[piston] Howto use it for coldstorage

in #piston8 years ago (edited)

With release 0.3.2, piston now supports offline signing for coldstorage. The procedure consists of three basic steps.

  1. preparation of the (unsigned) transaction
  2. offline signing of the transaction
  3. broadcasting of the signed transaction

Let's go through the details real quick:

preparation of the (unsigned) transaction

Any transaction that piston can do (post, reply, edit, upvote, downvote, transfer, powerup, powerdown, powerdownroute, convert, allow, disallow, newaccount, updatememokey, etc.) can be generated without actually signing them using the -x flag. The command will return a couple lines (JSON format) and all you need to do is store those in a file and carry them over to your offline computer.

Important remark: The default expiration time for transaction is 30 seconds. Apparently, nobody will be able to carry the transaction to an offline computer, sign them and move them back to the online computer within 30 seconds, you can increase the expiration to 5 minutes by adding -e 300 (300 seconds = 5 minutes)!

$ piston -e 300 -x transfer fabian 0.1 SBD > unsigned-transaction.json

This gives you 5 minutes for your procedure. If you can't make it in 5 minutes, increase the 300 and try again.

Technical details

A simple example looks like this:

$ piston -x -e 300 transfer fabian 0.1 SBD
{'expiration': '2016-09-07T08:17:19',
 'extensions': [],
 'operations': [['transfer',
                 {'amount': '0.100 SBD',
                  'from': 'xeroc',
                  'memo': '',
                  'to': 'fabian'}]],
 'ref_block_num': 38340,
 'ref_block_prefix': 336529008,
 'signatures': [],
 [...]
}

That is the basic transaction and you see that the signatures are empty. In order to make it easier for the offline machine to sign your transaction, there are a few more informations returned, namely:

{
 [...]
 'missing_signatures': ['STM6quoHiVnmiDEXyz4fAsrNd28G6q7qBCitWbZGo4pTfQn8SwkzD',
                        'STM8HCf7QLUexogEviN8x1SpKRhFwg2sc8LrWuJqv7QsmWrua6ZyR'],
 'required_authorities': {'fabian': {'account_auths': [],
                                     'key_auths': [['STM8HCf7QLUexogEviN8x1SpKRhFwg2sc8LrWuJqv7QsmWrua6ZyR',
                                                    1]],
                                     'weight_threshold': 1},
                          'xeroc': {'account_auths': [['fabian', 1]],
                                    'key_auths': [['STM6quoHiVnmiDEXyz4fAsrNd28G6q7qBCitWbZGo4pTfQn8SwkzD',
                                                   1]],
                                    'weight_threshold': 2}},
}

This data allows to identify the required keys without the need for an internet connection (e.g. on you offline computer).

offline signing of the transaction

With the unsigned transaction, you can go to your offline computer and have it signed using your key there by using:

piston sign --file unsigned-transaction.json > signed-transaction.json

The command will return the signed transaction which will look like this:

{'expiration': '2016-09-07T08:25:48',
 'extensions': [],
 'operations': [['transfer',
                 {'amount': '0.001 SBD',
                  'from': 'xeroc',
                  'memo': '',
                  'to': 'fabian'}]],
 'ref_block_num': 38510,
 'ref_block_prefix': 3441950962,
 'signatures': ['2071716bc5655d5327524004e33d340757cae067fcd30728484c21c605e26e3d0b548ca8b433af3037246084e67addbb726f45ef8d3fdb6e6b3e81415899bd762c']}

Carry this transaction to an internet connected computer and go to the next step.

broadcasting of the signed transaction

The signed transaction can easily be broadcast to the network/blockchain by using

piston broadcast --file signed-transaction.json

Unless you obtain an error, your transaction was transmitted to the network and will shortly after be added to a block.

Congratulations!

Sort:  

this keeps getting more interesting @xeroc 8]

Interesting!
I dunno much about the subject but I am curious to know more so I followed you @xeroc

lol read it and thought it said prison..

Thank you for providing the technical details on how it works under the hood. Much appreciated.

A question: what is the maximum expiration time for a transaction? Can it be set e.g. to 24 hours? Or is it just 5 minutes?

That is actually an EXCELLENT question! This is what the code says:

#define STEEMIT_MAX_TIME_UNTIL_EXPIRATION       (60*60) // seconds,  aka: 1 hour

Nice feature. A friend of mine is always talking about offline signing for bitcoin transactions. If someone is running a service like an exchange or other trusted third party, cold storage and offline signing are essential for reducing the chances of a network breach.

you may want to also read the other post that came after this one:
[piston] How to use it for multisignature accounts

Coin Marketplace

STEEM 0.31
TRX 0.34
JST 0.055
BTC 98409.51
ETH 3807.14
USDT 1.00
SBD 4.16