Stellar Multi-Sig Wallet Setup
Recently, I wrote a guide on how to have a Stellar cold wallet setup and how to manage signing transactions offline. Please check it out here
I highly recommend you at least get yourself familiar with how to make a secure paper wallet and how to sign transactions offline from the guide I linked. In the rest of this guide, we are going to cover on how to make a secure Mult-Sig cold wallet setup.
If you take proper security measures in storing your secret key offline then just having a cold wallet setup with one secret key should be enough. But there can be times when you want to double-up the security even more by mandating an additional secret key as a "signer" for any transactions that you want to make from your wallet.
For improved security, sometimes you want to store both of the signing keys offline at separate locations. Or sometimes when two people want to have a join-account so that any transactions made from that account first requires both parties to agree and sign them before it can be submitted.
With more keys comes more responsibilties
This goes with saying- Please make sure that you have secure multiple backups of all secret keys used so that if any of the secret keys is lost then you are able to recover it from the backup. Because after you have a multi-sig wallet setup, both keys will be required to move your funds.
(Similar to how you should always have a backup of your secure key even if you don't have multi-sig wallet setup)
Assuming that you have safely generated two Paper Wallets offline, where the secret key was never on a device which has connected to the internet, let’s go through step-by-step on how to make our multi-sig wallet setup.
For all Stellar wallets, the private key that corresponds to its public key is called the master key. Each master key can be assigned a weight and if the weight of the master key is ever updated to 0, the master key is considered to be an invalid key and you cannot sign any transactions with it.
All operations fall under a specific threshold category: low, medium, or high. The threshold for a given level can be set to any number from 0-255. This threshold is the amount of signature weight required to authorize an operation at that level.
In more simplified terms- The added weight of all signers for the transaction(operation) that you are trying to perform(sign) should be greater than or equal to the total added threshold value of that specific operation category (low, medium or high).
Multi-Sig Wallet Setup
Let's make a wallet setup where your main wallet is protected by additional signatory wallet which is required as an additional signer to sign transactions and most of the other operations you want to perform on your main wallet. So that if one signature gets compromised then your funds in this wallet still remains protected.
Let’s say Wallet A is your main wallet and we will use Wallet B as your signatory wallet as an additional signer.
- Go to mystellar.tools and enter Wallet A's public key. Press ENTER
- Select Set options from menu on the left, under Thresholds put Master weight: 1, Medium threshold: 2, and High threshold: 2.
- Under signer, select Signer type: Ed25519 Public key. And then provide public key of the additional signatory account that you want to add, in this case, Wallet B and enter its weight as: 1.
After that click on "SET" button, it will generate a message that it cannot sign the transaction since you have opened the application without your secret key. Copy all the transaction data and save it to a usb drive.
For signing this transaction offline for this first time, you only need to provide the secret key of Wallet A. Please don’t enter the secret key of Wallet B, because you will get the error tx_bad_auth_extra when you try to submit it (this is because you haven’t added this signer to your account yet)
Then come back to mystellar.tools to submit this transaction.
If you don't know how to sign transactions offline, then please go through the steps mentioned in my earlier guide for cold wallet setup .
Once you have signed and submit the transaction successfully, let's verify your Wallet Setup.
- Visit Stellar Laboratory, under Endpoint Explorer, select resource: Account and then select an endpoint: Single Account. In Account ID enter Wallet A’s public key and hit Submit.
You will see a response in JSON format. To verify that everything looks good, search for ”thresholds:”
And ”signers:”.
You should see public keys of both Wallet A and Wallet B under signers.
You have successfully created a Multi-Sig wallet setup. This implies that, for all transactions like payments, adding trustlines, updating weights (to add/remove signers) and for most operations that you want to perform with Wallet A, you will need to “sign” them by providing two signatures- secret keys of both Wallet A and Wallet B.
Let's briefly dive into various scenarios on how the mechanics of different transactions will work with this setup of two wallets.
- For sending payment from Wallet A to some different wallet, or even to Wallet B you will need to sign this transaction using secret keys of both Wallet A and Wallet B.
- For sending payment from Wallet B to some different wallet, or even to Wallet A, you will need to sign this transaction using the secret key of ONLY Wallet B. Because Wallet B is independent in this setup. We have not added any additional signer for Wallet B.
Hence, as an added security measure, DON’T store any funds in Wallet B. Only use this account as an additional signer.
- Same rules will apply for any other Medium Threshold operation, for example, enabling/changing a trustline. For Wallet A you will need to sign the transaction using secret keys of both Wallet A and Wallet B. But for Wallet B it can happen independently, by only using its own secret key.
- If one of your wallet's secret key gets compromised, then one cannot simply "break" this multi-sig setup, because such operation is classified as High Threshold and since we set it to: 2, only one account’s key weight is not greater than or equal to this High Threshold: 2. (transaction as such result will result in error: op_bad_auth)
Removing Multi-Sig Wallet Setup
If you ever want to remove this multi-sig setup from Wallet A, then first go to mystellar.tools and enter the public key of Wallet A.
Select Set options from menu on the left, under Thresholds put Master weight: 1, Medium threshold: 0, and High threshold: 0.
*Caution*:
It is important that you do enter 0 for both Medium and High threshold.
If you don't, then your funds will be "locked" in Wallet A because then you just removed the weight of additional signer without changing the threshold values.
And as a precaution, enter Master weight: 1.
- Under signer, select Signer type: Ed25519 Public key. And then provide public key of the additional signatory account that you want to add, in this case, Wallet B and enter its weight as: 0.
For signing this transaction offline you will need to provide secret keys of both Wallet A and Wallet B. Once you submit that transaction successfully, verify it again by visiting the endpoint explorer in Stellar Laboratory.
Under "thresholds", now you should see Medium and High thresholds to be:0
And under "signers", you should see only one public key of Wallet A.
Conclusion
Stellar wallets offers us much flexibility with Multi-Sig wallets and it can also grow more complex depending on our needs.
For more security though, you can always have a simple setup where two signatures are required to sign transactions.
But please be careful not to lose any of your keys, and also to update thresholds when you are removing additional signers. Otherwise, you won't be able to sign transactions and move your funds.
Congratulations @mrbot! You received a personal award!
You can view your badges on your Steem Board and compare to others on the Steem Ranking
Do not miss the last post from @steemitboard:
Vote for @Steemitboard as a witness to get one more award and increased upvotes!
Congratulations @mrbot! You received a personal award!
Click here to view your Board