Author Topic: [Howto] Put your delegate's owner key on ice while keeping signing blocks  (Read 3474 times)

0 Members and 1 Guest are viewing this topic.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
I'm not a delegate, yet, and `wallet_delegate_update_signing_key` throws an error.  Is there some other way to update the account?  I would prefer to send only the signing keys to my sys admin.
wallet_update_signing_key only works on accounts that allready are delegates .. you need to register the delegate with an owner key on the blockchain first .. my script checks if any of you accounts are registered as delegates
@indolering: what exactly is the issue with the script .. i understand the script as a proof of concept and not for productive use .. if i find the time i will harden it and make it more fault tolerant

Offline indolering

  • Newbie
  • *
  • Posts: 15
    • View Profile
I'm not a delegate, yet, and `wallet_delegate_update_signing_key` throws an error.  Is there some other way to update the account?  I would prefer to send only the signing keys to my sys admin.

Offline indolering

  • Newbie
  • *
  • Posts: 15
    • View Profile
Honestly, this should all be built into the core software, no one should be running their delegates with the full set of keys.  I'm considering opening a ticket, not sure where it should go.

Sadly, I can't get the BitShares to compile on OS X and Xeroc's python utils aren't working either.

Offline BunkerChainLabs-DataSecurityNode

Thank you for this, it should be part of the official delegate how-to.
Here you go :)
http://wiki.bitshares.org/index.php/Delegate/Security

Awesome thanks so much for this! I will be sure to implement this with all delegates we manage. Though I think security should be a standard as much as feeds in delegate voting etc. We'll see what happens.

Delegate Tip Worthy!! Sent some your way! ;)

 +5%
+-+-+-+-+-+-+-+-+-+-+
www.Peerplays.com | Decentralized Gaming Built with Graphene - Now with BookiePro and Sweeps!
+-+-+-+-+-+-+-+-+-+-+

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc

Offline wackou

Thank you for this, it should be part of the official delegate how-to.

I agree, every responsible delegate should do it, it really does not make sense to leave your owner key out there in the open, when you only need the signing key to sign blocks.
Please vote for witness wackou! More info at http://digitalgaia.io

Offline indolering

  • Newbie
  • *
  • Posts: 15
    • View Profile
Thank you for this, it should be part of the official delegate how-to.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
I wonder why no one sees the potential use cases for this feature ..
- It actually allows delegates to borrow their signing power during vacations ..
- you can do signing and feed publishing on different machines ..
- you can separate the signing power from the votes you have gathered!!!

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
Hey friends,

yet another quick howto related to the howto about securing owner keys.
This time: Secure your owner key and keep signing blocks for delegates :)

TL;DR;:
 - secure the owner key of your delegate
 - continue signing blocks
 - keep your votes in even if your VPS with the signing key is compromised

This is not a cold storage solution, but rather a howto for having just the one necessary key on the delegate machine which is NOT the owner key of the registered account name (to which votes/approvals are bound!)

I recommend EVERY delegate to consider this howto!

Important Remark:
This tutorial will add a RANDOM key as a new delegate signing key. Hence this signing key cannot be regenerated or derived from the delegate's owner key.
The random key will be added to your wallet (into your delegates' account) and continue signing as usual.
It is REQUIRED that you let the delegate run for at least ONE round (better 2 or more .. say 60 minutes or so) with BOTH keys in the wallet.
The reason for this is the SECRET that has to be revealed using the 'old' signing key while signing the block with the new signing key.

Howto:

1) make a backup of your wallet
Code: [Select]
wallet_backup_create
(Optional) Extract your owner key for cold storage or what ever:
Code: [Select]
wallet_dump_account_private_key <delegatename> owner_key

2) Generate a new private key
Several tools exist to do so:
- one is located near the bitshares executable (if you compiled yourself) in
  "programs/utils/" and is called bts_create_key
- In the bitshares-pytools repository (github.com/xeroc/) there is a tool called
  genbtskey.py (in tools) that generates a new privkeypubkey
- you can also use bitshares-js as shown
  here

As a result we will get something like this
Code: [Select]
  "public_key"      : "BTS8RCDZ8aPRxJYVnK7KWmqnTjTPj4H8oY1KtzBcFqbzSp14AGpzh", <<--- pubkey
  "wif_private_key" : "5Hwb7G481UsKnjPEb135iWHRGDvLWH5nW6QH4b5vcKS7gGFkdGx",   <<-- privkey
  "native_address"  : "BTSe3YhhRrTfgkGmEECw7yxZvpaQkSToEgS", (not required here)

3) import the private key into your account:
Code: [Select]
wallet_import_private_key <wif-from-2)> <delegatename> false false
## example:
wallet_import_private_key 5Hwb7G481UsKnjPEb135iWHRGDvLWH5nW6QH4b5vcKS7gGFkdGx delegate.xeroc false false

4) Fund the delegate with 0.5 BTS to pay for the update transaction

5) Update the signing key
Code: [Select]
wallet_delegate_update_signing_key <delegatename> <delegatename> <pubkey-from-2)>
## example:
wallet_delegate_update_signing_key delegate.xeroc delegate.xeroc BTS8RCDZ8aPRxJYVnK7KWmqnTjTPj4H8oY1KtzBcFqbzSp14AGpzh

Done.

Notes:
 - the key from step 2) is now required by any machine of yours that has the
   delegate running in eventually has to sign a block
 - your delegate should continue signing blocks as usual as we imported the
   required key in step 3)
 - you can dump the signin key from that account again at any time by issuing:
Code: [Select]
wallet_dump_account_private_key <delegatename> active_key

If you want to setup a new wallet that contains only the signing key, the only
thing you have to do is import the privkey with
Code: [Select]
wallet_import_private_key 5Hwb7G481UsKnjPEb135iWHRGDvLWH5nW6QH4b5vcKS7gGFkdGx
The client can figure out the delegates name automatically.

Make sure to between step 5) and moving over to a new wallet with the new key,
it has passed at least one round if delegates. I recommend to run the steps 1)
to 5) 24h before creating a new signing-key-only wallet.

The brave users can take a look at this script:
* https://github.com/xeroc/bitshares-pytools/blob/master/delegate-changetosigningkeysonly/main.py
which is doing exactly the steps 1)-5)
« Last Edit: February 18, 2015, 02:35:11 pm by xeroc ¯\_(ツ)_/¯ »