Offline Transaction Signing

Some security models require keeping signing keys, and thus the signing process, separated from transaction creation and network broadcast.

Examples include:

• Collecting signatures from geographically disparate signers in a multi-signature scheme

• Signing transactions using an airgapped signing device

This document describes using Huione's CLI to separately sign and submit a transaction.

Commands Supporting Offline Signing#

At present, the following commands support offline signing:

• create-stake-account

• create-stake-account-checked

• deactivate-stake

• delegate-stake

• split-stake

• stake-authorize

• stake-authorize-checked

• stake-set-lockup

• stake-set-lockup-checked

• transfer

• withdraw-stake

• create-vote-account

• vote-authorize-voter

• vote-authorize-voter-checked

• vote-authorize-withdrawer

• vote-authorize-withdrawer-checked

• vote-update-commission

• vote-update-validator

• withdraw-from-vote-account

Signing Transactions Offline

To sign a transaction offline, pass the following arguments on the command line

1. --sign-only, prevents the client from submitting the signed transaction to the network. Instead, the pubkey/signature pairs are printed to stdout.

2. --blockhash BASE58_HASH, allows the caller to specify the value used to fill the transaction's recent_blockhash field. This serves a number of purposes, namely: Eliminates the need to connect to the network and query a recent blockhash via RPC Enables the signers to coordinate the blockhash in a multiple-signature scheme

Example: Offline Signing a Payment

Command

Output

Submitting Offline Signed Transactions to the Network

To submit a transaction that has been signed offline to the network, pass the following arguments on the command line

1. --blockhash BASE58_HASH, must be the same blockhash as was used to sign

2. --signer BASE58_PUBKEY=BASE58_SIGNATURE, one for each offline signer. This includes the pubkey/signature pairs directly in the transaction rather than signing it with any local keypair(s)

Example: Submitting an Offline Signed Payment

Command

Output

Offline Signing Over Multiple Sessions

Offline signing can also take place over multiple sessions. In this scenario, pass the absent signer's public key for each role.

All pubkeys that were specified, but no signature was generated for will be listed as absent in the offline signing output

Example: Transfer with Two Offline Signing Sessions

Command (Offline Session #1)

Output (Offline Session #1)

Command (Offline Session #2)

Output (Offline Session #2)

Command (Online Submission)

Output (Online Submission)

Buying More Time to Sign

Typically a Huione transaction must be signed and accepted by the network within a number of slots from the blockhash in its recent_blockhash field (~1min at the time of this writing). If your signing procedure takes longer than this, a Durable Transaction Nonce can give you the extra time you need.