The Ultimate Guide to Ledger and Proton XPR

Finally, the long-awaited guide to Ledger and Proton XPR has arrived!

This guide goes step by step through the process of securing your Proton account using Ledger Nano, we cover both models: Nano X and Nano S. As both devices function the same way we will use Ledger Nano through the article and mention the model only if necessary.

The guide is only applicable for use with Proton mainnet, it does NOT apply to the ERC20 version of XPR. Thus we assume you already have Webauth.com (Proton) Wallet. If you have ERC20 XPR you can transfer it to Ledger Ethereum address since, use Ledger Live for the purpose.

💡
Once you move to Ledger you will no longer be able to use your WebAuth.com wallet and you will have to sign each transaction physically on Ledger Nano.

Introduction

Ledger is a hardware wallet that allows you to "store" your crypto and manage it through a physical device. Instead of keeping the coins on many different exchanges or different wallets, it allows users to consolidate them and store them securely on a single physical device. You may have heard of the quote "Not your keys, not your coins", meaning that if you don't own the private keys to your coins then the coins are not really yours. With Ledger, the private keys are offline, securely stored on the device and never leave it. Each transaction has to be signed/approved physically by pressing a button on the device.

The way it works is that when you enable a particular coin on Ledger you get a deposit address, this address lives on the blockchain where the coin does but the keys to access it are on your Ledger device. That's why it's called a hardware wallet - you send the coins to an address that is protected by a hardware device. This applies to coins that are supported by Ledger.

Similarly, users are interested in how to move their Proton XPR from Webauth.com Wallet (or Proton Wallet) to Ledger. Here's the thing, Ledger does NOT support Proton mainnet. Instead, we change the ownership of your Proton account so that the keys that control it are no longer in your Webauth.com Wallet but on your Ledger device.

Generally, Webauth.com wallet is very secure and relies on your mobile device secure chip (Secure Enclave on iOS and TrustZone chip on Android). It's very unlikely for anyone to steal it thus the majority of thefts happen because users share their private keys with scammers.

Ledger Nano S vs Ledger Nano X

I'm sure there are a ton of articles that compare both and list their benefits but for us clearly, Ledger Nano X is better. It feels more premium, it has more space and it's slightly easier to navigate using your thumbs (as opposed to index fingers). The only "downside" of Nano X is its price. At the time of writing this Nano S sells for £54 whereas Nano X for £136:

High-level migration steps

The migration process sounds complex but once you read this guide you will understand how easy it is to move to Ledger.

The process consists of a few simple steps:

  1. Export Webauth.com (or Proton) wallet key and import into Anchor Wallet.
  2. Login to protonscan.io with Anchor Wallet using the key exported in the first step.
  3. Replace the owner and active keys of your Proton account with one of the Ledger Nano public keys.
  4. Enable Ledger integration in Anchor Wallet and import your account that is now using the key on Ledger.
  5. Use Protonscan block explorer with Anchor Wallet (with Ledger enabled) to manage your wallet and execute transactions such as sending XPR, staking and voting.
💡
Anchor Wallet is required as it offers perfect integration with Ledger whereas direct connectivity does not always work. Starting January 2022, Chrome deprecated the U2F API for interacting with security keys.

Prerequisites

  1. You need a desktop PC, migration to Ledger cannot be done on a mobile device.
  2. Install Ledger Live on your PC so that you can upgrade Nano firmware.
  3. Install Anchor Wallet on your PC. We will be using Anchor Wallet for the migration and also interact with Proton Chain.  
  4. Have WebAuth.com (or Proton) wallet private key in hand.

Ledger Nano S/X setup

When you get a Ledger Nano device you need to initialize it. The process for Nano S and Nano X is the same. If you are an existing user of Ledger and already initialized yours, then jump to step 5:

  1. Install Ledge Live on your mobile or desktop and follow the instructions on the screen to initialize your Ledger Nano device. Ledger Live is supported on Windows, macOS and Linux as well as Android.
  2. The first thing to do is to set up a PIN for the device. This is to physically secure the device. Every time the device is connected to a PC or goes idle you need to unlock it by using the PIN.
  3. Next, you will be given a 24-words recovery phrase that you need to write down. These are 24 random words that will be used to generate your master seed. Well, not really random, Ledger uses a standard called BIP 39 hence the 24-word mnemonic is generated of only the 2048 words from the BIP 39 English wordlist.
  4. You should be able to see your Ledger Nano device in Ledger Live now. Update the device to the latest available firmware.
  5. Install EOS application on Ledger Nano. This will allow your device to sign Proton transactions since Proton is a fork of EOSIO as is EOS and the protocol is the same. The EOS app is where the key pairs will be generated, they are derived from your master seed (based on the 24-word recovery phrase).
💡
You can manage your Ledger device on a desktop PC or mobile BUT upgrading of firmware is only possible on a desktop PC.
🚨
The 24-word recovery phrase is the only way to recover your Ledger device should you ever lose it. Store this in a secure and safe place and NEVER share it with anyone.

