diff --git a/docs/get-started/air-gap.md b/docs/get-started/air-gap.md index c2c3491366..b5e1b153ea 100644 --- a/docs/get-started/air-gap.md +++ b/docs/get-started/air-gap.md @@ -205,7 +205,7 @@ sudo apt upgrade This is recommended because it will give you a means of taking password-encrypted notes that can move between your air gap and computer host environments *in both directions*, so you can: - - record transaction details from your home computer environment & Internet connected machines, for use in the air gap (as per [Secure Workflow](./secure-workflow)): + - record transaction details from your home computer environment & Internet connected machines, for use in the air gap (as per [Secure Workflow](docs/get-started/secure-workflow.md)): - your Cardano account balances, UTxO addresses & payment addresses - notes from personal files & web sites about the work you will be doing within the air gap (since you won't have Internet access there); - take notes in the air gap environment (problems, error messages) to copy back to your computer, since you can't upload them through the air gap. @@ -244,7 +244,7 @@ This confirms that your system will start properly after having updated your sys Use the standard instructions here at the Developer Portal: - - **[Installing cardano-node and cardano-cli from source](../get-started/cardano-node/installing-cardano-node)** + - **[Installing the node from source](docs/get-started/cardano-node/installing-cardano-node.md)** Note this will build `cardano-node` as well as `cardano-cli`, but don't worry: you won't be running a node inside the air gap. 😜 @@ -277,7 +277,7 @@ Therefore, you can [find your WiFi MAC address](https://help.ubuntu.com/stable/u ### Congratulations, your air gap environment is complete! -You now have a safe place you can use for your [Secure Transaction Workflow](./secure-workflow). +You now have a safe place you can use for your [Secure Transaction Workflow](docs/get-started/secure-workflow.md). ## Option 2: Install your air gap environment on a persistent USB drive @@ -299,7 +299,7 @@ If this appeals to you, and you don't mind following a more complicated and erro This loosely documented configuration has been called the **Frankenwallet**, with separate instructions at these links which mostly follow the procedure above: - **[The Frankenwallet](https://cosd.com/frankenwallet)** - detailed external web site, including semantics for using your bootable USB environment in secure & blockchain workflow - - [Get Started with the Frankenwallet](/docs/operate-a-stake-pool/frankenwallet) - one-page summary here on the Developer Portal + - [Get Started with the Frankenwallet](docs/operate-a-stake-pool/frankenwallet.md) - one-page summary here on the Developer Portal :::warning diff --git a/docs/get-started/secure-workflow.md b/docs/get-started/secure-workflow.md index bd8f4fd87a..9a49559c83 100644 --- a/docs/get-started/secure-workflow.md +++ b/docs/get-started/secure-workflow.md @@ -14,16 +14,16 @@ Payment keys can never be stored, even for a moment, on an Internet connected ma ::: -Therefore we present a secure, standard workflow for this sequence of `cardano-cli` commands for a simple, single transaction for funds transfer: +Therefore we present a secure, standard workflow for `cardano-cli` commands like the ones presented without consideration of security here: - - **[Create Simple Transaction](/docs/get-started/create-simple-transaction)** (*insecure* version) + - **[Create Simple Transaction](docs/get-started/cardano-cli/get-started/simple-transactions.md)** Once you feel comfortable doing a simple transaction securely, you'll also be able to use it to securely execute these more complex transactions as well: - - [Minting Native Assets](../native-tokens/minting) - - [Minting NFTs](../native-tokens/minting-nfts) - - [Registering a Stake Address](/docs/operate-a-stake-pool/register-stake-address) - - [Registering a Stake Pool](/docs/operate-a-stake-pool/register-stake-pool) + - [Minting Native Assets](docs/native-tokens/minting.md) + - [Minting NFTs](docs/native-tokens/minting-nfts.md) + - [Registering a Stake Address](docs/operate-a-stake-pool/register-stake-address.md) + - [Registering a Stake Pool](docs/operate-a-stake-pool/register-stake-pool.md) ### A model for a secure transaction @@ -31,12 +31,12 @@ All transactions will be done in these 3 steps: 1. on Internet connected computer: - **Assemble** all transaction details (from Cardano node or other query) in a file & save it to a removable device. -2. in [air gap environment](./air-gap): +2. in [air gap environment](docs/get-started/air-gap.md): - **Build** information from this file into a signed transaction & save the Tx file back on the same device (note `Tx` = "transaction"). 