Ethereum Wallets: A Complete Guide to Non-Custodial Storage, HD Wallets, and BIP-39

Ethereum wallets are essential tools for anyone interacting with the Ethereum blockchain. Whether you're sending tokens, participating in decentralized finance (DeFi), or storing NFTs, your wallet is the gateway to your digital assets. This guide dives deep into non-custodial Ethereum wallets—where you control your private keys—and explores key concepts like keystore files, mnemonic phrases (BIP-39), hierarchical deterministic (HD) wallets, and BIP-44 derivation paths.

Understanding Non-Custodial Ethereum Wallets

In the world of blockchain, non-custodial wallets give users full control over their private keys. Unlike custodial services (such as exchanges), where a third party holds your keys, non-custodial wallets store private keys locally on your device. Your assets live on the Ethereum blockchain, and transactions are authorized only when you sign them with your private key.

All account balances and transaction histories are publicly visible on the blockchain. However, ownership is proven solely through cryptographic signatures. If you import your private key or recovery phrase into another compatible wallet, you can access and manage your funds seamlessly across platforms.

👉 Discover how secure wallet integration works in practice.

Types of Cryptocurrency Wallets

There are two main types of wallets based on how they generate keys:

Nondeterministic Wallets

Each private key is generated independently and has no relation to others. This makes backup difficult—you’d need to save every single key separately.

Deterministic Wallets

All private keys are derived from a single master seed. This allows for easy backup using a mnemonic phrase and enables features like HD wallets.

What Is a Keystore File?

A keystore file is an encrypted JSON format used to securely store your private key. It’s commonly used by Ethereum wallets like MetaMask and Geth.

Here’s an example structure:

{
  "address": "001d3f1ef827552ae1114027bd3ecf1f086ba0f9",
  "crypto": {
    "cipher": "aes-128-ctr",
    "ciphertext": "233a9f4d236ed0c13394b504b6da5df02587c8bf1ad8946f6f2b58f055507ece",
    "cipherparams": { "iv": "d10c6ec5bae81b6cb9144de81037fa15" },
    "kdf": "scrypt",
    "kdfparams": {
      "dklen": 32,
      "n": 262144,
      "p": 1,
      "r": 8,
      "salt": "99d37a47c7c9429c66976f643f386a61b78b97f3246adca89abe4245d2788407"
    },
    "mac": "594c8df1c8ee0ded8255a50caf07e8c12061fd859f4b7c76ab704b17c957e842"
  },
  "id": "4fcb2ba4-ccdb-424f-89d5-26cce304bf9c",
  "version": 3
}

To unlock this file, you need a password. The ciphertext contains the encrypted private key, protected using strong algorithms like scrypt and AES.

Mastering BIP-39: The Mnemonic Phrase Standard

The BIP-39 standard converts random entropy into human-readable words—typically 12 or 24 words—that act as a backup for your wallet.

How Mnemonics Are Generated

Generate 128–256 bits of random data (entropy).
Compute a SHA-256 hash of the entropy; take the first few bits as a checksum.
Concatenate entropy and checksum.
Split into 11-bit chunks; each maps to a word from a 2048-word dictionary.
Result: a mnemonic phrase.

Entropy (bits)	Checksum (bits)	Total (bits)	Word Count
128	4	132	12
160	5	165	15
192	6	198	18
224	7	231	21
256	8	264	24

This mnemonic can then be converted into a 512-bit seed using PBKDF2:

Input: mnemonic + optional passphrase (mnemonic + password)
Iterations: 2048 HMAC-SHA512 rounds
Output: cryptographic seed used to derive all keys

👉 Learn how to generate secure mnemonic phrases safely.

Code Examples: Generating Mnemonics Across Languages

You can implement BIP-39 in various programming languages:

Python

from mnemonic import Mnemonic
mnemo = Mnemonic("english")
words = mnemo.generate(strength=256)
seed = mnemo.to_seed(words, passphrase="gnuser")
print("Mnemonic:", words)
print("Seed (hex):", seed.hex())

JavaScript (Node.js)

const bip39 = require('bip39');
const mnemonic = bip39.entropyToMnemonic('b928973a6742a1605ffc7d3994dbb7bec9544226f21a5aaab212da4d15fe2e76');
const seed = bip39.mnemonicToSeedSync(mnemonic, 'gnuser');
console.log('Seed:', seed.toString('hex'));

Ruby

require 'bip_mnemonic'
entropy = BipMnemonic.to_entropy(mnemonic: 'rice dwarf soldier...', language: 'english')
p entropy

Online tools like iancoleman.io/bip39 also allow testing—though never use them with real seeds.

