Guides ·

Generate an Ethereum Wallet Offline: Complete Guide

Generating an Ethereum wallet while connected to the internet is convenient. It is also unnecessary risk. Every second your seed phrase or private key exists on a networked device, it is exposed to keyloggers, clipboard malware, browser extensions with excessive permissions, and remote access trojans. The solution is straightforward: generate the wallet offline, write down the backup, and only bring the public address online.

This guide walks through the full technical process --- from entropy generation to a usable Ethereum address --- and explains why your offline-generated keys work seamlessly on Layer 2 networks like Polygon, Arbitrum, Optimism, and Base.

Why Generate Offline?

An Ethereum wallet is fundamentally just a private key. Whoever holds that key controls the funds. When you generate a wallet using an online service or a connected browser, the private key passes through layers of software that you do not fully control: the browser's JavaScript engine, browser extensions, the operating system's memory management, and potentially a network stack that could leak data.

Offline generation eliminates the network vector entirely. If the machine has no network connection --- Wi-Fi disabled, Ethernet unplugged, Bluetooth off --- then the private key cannot be exfiltrated remotely, regardless of what software is running.

The ideal setup is:

  1. A clean machine (freshly installed OS, or a live USB distribution).
  2. No network connection of any kind.
  3. A tool that runs entirely in the browser using the Web Crypto API for randomness.
  4. Paper or metal for recording the seed phrase.

SafeSeed's Ethereum Seed Phrase Generator is designed for exactly this scenario. It runs entirely client-side --- no API calls, no server communication, no analytics. You can load the page, disconnect from the internet, and generate your wallet in complete isolation. For a broader look at offline security practices, see Cold Storage Guide 2026.

secp256k1 and Keccak-256

Two cryptographic primitives define Ethereum's key system: the secp256k1 elliptic curve for key generation, and Keccak-256 for address derivation.

secp256k1: The Elliptic Curve

Ethereum inherited the secp256k1 curve from Bitcoin. It is a specific curve defined over a prime field, chosen for its efficiency and lack of known weaknesses. The curve's defining equation is:

y^2 = x^3 + 7 (mod p)

where p is a 256-bit prime number. The security of the system rests on the elliptic curve discrete logarithm problem (ECDLP): given a public point on the curve, it is computationally infeasible to determine the scalar (private key) that produced it.

A private key on Ethereum is a 256-bit integer --- 32 bytes, or 64 hexadecimal characters. The public key is derived by multiplying the curve's generator point G by the private key scalar. This multiplication is a one-way operation: easy to compute forward, effectively impossible to reverse.

The resulting public key is a point on the curve with x and y coordinates, totaling 64 bytes in uncompressed form (128 hex characters, prefixed with 04). For a comparison of secp256k1 with the ed25519 curve used by Solana, see secp256k1 vs ed25519.

Keccak-256: From Public Key to Address

Ethereum does not use the public key directly as an address. Instead, it applies Keccak-256 (a variant of SHA-3) to the uncompressed public key (without the 04 prefix), producing a 32-byte hash. The last 20 bytes of that hash become the Ethereum address, prefixed with 0x.

Private Key (32 bytes)
    → secp256k1 multiplication → Public Key (64 bytes)
    → Keccak-256 hash → 32 bytes
    → Take last 20 bytes → Ethereum Address (0x...)

This hashing step is not just a size reduction. It provides an additional layer of protection: even if a flaw were discovered in secp256k1 that allowed partial recovery of the public key from the address, the Keccak-256 hash would make it significantly harder to recover the full key. In practice, however, once you make a transaction from an address, the full public key is revealed on-chain in the transaction signature.

From Seed Phrase to ETH Address

Most modern wallets do not ask you to manage raw private keys. Instead, they use BIP39 seed phrases and HD wallet derivation to produce a tree of keys from a single backup.

Step 1: Generate Entropy

The process begins with 128 or 256 bits of cryptographically secure randomness (entropy). This entropy is the seed of everything that follows. On SafeSeed, this randomness comes from the browser's crypto.getRandomValues(), which draws from the operating system's CSPRNG.

For a 12-word seed phrase, 128 bits of entropy are generated. For a 24-word phrase, 256 bits. See BIP39 Explained for the full breakdown of how entropy becomes words.

Step 2: Entropy to Mnemonic Words

The entropy is hashed with SHA-256 to produce a checksum. The checksum bits are appended to the entropy, and the combined bit string is split into 11-bit segments. Each segment maps to one of 2,048 words in the BIP39 word list, producing 12 or 24 words.

Step 3: Mnemonic to Master Seed

The mnemonic words (plus an optional passphrase) are fed into PBKDF2-HMAC-SHA512 with 2,048 iterations, producing a 512-bit master seed. This master seed is the root of the entire HD wallet tree.

