namada icon indicating copy to clipboard operation
namada copied to clipboard
verified publisher icon anoma

Offline signing command requesting local node

Open dan-u410 opened this issue 1 year ago • 7 comments

Some steps in the offline flow don't match the workflow I'm seeking:

Generation:

  • This was workable, however, to avoid ever loading private keys to the online machine there's an extra step not noted in the docs:
namada wallet add --alias view-only-wallet --value <my-public-key>
  • This might be helpful to add for others following this guide since the error message returned without this is very confusing at first

Signing:

I've configured my offline wallet with the secret keys necessary for signing, however it seems the node needs to be started locally to sign offline?

  • the sign-tx command immediately checks for a node connection here but it looks like this is only used to look up the wallet context
  • is there a way to pass in a wallet file or similar as an argument and forego any node requests when offline?
namadac sign-tx --tx-path transfer.tx --owner wallet1
Failed to query node status with error:
   0: HTTP error
   1: error sending request for url (http://127.0.0.1:26657/): error trying to connect: tcp connect error: Connection refused (os error 61)
....

Broadcast:

  • I've gotten this working but there are some sharp edges that I wanted to note:
  • i) this command wants to automatically submit a reveal_pk tx. However, this is not possible when the owner's private keys are not loaded onto the node. I am forking the SDK and removing this line from this command since I will issue the reveal_pk command indepdentely
  • ii) This transaction needs to be signed by the gas_payer to be valid. This should be moved to the offline sign-tx command so private keys never needed to be loaded to the online machine
namada client tx --tx-path tx.tx --signatures sig1.tx --owner view-only-wallet --node https://rpc.luminara.icu --gas-payer view-only-wallet --force
Submitting a tx to reveal the public key for address <address>...
Error: 
   0: unable to sign transaction with <pubkey>
....

I am following the offline signing guide in the docs here

Running version: Namada v0.32.0 on campfire testnet luminara.45fd94fb5c14d0dd304da

dan-u410 avatar May 08 '24 19:05 dan-u410

Hi @dan-u410 . Thank you for brining these issues up! Over the next few days I'll try to reproduce them and reduce the need for a local node in some of the namada commands.

murisi avatar Jul 11 '24 08:07 murisi

Hi @murisi any update on this? It looks like broadcast is also not able to function without some account's private-keys loaded on a hot machine to act as the gas-payer. imo this is problematic

dan-u410 avatar Jul 15 '24 17:07 dan-u410

it looks like there is a bug in namada client reveal-pk --public-key <pubkey> --node https://rpc.luminara.icu --dump-tx that also doesn't dump bytes to stdout or file.

as I currently understand this; generation/signing/broadcast are all broken in some form

dan-u410 avatar Jul 17 '24 03:07 dan-u410

Hi @murisi | @cwgoes - am looking forward mainnet. wanted to touch base here and see if you guys have any updates on offline signing support? The publicly available ledger app is still on v0.0.16 which is non-functioning and offline signing appears to have several bugs

dan-u410 avatar Aug 21 '24 15:08 dan-u410

we are currently working on this (pr #3648)

Fraccaman avatar Aug 26 '24 08:08 Fraccaman

Hi @Fraccaman any updates here on offline signing? it looks like the PR has been closed.

dan-u410 avatar Sep 05 '24 18:09 dan-u410

hey @dan-u410! We merged it via #3715 and we are going to cut a release soon (this week)

Fraccaman avatar Sep 09 '24 11:09 Fraccaman