Creating Hierarchical Deterministic (HD) Wallets

HD wallets (BIP-32) allow you to generate multiple keys from a single seed. They offer significant advantages:

Benefits of HD Wallets

Generate unlimited public addresses without exposing private keys.
Ideal for exchanges and services needing many deposit addresses.
Support offline signing with cold storage.
Structured key hierarchy improves organization.

Risks

If the extended private key is compromised, all derived keys are at risk.
Hardened derivation protects against certain attacks.

HD Path Notation

Paths define how keys are derived:

m = private derivation path
M = public derivation path

Examples:

m/0 → First child private key
m/0/0 → Grandchild key
m/0'/0 → First normal child of first hardened child
M/23/17/0/0 → Great-great-grandchild public key

BIP-44: A Unified Derivation Standard

BIP-44 standardizes multi-account hierarchies for better interoperability:

m / purpose' / coin_type' / account' / change / address_index

Where:

purpose = 44' (fixed for BIP-44)
coin_type = 60' for Ethereum, 0' for Bitcoin
account = user-defined (e.g., 0' for primary account)
change = 0 for receiving, 1 for change addresses (Ethereum typically uses only 0)
address_index = sequential index (0, 1, 2...)

Example Paths

M/44'/60'/0'/0/2 → Third Ethereum receiving address
m/44'/0'/3'/1/14 → 15th Bitcoin change address for fourth account
m/44'/2'/0'/0/1 → Second Litecoin private key

Hardened vs Non-Hardened Keys

Hardened derivation (index') uses indexes ≥ 2³¹ (e.g., 0' = 2^31 + 0). It prevents public child key derivation from compromising parent keys—critical for security.

Non-hardened paths allow public key derivation but are less secure if exposed.

Building a BIP-44 Wallet in Python

Here’s how to generate an Ethereum wallet using BIP-44:

pip install rlp eth_utils pycryptodome

Download crypto.py from a trusted source like ethereum-bip44-python.

from crypto import HDPrivateKey, HDPublicKey

# Generate master key and mnemonic
master_key, mnemonic = HDPrivateKey.master_key_from_entropy()
print("Mnemonic:", mnemonic)

# Derive account-level key: m/44'/60'/0'
root_keys = HDKey.from_path(master_key, "m/44'/60'/0'")
acct_priv_key = root_keys[-1]
acct_pub_key = acct_priv_key.public_key

print("Account XPUB:", acct_pub_key.to_b58check())

# Generate first 10 addresses
for i in range(10):
    keys = HDKey.from_path(acct_priv_key, f"0/{i}")
    addr = keys[-1].address()
    priv = keys[-1]._key.to_hex()
    print(f"Index {i}: {addr} | Private Key: {priv}")

Output includes your mnemonic, public key, and derived addresses—ready for integration.

Frequently Asked Questions

Q: Can I recover my wallet with just the mnemonic phrase?
A: Yes. The mnemonic is the root of your wallet and can regenerate all keys and addresses.

Q: Is it safe to use online BIP-39 tools?
A: Only for testing. Never enter your real mnemonic on any website—it could be stolen.

Q: What’s the difference between a keystore file and a private key?
A: A keystore file is an encrypted version of your private key protected by a password.

Q: Why use HD wallets instead of simple wallets?
A: HD wallets enable better organization, enhanced security via separation of keys, and scalable address generation.

Q: Can I use the same mnemonic for different cryptocurrencies?
A: Yes, but ensure the wallet supports the correct derivation path (e.g., BIP-44 coin type).

Q: What happens if I lose my private key or mnemonic?
A: You permanently lose access to your funds. Always back up securely—offline and encrypted.

👉 Explore secure wallet creation tools today.