3. on Internet connected computer: - **Upload** the Tx file to your Cardano node and submit it. -Therefore, the payment signing key (the private component of the [Cardano wallet address key pair](../operate-a-stake-pool/cardano-key-pairs#wallet-address-key-pairs)) **never leaves the air gap environment**. This is vital because: +Therefore, the payment signing key (the private component of the [Cardano wallet address key pair](docs/operate-a-stake-pool/cardano-key-pairs.md#wallet-address-key-pairs)) **never leaves the air gap environment**. This is vital because: - A standard assumption in security is that *any* Internet connection on *any* computer creates opportunities for malicious people or programs to copy, view, or modify *anything* unencrypted on that computer. - Unlike transactions with cryptocurrency wallet software, in which the wallet's private payment keys are carefully encrypted and securely managed, the payment key (in this documentation, `payment.skey`) used for the raw transactions of development & stake pool operations is *not encrypted*. @@ -44,15 +44,15 @@ Therefore, the payment signing key (the private component of the [Cardano wallet ## Prerequisites -### Your [air gap environment](./air-gap) +### Your [air gap environment](docs/get-started/air-gap.md) -Follow [these instructions](./air-gap) to procure the environment (usually a dedicated "air gap machine") if you haven't already. +Follow [these instructions](docs/get-started/air-gap.md) to procure the environment (usually a dedicated "air gap machine") if you haven't already. ### Move any existing keys inside the air gap Second, if you've been running your applications, token/NFT generation, or stake pool with keys stored on any Internet connected machine (whether desktop or server): - - Move all those keys onto the air gap host and [securely delete](../get-started/air-gap#install-secure-deletion-tools) the originals. + - Move all those keys onto the air gap host and [securely delete](docs/get-started/air-gap.md#install-secure-deletion-tools) the originals. - Also, seriously consider whether those resources should be rebuilt due to the exposure of those private keys. To simplify the commands below, this guide assumes you will store all your keys and addresses *in the same single directory* where you will be building your transactions. @@ -66,12 +66,7 @@ Format a memory stick on a machine you believe to be secure, and then (to be on ## Steps of a secure transaction -This is rewritten from page [Create Simple Transactions](/docs/get-started/create-simple-transaction) (only considered secure to run on a testnet) with the following exception: - - - [Determining the TTL (time to Live)](/docs/get-started/create-simple-transaction#determine-the-ttl-time-to-live-for-the-transaction) for the transaction is omitted, along with setting this value in the transaction itself, to simplify the information-gathering step. - - This poses no security risk since an omitted TTL value allows a Tx file to be used indefinitely *but* submitting that Tx will change the UTxO set so that submitting that transaction again will be impossible. - -Also note that in general your "Internet connected machine" and your "Cardano node" will be two separate systems, and you will have to transfer files from one to the other with programs like [`rsync`](https://linux.die.net/man/1/rsync). +Note that in general your "Internet connected machine" and your "Cardano node" will be two separate systems, and you will have to transfer files from one to the other with programs like [`rsync`](https://linux.die.net/man/1/rsync). - So if you're running your Cardano node on a home machine (or using the Daedalus node port, for instance), where it says "upload" you only have to copy such files to where you can access them on that node. @@ -203,13 +198,13 @@ cardano-cli conway transaction submit \ --mainnet ``` -Then check for a successful transaction by whatever means you prefer, e.g. as illustrated in [Check the balances](/docs/get-started/create-simple-transaction#check-the-balances). +Then check for a successful transaction by whatever means you prefer, e.g. a [Cardano Explorer](https://explorer.cardano.org/). ## FAQ ### Why can't I use `cardano-cli conway transaction build`? -This is a convenient command to avoid the ["change" (return UTxO) calculation](../get-started/secure-workflow#calculate-the-change-to-send-back-to-paymentaddr) which requires you to prepare a test transaction, estimate fees, and calculate a final value of the funds to be moved. Instead, `transaction build` sends back "change" to a designated address. +This is a convenient command to avoid the ["change" (return UTxO) calculation](#calculate-the-change-to-send-back-to-paymentaddr) which requires you to prepare a test transaction, estimate fees, and calculate a final value of the funds to be moved. Instead, `transaction build` sends back "change" to a designated address. Some consider this so much easier to use that ***all*** transactions should be performed with this command, as discussed here: @@ -230,4 +225,4 @@ These are not directly related to transactions, and will all eventually be addre - making encrypted backups of your private keys (so they can be kept offsite / stored outside your air gap environment) - keeping secure (encrypted) records of your stake pool & development resources -For ideas on secure backup & record-keeping, see [Get Started with the Frankenwallet > Making & verifying backups of assets & keys](/docs/operate-a-stake-pool/frankenwallet#making--verifying-backups-of-assets--keys). +For ideas on secure backup & record-keeping, see [Get Started with the Frankenwallet > Making & verifying backups of assets & keys](docs/operate-a-stake-pool/frankenwallet.md#making--verifying-backups-of-assets--keys).