Securely Transacting Nervos


#1

Hi all,

I am trying to create a flow for securely transacting Nervos. My threat model requires that I never have my secret key on an internet-connected computer.

As far as I can tell, there is currently no way to create a valid transaction in this setting. If anyone can help, I’m looking for a way to execute the following steps:

  • Generate private key on offline computer
  • Use online computer to create an unsigned transaction
  • Move unsigned transaction to offline computer and sign transaction
  • Move signed transaction to online computer and broadcast to network

Any alternative approach that would allow for creating a valid transaction while keeping the secret key offline would also be welcome.


#2

Hey hey,
Welcome to the Nervos community. :slight_smile:

Although some of the SDK functions needed by this process are not fully available at this moment, so you might had a hard time on doing in this in practice, I think it’s totally feasible to do this work flow with Nervos.

Which exact part do you have difficulty with?


#3

I can’t find the relevant SDK functions for creating the unsigned transaction and then signing it I’m afraid.

Any help would be much appreciated!


#4

I’m afraid that is part of the functions that I mentioned as “not fully available at the moment”. :joy:

Feel free to add issues to any of the SDKs you like. :wink:

For the moment, you can refer here for how to sign a transaction.
Here and here can help you to understand how to create unsigned transactions.

Enjoy coding~


#5

By the way, just out of curious, what exact application are you working on?


#6

The fact that generating transactions without signing is quite easy.

The signing messages are placed in input.unlock and the flow of generating transaction likes this, you can put arbitrary unlock script in the input and replace it with the correct one in your offline wallet.