Step 4: Master Seed to Master Key

The 512-bit seed is fed into HMAC-SHA512 with the key "Bitcoin seed" (yes, even for Ethereum --- this is a BIP32 convention). The output is split: the left 256 bits become the master private key, and the right 256 bits become the master chain code.

Step 5: Derive the Ethereum Key

Ethereum uses the derivation path m/44'/60'/0'/0/0 as defined by BIP44. Each level in the path represents a child key derivation:

  • 44' --- Purpose: BIP44 multi-account hierarchy.
  • 60' --- Coin type: 60 is the SLIP44 index for Ethereum.
  • 0' --- Account: first account.
  • 0 --- Change: external chain (receiving addresses).
  • 0 --- Address index: first address.

At each level, the parent key and chain code are combined via HMAC-SHA512 to produce the child key. Hardened derivations (indicated by the apostrophe) use the private key as input, providing stronger isolation between branches.

Step 6: Private Key to Address

The derived private key at m/44'/60'/0'/0/0 is a 256-bit integer. It is multiplied by the secp256k1 generator point to produce the public key. The public key is hashed with Keccak-256, and the last 20 bytes become your Ethereum address.

SafeSeed's Ethereum Private Key Generator lets you see each step of this derivation, from raw entropy through to the final address.

Same Keys on Layer 2 Networks

One of Ethereum's most practical properties is that your keys work identically across all EVM-compatible networks. The same private key that controls address 0xABC... on Ethereum mainnet also controls 0xABC... on Polygon, Arbitrum, Optimism, and Base. No additional key generation is required.

This works because all EVM chains use the same cryptographic primitives --- secp256k1 for signing and Keccak-256 for address derivation --- and the same account model. The address is derived deterministically from the private key, and since the derivation is identical, the address is identical.

What differs between chains is the chain ID --- a network identifier embedded in transaction signatures (EIP-155) to prevent replay attacks. When you sign a transaction for Polygon (chain ID 137), that signature is invalid on Ethereum mainnet (chain ID 1). This is a transaction-level protection, not a key-level one.

For your offline generation workflow, this means a single seed phrase backup protects assets across all EVM chains. Generate once, back up once, and use the same address everywhere. This is one of the strongest arguments for careful offline generation: the stakes are multiplied across every chain your keys touch.

For more on the security implications of shared addresses across EVM chains, see EVM Address Security.

Verify with the Address Validator

After generating your wallet offline, you should verify that the address is correctly formatted before sending any funds to it. Use the Ethereum Address Validator to confirm:

  1. Format check: The address starts with 0x and contains exactly 40 hexadecimal characters.
  2. EIP-55 checksum: The mixed-case encoding is correct. If the address was generated properly, the uppercase and lowercase letters will match the Keccak-256 hash of the lowercase address.

You can run the validator on the same air-gapped machine. Open the tool, disconnect, paste the address, and verify. If the checksum passes, you can be confident the address was transcribed correctly from whatever medium you used (paper, metal, QR code).

For a detailed explanation of how address validation works across different chains, see How to Validate a Crypto Address.

Export to MetaMask or Other Wallets

Once your seed phrase is generated and safely backed up, you will eventually need to use it in a wallet application. The most common choices are MetaMask (browser extension or mobile), Rabby, Rainbow, and hardware wallets like Ledger or Trezor.

Importing Into MetaMask

MetaMask accepts BIP39 seed phrases directly:

  1. Install MetaMask on a clean browser profile.
  2. Select "Import an existing wallet."
  3. Enter your 12 or 24 words.
  4. Set a local password (this only encrypts the key on-device; it is not part of the seed).

MetaMask will derive the key at m/44'/60'/0'/0/0 and display the corresponding address. Verify that it matches the address you generated offline. If it does not match, something went wrong during transcription --- do not send funds to either address until you resolve the discrepancy.

Importing Into a Hardware Wallet

Ledger and Trezor devices accept BIP39 seed phrases during initialization. Enter the phrase directly on the hardware device's screen --- never on a computer. The hardware wallet will derive the same key at the same path and produce the same address. This is the gold standard for combining offline generation with daily use: the seed was generated on an air-gapped machine, and the private key never exists on a networked computer.

Multiple Accounts

The derivation path m/44'/60'/0'/0/0 produces the first account. Incrementing the last index gives you additional addresses: m/44'/60'/0'/0/1, m/44'/60'/0'/0/2, and so on. All derived from the same seed phrase. Most wallets handle this automatically when you click "Add Account."

Offline Ethereum wallet generation is not paranoia --- it is basic operational security. The few minutes it takes to disconnect, generate, and transcribe are an investment that protects every ETH, token, and NFT you will ever hold at that address, across every EVM chain, for as long as you hold the keys. The cryptography is sound. The only variable is how carefully you handle it.