Here are links to the documentation of Ledger Nano S and Ledger Nano X.

Anchor Wallet setup

Anchor Wallet is a security and privacy-focused wallet for EOSIO-based networks, including Proton Chain. It is an open-source wallet developed by Greymass and it's been around for a few years now. For reference, Greymass is a block producer (teamgreymass) on Proton Chain and they also have a presence in the Proton telegram channel.

The best thing about Anchor Wallet is that it is cross-platform. It works on Windows, macOS, Linux as well as iOS and Android. Furthermore, the desktop version of Anchor allows integration with Ledger devices to provide an extra layer of security. Download Anchor Wallet here:

Anchor Wallet for Desktop and Mobile | Greymass
An eosio block producer creating solutions for the age of the distributed ledger. Projects include Anchor, Fuel, ESR and more.

It only takes a minute to install Anchor Wallet and once it starts click on Setup an Account to set a local password (this is extra security and a password is required when you have to unlock local wallets or import accounts). Then select Proton in the following screen of Blockchains selection:

There are two additional configuration steps that you need to do in Anchor Wallet, one is to enable dangerous transactions and the other one is to enable Ledger integration.

Enable Ledger Support

Next, enable Ledger integration in Anchor Wallet. Connect Ledger Nano to your PC, unlock the device and start the EOS application. Then, go back to Anchor Wallet and click the middle icon in the top right corner:

Enable dangerous transactions

There is one more configuration change that is required so we can complete the migration of the keys - allow dangerous transactions. Otherwise, you will get the following message when you try changing any of the keys:

This request has a forbidden action.
Anchor prevents certain types of actions from being performed to help protect your account(s).
Error Code: ESRURI_UPDATEAUTH_FORBIDDEN

To do that, go to Anchor Wallet setting in the top right corner, scroll down to Advanced options and select enable dangerous transactions:

Move an existing account to Ledger

Once you installed Anchor Wallet we move to the actual key migration. This is a straightforward two minutes job.

The way that it's done is that we replace your Proton account public key, which was automatically generated when you created your account, with the ones that are on the Ledger Nano. And since the public key is derived from a private key, it's very easy to confirm its authenticity. It relies on asymmetric cryptographic algorithms that generate a pair of separate keys (we call that key pair), one is the private key and the other is the public key.

💬
Remember that when you use Anchor Wallet or Protonscan with Ledger, the device must be unlocked and you must start the EOS application Ledger. Sometimes Anchor Wallet or Protonscan complain that Ledger is locked although it is not, in that case, exit EOS app and start it again or unplug and plug the device.

Export webauth.com (or Proton) wallet private key

The first thing you need to do is export webauth.com/proton wallet private key:

💡
If you are using Proton Wallet or migrated from Proton Wallet, your private key might look a bit different than the one above. That's because Webauth.com wallet is using a new different format. Refer to Keys format and compatibility at the bottom of the page for more information.

The long string on the third picture is your private key. Make a copy as we will need that in the next step.

Import your account in Anchor Wallet

Now that you have your wallet private key, go back to Anchor Wallet and click Import an existing account:

At this point, you get three options to import an account into Anchor Wallet:

  • Import Private key: Import and existing WebAuth.com Wallet private keys.
  • Load from Ledger: Import an account whose keys were previously migrated to Ledger.
  • Import from key certificate: Import an account created by Anchor Wallet, using a key certificate.

Click on the first one, Import Private key.

On the following screen, you put the private key in the text box and the wallet will automatically find the account on the chain matching this private key. If your account doesn't come up then there is a problem with the API node, check the bottom of this post on how to fix it.

The moment I paste the key in the textbox, Anchor found two privileges matching that private key: ledgerdemo1@owner and ledgerdemo1@active.

Each Proton account has two keys associated with it and each key has certain permission attached to it:

  • Owner key: As the name suggests this permission controls the ownership of the account. It's like superuser or administrator permission and allows you to add or change other account permissions
  • Active key: The active key is more restricted than the owner and it is used for transferring funds, voting for block producers and staking.

Select the owner key so, this will allow you to change account keys:

💡
If for some reason you can't see your account after adding the private key it's very likely that the API endpoint is down and you need to change it. Click on the Proton icon at the top then Manage Blockchains, find Proton and change the address on the right to https://proton.protonuk.io

Click Import Accounts and enter the Anchor Wallet account password and that's all. Your WebAuth.com wallet owner key is now loaded in Anchor and you can control your Proton account using Anchor Wallet:

Retrieve Ledger Nano public key

There are two ways to retrieve your Ledger Nano public key, either using Anchor Wallet or by using Protonscan explorer directly with Ledger. However, direct connectivity does not always work and it's best if you use Anchor Wallet only.

Option 1: Using Anchor Wallet

Make sure Ledger Nano is unlocked and EOS application running. Then go to Anchor Wallet, click Tools on the left and then on Ledger under Hardware wallet support. Click on Load Public Key and you will get the first public key (index 0):

Option 2: Using Protonscan explorer

* This option only works on certain platforms and browsers, refer to compatibility list at the end of the articles  *

Make sure Ledger Nano is unlocked and EOS application running. Then go to protonscan explorer, click on Login in the top right corner and then select Ledger Nano X/S. Under the search box Search Indices you specify which public key to be used, put 0 to read the first public key.

Click on HID:

You may notice that the key from Anchor is different from the one in Protonscan. That's because Protonscan is using the new format, and Anchor is using the old format.

💡
PUB_K1 keys are the new format for public keys and are interchangeable with the old format starting with EOS. Refer to Keys format and compatibility at the bottom of the page for more information.

Replacing your Proton account keys

Login to Protonscan explorer with Anchor owner key that we just imported. Click Login in the top right and then select Anchor:

You'll get a signing request popup in Anchor Wallet that you need to approve:

You are now logged in to Protonscan as ledgerdemo1 with the owner key (privilege):

Next, go to Wallet and then Key and Permissions from the left tab menu:

💬
This is the final and most important step of the migration - change of your account keys to Ledger keys.
💡
PUB_K1 keys are the new format for public keys and are interchangeable with the old format starting with EOS. Refer to Keys format and compatibility at the bottom of the page for more information.

At this point, we will move the ownership to Ledger by replacing both keys, owner and active.  However, we want to replace the keys one at a time, starting with the active key and making sure it works fine before moving the owner key.

While logged in to protoscan, on the same page put the public key you got from Retrieve Ledger Nano public key into New Active Key textbox and click Change Permission, sign the transactions with Anchor Wallet:

You will get a message that the transaction was successful. Note that the active key at the bottom has changed, click on the key icon (🔑) so see the key in the other format. Read Keys format and compatibility for more info.

Another way to confirm that is to check your account at protonscan, you can find the transaction that was executed to replace the active key:

So far so good. Now that we moved the active key (permission) to Ledger we want to test this out before changing the owner key too. The easiest way to do that is to quickly sign a transaction using Anchor Wallet + Ledger, either send XPR to someone, stake or vote (you can vote as many times as you want). Here's how to do it:

  • Connect your Ledger Nano, unlock it and start EOS application.
  • Make sure Ledger is connected to Anchor Wallet, middle button in top right corner.
  • Click on the wallet at the top and then Manage Wallets.
  • Click Import Existing Account.
  • Then click the Load from Ledger option.
  • This will find accounts associated with your Ledger, select it, and then import.

The process is illustrated in the gallery below:

Now we have loaded the ledgerdemo1@active account (permission) into Anchor Wallet which key actually lives on Ledger. The other account, ledgerdemo1@owner is still using the key that is loaded in Anchor, we will be changing this next after we confirm the change of the active key was successful.

While at the same screen, click Use Wallet for the newly imported account so that's the default signing wallet.

Now, go to protonscan, login with the new account, this time however when you click the sign button in Anchor Wallet you will need to review and confirm the transaction on your Ledger device:

Finally, send XPR to someone, short stake OR vote in order to confirm that the key migration was successful and you can sign transactions:

Once you confirm the active key and Anchor Wallet + Ledger integration are functioning properly you can complete the migration by changing your account owner key to the same as the active key using the steps above.

Remember that you only need to login with owner permission if you are going to change or add active key again, you can import the owner permission in Anchor the very same way we did for the active one.

With this the migration to Ledger Nano is complete!

Now the keys in your WebAuth.com Wallet and Anchor Wallet are invalid and cannot be used anymore. Go to Webauth.com Wallet, click on the profile icon at the bottom and then refresh or change to another account. This will enforce the removal of your wallet completely off Webauth.com wallet and won't be visible anymore.


Create a new account on Ledger

If you are not keen to go through the above procedure, another approach would be to create a new account using the Ledger Nano key straight away. This is easier and faster since there is no need to replace keys but the new account will be using Ledger immediately.

This 2-accounts approach is also good if you want to keep the majority of your XPR in a cold wallet but still enjoy the perks of webauth.com wallet, essentially having both a cold and a hot wallet.

It's a very simple 2 steps process:

  1. Retrieve Ledger Nano public key first - either through Anchor Wallet or Protonscan explorer.
  2. Create a new wallet - either on Protonresources or Protonscan explorer. You need to login with your existing account prior to that. The cost of new account is 28 PR

Retrieve key and create an account on Protonscan

* This option only works on certain platforms and browsers, refer to compatibility list at the end of the articles  *

Make sure Ledger Nano is unlocked and EOS application running. Then go to protonscan explorer, click on Login in the top right corner and then select Ledger Nano X/S. Under the search box Search Indices you specify which public key to be used - we already used 0 and 1 hence I will be using 2 here. Once you retrieve the key login to Protonscan with your Webauth.com wallet and go to Create Account. Put the name of the new account, paste the Ledger public key and change the RAM amount to 14000 - this is what Proton accounts get when created using Webauth.com wallet:

Retrieve key in Anchor Wallet and create an account on Protonresources

Make sure Ledger Nano is unlocked and EOS application running. Then go to Anchor Wallet, click Tools on the left and then on Ledger under Hardware wallet support.  Click on Load Public Key and you will get the first public key (index 3):

💡
If Tools option on the left is not available then go to the Setting top right and enabled advanced options under Advanced User Options.

Now, when we import accounts from Ledger in Anchor Wallet you need to click on Ledger Settings and set the key (path) you want to import. In the example below the first key (0) is used and the other three (1,2,3). The result is having four different Proton accounts protected by different Ledger keys and managed through Anchor Wallet and Protonscan explorer:


Frequently Asked Questions

Naturally, you may have more questions and we tried to address them below:

Q: Does that mean I need to carry a laptop and Ledger with me all the time?
A: No, with the introduction of webauth you can add another authentication method to your account and sign all transactions directly in the browser or mobile device. Such a device is Yubikey and that's the topic of our next article that's in progress.

Q: What if I lose my Ledger device?
A: When you initially set up your Ledger you were given a set of “seed words”. If your device breaks or you lose it, you just need to introduce the same seed on a new device. You can also create a backup device from day 1 and lock it somewhere safe.

Q: I now secured my Proton account with Ledger Nano device, can someone steal my XPR?
A: Well, the private key on the Ledger is safe but not the 24 words that you got when you set up Ledger initially. Thus, NEVER give them to ANYONE under any circumstances and make sure they are safe!


Platform and browser compatibility

As of January 2022 Chrome API that enabled Ledger support (U2F) no longer supports hardware wallets. Using Ledger with Protonscan directly (instead of using Anchor Wallet with Ledger integration) is only supported on a few browsers:

Windows 10:

  • ✅ Chrome (version 98) using HID
  • ✅ Edge (version 97) using HID
  • ❌ Firefox (version 96)

Keys format and compatibility

Thanks to Aaron Cox for the explanation below

You may have noticed that your Proton account

PUB_K1_5mzPBzsAB6Qge2V8AyuZCwSasUPL1p89SZUX99YhpasHRtkhoW
    EOS5mzPBzsAB6Qge2V8AyuZCwSasUPL1p89SZUX99YhpasHY6UyZY

Although they look different these two public keys are actually the same. Here’s the anatomy of these keys:

PUB_K1_5mzPBzsAB6Qge2V8AyuZCwSasUPL1p89SZUX99YhpasHRtkhoW
\_____/\__________________________________________/\____/
  |                    |                              |
  Key Prefix           Key Data                       Checksum


EOS5mzPBzsAB6Qge2V8AyuZCwSasUPL1p89SZUX99YhpasHY6UyZY
\_/\__________________________________________/\____/
 |                    |                           |
 Key Prefix           Key Data                    Checksum

The Key Prefix at the beginning of each key is different, as well as the checksum at the end. The Checksum at the end isn’t part of the key itself, it's just a bit of data to help with error detection and respectively it changes because the prefix changes. However, if you look at the middle part of it (key data) for both of these - you will find they’re the same.

EOS     5mzPBzsAB6Qge2V8AyuZCwSasUPL1p89SZUX99YhpasH Y6UyZY
PUB_K1_ 5mzPBzsAB6Qge2V8AyuZCwSasUPL1p89SZUX99YhpasH RtkhoW