always use a hardware wallet and/or a multisignature wallet. Creating keys and storing them in a password manager is not giving you the best security. But for many programmatic use cases, like one time deploy keys, it is more than safe enough.

    Importing a raw private key to Keplr

    You can import the raw private to the Keplr wallet:

    Then choose the Private key option:

    Now you can have the private key account in your Select account menu:

    And then you can choose to use this private key with different Cosmos blockchains like Osmosis: