Super frustrated with Derivation Paths

@zicklag
I know you have posted a bunch on this topic, and I keep reading through your posts, but do you know how to get a unhardened derivation path? There are old wallets out there that used really dumb derivation paths, but with the solana-cli it automatically hardens your path.
so if you type

or

you get the same wallet address… help from anyone would be awesome…
Thanks in advance

1 Like

Also if anyone knows what path ASK uses that would be great

have u try remove single quote?

hahaha yes XD in the cli it automatically hardens the addresses…

Yeah, the ASK mode actually returns the “master” derivation path, which I think is equivalent to m.

I realized that the Solana CLI automatically hardened the addresses, but, without thinking about it, I just assumed that all Solana wallets did that. That might be why we’ve been unable to recover people’s wallet addresses in all these cases and why we can’t figure out what their derivation paths are!

Every time I’ve tried to recover accounts, I’ve used the Solana CLI.


I’m going to look into this and let you know what I find.

I think it might be time for me to make an Open Source web app for deriving wallet keys for Solana. Obviously it’s a huge security risk to paste your seed phrase into an app like that if you don’t trust it, which is partly why I haven’t made one yet.

With all these scams I don’t want to be like “paste your seed phrase into this wallet app I made”. :confused: There’s no way for them to tell the difference between me and a scammer at that point, unless they read the source code and audit my build process.

But, it’s better than people losing their funds forever so it’s worth a shot.

I was just messing around and it looks like derving a key with path m is actually different than using ASK.

ASK seems to be a raw, un-derived keypair, which is apparently different than a “master” derived key.


After investigating further, it looks like the core cryptography library used by the Solana CLI to derive keys doesn’t support un-hardened paths, so that’s why the Solana CLI automatically hardens them.

I think un-hardened paths don’t actually work according to the bip32 standard when used with ed25519 keys like Solana uses, so in order to remain standards compliant, un-hardened paths aren’t allowed.

@Emery have you seen anything specific that states that some Solana wallets had derived un-hardened paths before?

No. Nothing specific. Sorry I dropped off the map for a while XD… Thanks for the info. Yeah I was just thinking that maybe other wallet were not using hardened paths because of the issues we were having getting keys back…