This page generates a new ArQmA Wallet Address.
It is self contained and does all the necessary calculations locally, so is suitable for generating a new wallet on a machine that is not connected to the network, and may even never be.
This way, you can create an Arqma wallet without risking the keys.
This file is GPG signed. You can verify it if you want using the GPG instructions at the bottom of the page.
This is the address you give to third parties to send Arqma to you.
It is the only information here that's meant to be public.
generating...
The mnemonic seed is a string that comprises 25 words and allows you to recreate your private keys. Keep it secure!
The spend key and view key are the raw private keys for the new wallet. They are here for your information, since they can be recovered using the mnemonic seed in the above box. If you decide to keep them, keep them secure.
Spend key: |
Generating... |
View key: |
Generating... |
All released versions of this page will be GPG signed by SmyjeNz0, to avoid trojaned versions being passed around. It is in your interest to check the signature.
This page is maintained as a git repository. Released versions of the page are signed separately. In order to check either, you first need to import SmajeNz0's GPG key from the ArQmA source tree:
gpg --import SmajeNz0.asc
You need to get the signature file corresponding to the version of the page you're using. Original signature files are in the git repository as well. Save it as arqma-wallet-generator.html.asc, then:
gpg --verify arqma-wallet-generator.html.asc
You should see a message similar to:
gpg: Good signature from "SmajeNz0 (ArQmA) <[email protected]>"
Check the signature is from the key you imported previously! If not, you may be checking that file was properly signed by an attacker instead of SmajeNz0. Beware that anyone can place any email address in a new GPG key, so the right email being shown is no guarantee.
NOTE: you will probably also see a warning like this:
gpg: WARNING: This key is not certified with a trusted signature!
That is expected, as you only told GPG to import the signature in the steps above, but not to trust it. Look for tutorials on GPG if you want to do this, but it is not necessary here.
If you want to verify an old version of the file, you will have to retrieve the matching signature file from git.
If you're using git to get the latest and greatest, it's even simpler:
git show --show-signature
You should see a message similar to:
gpg: Good signature from "SmajeNz0 (ArQmA) <[email protected]>"
Check the signature is from the key you imported previously! If not, you may be checking that file was properly signed by an attacker instead of SmajeNz0. Beware that anyone can place any email address in a new GPG key, so the right email being shown is no guarantee.