At some point in the near future, I hope to run a ETH validator from home. I’m using the eth-docker project, and got my validator configured for testnet and I’m fairly comfortable with the overall process. Now I’m thinking about how best to protect and secure the validator and/or withdrawal keys using my ledger nano hardware wallet.
From my research, I believe there are 3 ways to use the ledger nano wallet while setting up ETH staking node.
1. Using the ledger nano to sign the transaction when depositing the 32 ETH to the deposit contract. This is an obvious one. No debate needed. Edit – Make sure DEBUG and SMART CONTRACT is enabled on the Ledger
2. When creating the deposit contract with the deposit cli tool, use the “–eth1_withdrawal_address” option and specify the ledger nano managed address for the withdrawal credentials. A mnemonic will still be generated for the validator key recovery.
./deposit –eth1_withdrawal_address YOURHARDWAREWALLETADDRESS
3) When creating the deposit contract with the deposit cli tool, use the “existing-mnemonic” option and provide the mnemonic used by the ledger nano wallet. This would be done using a offline/air-gapped computer booting off a Ubuntu Live USB/CD and a pre-downloaded deposit-cli tool that has been SHA256 verified.
Edit, added option 3a.
3a) This is similar to option 3, except instead of using the ledger generated mnemonic with the deposit-cli tool, we use the deposit-cli tool generated mnemonic to “recover” the ledger. The results are basically the same, one shared mnemonic between the ledger hw wallet and the validator/withdrawal keys.
I’m leaning heavily to option 3, and using the “existing-mnemonic” option. I believe the biggest issue/risk with this option is exposing the ledger nano recovery mnemonic when using the deposit-cli tool. However, like I stated, I plan to use a Ubuntu Live CD on an air-gapped computer and confident I can do it securely. I already have an existing process to recover/secure my ledger mnemonic so I think the advantages out weight the risk.
Wanted to get the communities opinion and feedback incase I’m not understanding everything correctly.