Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Signing Marlowe Transactions Using dApp Connector, Hardware Wallet, and Air-Gapped Computer #183

Open
johnshearing opened this issue Jul 12, 2022 · 1 comment
Labels
enhancement New feature or request

Comments

@johnshearing
Copy link

Describe the feature you'd like

Please, we need to be able to sign transactions by all three of the following methods when using the Marlowe CLI or when using Marlow Run:
dApp Connector, Hardware Wallet, Air-Gapped Computer

The following copied from the ask-marlowe discord explains the request best:
https://discord.com/channels/826816523368005654/936295815926927390/996163555688718407

SenecalJF — Today at 5:18 PM
Thx a lot! For the back end service, what would be the way to sign a transaction?

Right now, I use a dApp connector, so it's easy to create and sign a transaction without having security breach with your private key. But if I sign transaction on the backend I will need to pass the private key as a parameter and I am not too comfortable doing that. Is there a way with marlowe-cli to return a transaction with marlowe-cli run execute and the only that is left to do is sign it? The signing part will be done with the dapp connector maybe.

johnshearing — Today at 8:36 PM
@b W Bush, with respect to @SenecalJF's question:
For any amount that matters, I only sign transactions on an airgapped computer and then move that signed transaction file to an online computer.
Linked below is a machine that I designed and built for signing transactions and moving files across the airgap.
https://youtu.be/3MwJOj3t8cI
I built the machine before the Ledger Nano was available.
I would much rather sign Marlowe transactions with a Ledger Nano but if that is not possible then I will need to use my airgapped machine to sign Marlowe transactions.
Is it possible to use a Ledger to sign Marlowe transactions? If so, where can we find out more?
If not, then I imagine in marlowe-cli util mint for example the --out-file is the signed transaction file that we would pass from the airgapped machine to the online machine?
If this is the case, how would we use the signed transaction (the --out-file?) once transferred to the online machine in order to mint a token in this case or perhaps move funds.
Much thanks

B W Bush — Today at 9:38 PM
@SenecalJF and @johnshearing, thanks for your great questions and observations! Here is some more info:

  1. I don't believe that we've tested omitting the --required-signer and --submit options in marlowe-cli run execute so it outputs an unsigned transaction file to --out-file that cardano-cli transaction sign or a wallet would successfully sign and submit. (My guess is that this will not work because of how marlowe-cli does fee computations.) If this doesn't work, it would be trivial for us to add that feature. Please consider submitting a feature request for this capability at https://github.com/input-output-hk/marlowe-cardano/issues. With such a capability, you could pass the unsigned transaction through a dApp connector for a wallet to sign or you could move the unsigned transaction over to an airgapped machine and sign it there. (The wallet could also submit the transaction after it signs it.)

  2. In the long term, Marlowe will very likely support CIP-30 (https://cips.cardano.org/cips/cip30/) wallets and Lace.

  3. Currently, the Marlowe backend (not marlowe-cli run execute) is compatible with Cardano Wallet, such the one embedded inside Daedalus, and that supports the Ledger and Trezor hardware wallets. We haven't included this support in the marlowe-cli run execute command yet, but that would be straightforward, so please consider submitting a feature request for this capability, too.

  4. You're both completely correct to be meticulously careful about private keys on mainnet (and also on public testnet). In general, it's essential for a dApp or backend neverto have access to private keys or seed phrases, and always to delegate signing to trusted software or hardware wallets. The key-management in workflows that we use for learning, experimenting, and testing on the private Marlowe testnet is not appropriate for deployment on mainnet.

Much Thanks

@johnshearing johnshearing added the enhancement New feature or request label Jul 12, 2022
@nhenin
Copy link
Contributor

nhenin commented Mar 12, 2024

Linked to this issue : #794

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants