|
| 1 | +.. _multi-sig-concordium-client: |
| 2 | + |
| 3 | +========= |
| 4 | +Multi-sig |
| 5 | +========= |
| 6 | + |
| 7 | +Concordium supports natively multi-sig accounts. Each account address on |
| 8 | +Concordium is controlled by one or several credential(s) (real-world |
| 9 | +identities e.g. a private person with a passport or a company with a registration) and |
| 10 | +each credential has one or several public-private key pair(s). |
| 11 | + |
| 12 | +.. note:: |
| 13 | + |
| 14 | + A public-private key pair are related keys used for asymmetric cryptography. |
| 15 | + The private key is used to sign/authorize an action relatd to the account. NEVER share your private key with anyone. |
| 16 | + In contrast, the public key is shared with other entities to verify that a signature is generated |
| 17 | + by the associated private key. |
| 18 | + |
| 19 | +Each account has an ``AccountThreshold`` (number of credentials needed to sign the transaction |
| 20 | +initiated by that account) and one or several ``SignatureThresholds`` (number of signatures needed for a specific |
| 21 | +credential so that this credential is considered to have signed the transaction initiated by that |
| 22 | +account). |
| 23 | + |
| 24 | +The ``concordium-client`` tool (version 6.3.0 or above) facilitates creating, signing, and sending of multi-sig |
| 25 | +transactions for multi-sig accounts. |
| 26 | +This page will go through the main steps as follows: |
| 27 | + |
| 28 | +- Create a multi-sig account by adding keys with the ``concordium-client`` tool to an account. |
| 29 | +- Configure the ``concordium-client`` tool to use a multi-sig account. |
| 30 | +- Create a multi-sig transaction with the ``concordium-client`` tool. |
| 31 | +- Add an additional signature to a multi-sig transaction with the ``concordium-client`` tool. |
| 32 | +- Send a multi-sig transaction with the ``concordium-client`` tool on chain. |
| 33 | + |
| 34 | +Create a multi-sig account |
| 35 | +========================== |
| 36 | + |
| 37 | +When you create an account in one of the Concordium wallets, it is a basic account by default |
| 38 | +that has exactly one credential and exactly one public-private key pair for that credential. |
| 39 | +A default account can be converted into a multi-sig account. |
| 40 | + |
| 41 | +.. note:: |
| 42 | + |
| 43 | + The Desktop wallet is the only wallet currently that has its own independent flow of creating a multi-sig account via its front end and |
| 44 | + generating multi-sig transactions. The two guides :ref:`multi-sig accounts<overview-shared-accounts>` and |
| 45 | + :ref:`multi-sig transactions<create-multisig>` will cover the flows in the Desktop wallet. |
| 46 | + The partially-signed transaction file as generated by |
| 47 | + the Desktop wallet is currently NOT compatible with file generated by the ``concordium-client`` tool. |
| 48 | + You need to add additional signatures and send the transaction on-chain with the |
| 49 | + wallet/tool the file was initially generated with. |
| 50 | + |
| 51 | +To add additional keys to an existing account on Concordium using the ``concordium-client`` tool, you can either: |
| 52 | + |
| 53 | +.. dropdown:: Add an additional public-private key pair to your current credential |
| 54 | + |
| 55 | + - Step 1: Create an additional Ed25519 public-private key pair as you feel safe. |
| 56 | + |
| 57 | + For testing purposes we recommend, the `front-end <https://cyphr.me/ed25519_tool/ed.html>`_ to generate an un-safe additional key pair. |
| 58 | + |
| 59 | + - Step 2: Find the credential registration ID of your account that we are updating keys for. |
| 60 | + |
| 61 | + Run the following command where you replace ``<account-name-or-account-address>`` with your account. |
| 62 | + |
| 63 | + .. code-block:: console |
| 64 | +
|
| 65 | + $concordium-client account show <account-name-or-account-address> |
| 66 | +
|
| 67 | + This will output something like: |
| 68 | + |
