BitShares Forum
Main => Stakeholder Proposals => Topic started by: xeroc on February 18, 2015, 08:42:50 am
-
Hey friends,
yet another quick howto related to the howto (https://bitsharestalk.org/index.php?topic=14344.msg186801#msg186801) about securing owner keys.
This time: Secure your owner key and keep signing blocks for delegates :)
TL;DR;:
- secure the owner key of your delegate
- continue signing blocks
- keep your votes in even if your VPS with the signing key is compromised
This is not a cold storage solution, but rather a howto for having just the one necessary key on the delegate machine which is NOT the owner key of the registered account name (to which votes/approvals are bound!)
I recommend EVERY delegate to consider this howto!
Important Remark:
This tutorial will add a RANDOM key as a new delegate signing key. Hence this signing key cannot be regenerated or derived from the delegate's owner key.
The random key will be added to your wallet (into your delegates' account) and continue signing as usual.
It is REQUIRED that you let the delegate run for at least ONE round (better 2 or more .. say 60 minutes or so) with BOTH keys in the wallet.
The reason for this is the SECRET that has to be revealed using the 'old' signing key while signing the block with the new signing key.
Howto:
1) make a backup of your wallet
wallet_backup_create
(Optional) Extract your owner key for cold storage or what ever:
wallet_dump_account_private_key <delegatename> owner_key
2) Generate a new private key
Several tools exist to do so:
- one is located near the bitshares executable (if you compiled yourself) in
"programs/utils/" and is called bts_create_key
- In the bitshares-pytools repository (github.com/xeroc/) there is a tool called
genbtskey.py (in tools) that generates a new privkeypubkey
- you can also use bitshares-js as shown
here (https://github.com/xeroc/jshares/blob/master/generateRandomKeysAddresses.html)
As a result we will get something like this
"public_key" : "BTS8RCDZ8aPRxJYVnK7KWmqnTjTPj4H8oY1KtzBcFqbzSp14AGpzh", <<--- pubkey
"wif_private_key" : "5Hwb7G481UsKnjPEb135iWHRGDvLWH5nW6QH4b5vcKS7gGFkdGx", <<-- privkey
"native_address" : "BTSe3YhhRrTfgkGmEECw7yxZvpaQkSToEgS", (not required here)
3) import the private key into your account:
wallet_import_private_key <wif-from-2)> <delegatename> false false
## example:
wallet_import_private_key 5Hwb7G481UsKnjPEb135iWHRGDvLWH5nW6QH4b5vcKS7gGFkdGx delegate.xeroc false false
4) Fund the delegate with 0.5 BTS to pay for the update transaction
5) Update the signing key
wallet_delegate_update_signing_key <delegatename> <delegatename> <pubkey-from-2)>
## example:
wallet_delegate_update_signing_key delegate.xeroc delegate.xeroc BTS8RCDZ8aPRxJYVnK7KWmqnTjTPj4H8oY1KtzBcFqbzSp14AGpzh
Done.
Notes:
- the key from step 2) is now required by any machine of yours that has the
delegate running in eventually has to sign a block
- your delegate should continue signing blocks as usual as we imported the
required key in step 3)
- you can dump the signin key from that account again at any time by issuing:
wallet_dump_account_private_key <delegatename> active_key
If you want to setup a new wallet that contains only the signing key, the only
thing you have to do is import the privkey with
wallet_import_private_key 5Hwb7G481UsKnjPEb135iWHRGDvLWH5nW6QH4b5vcKS7gGFkdGx
The client can figure out the delegates name automatically.
Make sure to between step 5) and moving over to a new wallet with the new key,
it has passed at least one round if delegates. I recommend to run the steps 1)
to 5) 24h before creating a new signing-key-only wallet.
The brave users can take a look at this script:
* https://github.com/xeroc/bitshares-pytools/blob/master/delegate-changetosigningkeysonly/main.py
which is doing exactly the steps 1)-5)
-
I wonder why no one sees the potential use cases for this feature ..
- It actually allows delegates to borrow their signing power during vacations ..
- you can do signing and feed publishing on different machines ..
- you can separate the signing power from the votes you have gathered!!!
-
Thank you for this, it should be part of the official delegate how-to.
-
Thank you for this, it should be part of the official delegate how-to.
I agree, every responsible delegate should do it, it really does not make sense to leave your owner key out there in the open, when you only need the signing key to sign blocks.
-
Thank you for this, it should be part of the official delegate how-to.
Here you go :)
http://wiki.bitshares.org/index.php/Delegate/Security
-
Thank you for this, it should be part of the official delegate how-to.
Here you go :)
http://wiki.bitshares.org/index.php/Delegate/Security
Awesome thanks so much for this! I will be sure to implement this with all delegates we manage. Though I think security should be a standard as much as feeds in delegate voting etc. We'll see what happens.
Delegate Tip Worthy!! Sent some your way! ;)
+5%
-
Honestly, this should all be built into the core software, no one should be running their delegates with the full set of keys. I'm considering opening a ticket, not sure where it should go.
Sadly, I can't get the BitShares to compile on OS X and Xeroc's python utils aren't working either.
-
I'm not a delegate, yet, and `wallet_delegate_update_signing_key` throws an error. Is there some other way to update the account? I would prefer to send only the signing keys to my sys admin.
-
I'm not a delegate, yet, and `wallet_delegate_update_signing_key` throws an error. Is there some other way to update the account? I would prefer to send only the signing keys to my sys admin.
wallet_update_signing_key only works on accounts that allready are delegates .. you need to register the delegate with an owner key on the blockchain first .. my script checks if any of you accounts are registered as delegates
@indolering: what exactly is the issue with the script .. i understand the script as a proof of concept and not for productive use .. if i find the time i will harden it and make it more fault tolerant