Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

[fiosdk_typescript] Update SDK to support offline signing of transactions

Description

We would like to add the ability to sign transactions “offline”. Te transaction process generally looks like:

  1. serialize

  2. sign

  3. push

Some exchanges want the ability to do the signing on a server that is separate from, and more secure, than the server where they are doing the serializing and pushing the transaction. T

The original thinking is we would add functionality to:

  • Return the serialized transaction so it can be sent to a signing server. This process should not require having the user’s private key in memory.

  • Be able to sign a serialized transaction. This process will require access to the user’s private key.

  • Be able to return the serialized and signed transaction, so it can be sent back to the internet connected server and be pushed to the fio chain.

But, offline signing may be more complex when we consider OBT Data and FIO Requests which have content fields that need to be encrypted with a private key. Would it make more sense to be able to pass in the chain (block_numb, prefix, expiration, etc.) and transaction data to a call that does all of the serialization and signing offline? This is kind of what is done in Shawn’s fio.localsign app:

https://github.com/fioprotocol/fio.localsign

 

We would also like to have some functions for validating serialized and serialized/signed transaction. With these functions you would be able to:

  • Send in a serialized transaction and get the transaction data returned. This will allow the signing server to confirm the data in the transaction prior to signing.

  • Send in a serialized & signed transaction and user’s FIO Public Key and get the transaction data returned. This will allow the server pushing the transaction to verify the transaction data signed by the signing server. (It would NOT be able to verify the content field).

Activity

Show:

Eric Butz May 10, 2022 at 2:03 PM

Discussed with Andrew. Those are the type values. Comparison of the Raw Transaction to the deserialized transaction will require a new objectCompare method. Decided to not do that right now.

Sent branch to integrator for testing. Will merge and release if things look good.

Marking as Done.

Eric Butz May 10, 2022 at 12:21 PM

You see the RawTransaction and RawAction labels if you console.log “transaction” in your code.

Eric Butz May 4, 2022 at 8:39 PM

Added example to fiosdk_typescript-examples repo:

Eric Butz May 4, 2022 at 8:23 PM

Notes for Eric:

Tests for serialization checked in:

Additional tests for deserialization still in a branch:

Eric Butz May 4, 2022 at 8:19 PM

This looks really good!

The one issue I see is the addition of the “RawTransaction” and “RawAction” labels in the createRawTransaction:

It creates a non-standard json structure so is hard to use in code (for doing comparisons against actual data, etc.).

I think it would be better to return actual json. I.e., just return the transaction and have the actions data look just like it does in an actual transaction.

Or, is there a reason to have those labels?

Done

Details

Assignee

Reporter

Time tracking

7h 45m logged

Priority

Parent

Checklist

Created April 18, 2022 at 3:52 PM
Updated May 20, 2022 at 1:40 PM
Resolved May 10, 2022 at 2:03 PM
Loading...