| 69 | + .. code-block:: console |
| 70 | +
|
| 71 | + Address: 3G5srtaeRvy2uzyaiheY3ZZ6nqTkDg1kRm59xWVnFo8CoEiZ6Y |
| 72 | + Balance: 1001736.135182 CCD |
| 73 | + Nonce: 16 |
| 74 | + Encryption public key: b14cbfe44a02c6b1f78711176d5f437295367aa4f2a8c2551ee10d25a03adc69d61a332a058971919dad7312e1fc94c5a411f21ab3b0962c6fb664212e41769e83c82288515f16ca72c86f8a03e87531cae46394bffc63ab6168432903d79fb0 |
| 75 | +
|
| 76 | + Baking or delegating stake: no |
| 77 | +
|
| 78 | + Credentials: |
| 79 | + * <credential-registration-id>: |
| 80 | + - Index: 0 |
| 81 | + - Expiration: Jun 2023 |
| 82 | + - Type: normal |
| 83 | + - Revealed attributes: none |
| 84 | +
|
| 85 | + We require the ``<credential-registration-id>`` output for the next step. |
| 86 | + |
| 87 | + - Step 3: Send a transaction to update the keys of your account on-chain. |
| 88 | + |
| 89 | + .. code-block:: console |
| 90 | +
|
| 91 | + $concordium-client account update-keys --credId <credential-registration-id> --sender <account-name-or-address> ./update-keys.json |
| 92 | +
|
| 93 | + where ``update-keys.json`` is a file of the following format: |
| 94 | + |
| 95 | + .. code-block:: json |
| 96 | + :force: |
| 97 | +
|
| 98 | + { |
| 99 | + "keys": { |
| 100 | + "0": { |
| 101 | + "verifyKey": "<Hex encoding without '0x' of the public key already on chain>" |
| 102 | + }, |
| 103 | + "1": { |
| 104 | + "verifyKey": "<Hex encoding without '0x' of the public key from your newly generated key pair>" |
| 105 | + } |
| 106 | + }, |
| 107 | + "threshold": 2 |
| 108 | + } |
| 109 | +
|
| 110 | + This will replace the current key tied to the account with the keys in the ``update-keys.json`` file. |
| 111 | + The above example file adds two keys to your account and sets the ``threshold`` (the number of keys you want |
| 112 | + to have to sign the transaction) to 2. The above example generates a 2-out-of-2 multi-sig account. |
| 113 | + |
| 114 | + The above file specifies all keys that are associated with your account after the update and the threshold can be set |
| 115 | + accordingly to a number between 1 and the number of keys. |
| 116 | + |
| 117 | +.. dropdown:: Add an additional credential with at least one public-private key pair |
| 118 | + |
| 119 | + - Step 1: Create an additional credential. |
| 120 | + |
| 121 | + We recommend to use the flow in the Desktop wallet to :ref:`create a credential file<create-credentials-file>`. |
| 122 | + Alternativley, you can `clone the project <https://github.com/Concordium/concordium-base/blob/main/rust-bins/src/bin/user_cli.rs>`_ |
| 123 | + and run its command locally to generate a credential file. |
| 124 | + |
| 125 | + - Step 2: Send a transaction to add an credential to your account on-chain. |
| 126 | + |
| 127 | + .. code-block:: console |
| 128 | +
|
| 129 | + $concordium-client account update-credentials --new-credentials new-credential.json --new-threshold <number-of-credential-to-sign> --sender <account-name-or-address> |
| 130 | +
|
| 131 | + where ``new-credential.json`` is the file from the previous step. |
| 132 | + |
| 133 | + This will add an additional credential to your account. |
| 134 | + The ``<number-of-credential-to-sign>`` specifies the minimum number of credentials that need to sign the transaction after the update. |
| 135 | + |
| 136 | +Configure the tool to use a multi-sig account |
| 137 | +============================================= |
| 138 | +Create a multi-sig transaction |
| 139 | +============================== |
| 140 | +Add an additional signature to a multi-sig transaction |
| 141 | +====================================================== |
| 142 | +Send a multi-sig transaction on-chain |
| 143 | +===================================== |
| 144 | + |
| 145 | + |
| 146 | +.. note:: |
| 147 | + |
| 148 | + Additional resources: |
| 149 | + |
| 150 | + - `Use multi-sig accounts in the Rust SDK <https://gist.github.com/DOBEN/683fe1a7c82a0551546a7ec242d30cc0>`_ |
| 151 | + |
0 commit comments