Skip to content

Commit

Permalink
Merge branch 'staging' into add-balanceanalytics-showcase
Browse files Browse the repository at this point in the history
  • Loading branch information
rphair authored Jun 20, 2023
2 parents 9ac9f9b + 403be30 commit 447040c
Show file tree
Hide file tree
Showing 3 changed files with 1 addition and 89 deletions.
11 changes: 0 additions & 11 deletions docs/get-started/running-cardano.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,17 +28,6 @@ There are two types of testnet: `preview` and `pre-prod`.
### Production (Mainnet)
This is the live Production. Only gets official Mainnet releases. Please use this net once you are ready to use the cardano-node.

## Cardano blockchain nets:
### Testnet
There are two types of testnet: `preview` and `pre-prod`.

- **Preview Testnet**: Testing release candidates and Mainnet releases. Leads Mainnet hard forks by at least 4 weeks. This net is for those who just want to see how it runs, get familiarised and play with cardano-node.

- **Pre-Production Testnet**: Testing release candidates and Mainnet releases. Forks at approximately same time as Mainnet (within an epoch of each other). This net is ideal for those who are ready to run the Mainnet but want to test it before running it.

### Production (Mainnet)
This is the live Production. Only gets official Mainnet releases. Please use this net once you are ready to use the cardano-node.

### Configuration Files

The `cardano-node` application requires at least four configuration files to run as of writing this article.
Expand Down
27 changes: 1 addition & 26 deletions docs/get-started/secure-workflow.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@ Payment keys can never be stored, even for a moment, on an Internet connected ma

:::

Therefore we present a secure, standard workflow for this sequence of `cardano-cli` commands for a simple, single transaction for funds transfer:
Therefore we present a secure, standard workflow for this sequence of `cardano-cli` commands for a simple, single transaction for funds transfer:

- **[Create Simple Transaction](/docs/get-started/create-simple-transaction)** (*insecure* version)
Expand All @@ -33,48 +32,39 @@ All transactions will be done in these 3 steps:

1. on Internet connected computer:
- **Assemble** all transaction details (from Cardano node or other query) in a file & save it to a removable device.
2. in [air gap environment](./air-gap):
2. in [air gap environment](./air-gap):
- **Build** information from this file into a signed transaction & save the Tx file back on the same device (note `Tx` = "transaction").
3. on Internet connected computer:
- **Upload** the Tx file to your Cardano node and submit it.

Therefore, the payment signing key (the private component of the [Cardano wallet address key pair](../operate-a-stake-pool/cardano-key-pairs#wallet-address-key-pairs)) **never leaves the air gap environment**. This is vital because:
Therefore, the payment signing key (the private component of the [Cardano wallet address key pair](../operate-a-stake-pool/cardano-key-pairs#wallet-address-key-pairs)) **never leaves the air gap environment**. This is vital because:

- A standard assumption in security is that *any* Internet connection on *any* computer creates opportunities for malicious people or programs to copy, view, or modify *anything* unencrypted on that computer.
- Unlike transactions with cryptocurrenty wallet software, in which the wallet's private payment keys are carefully encrypted and securely managed, the payment key (in this documentation, `payment.skey`) used for the raw transactions of development & stake pool operations is *not encrypted*.
- This means that this file stored anywhere on your Internet connected computer or server, even for an instant, creates an opportunity for the funds at that address (`payment.addr`) to be ***lost***.
- This means that this file stored anywhere on your Internet connected computer or server, even for an instant, creates an opportunity for the funds at that address (`payment.addr`) to be ***lost***.

## Prerequisites

### Your [air gap environment](./air-gap)
### Your [air gap environment](./air-gap)

Follow [these instructions](./air-gap) to procure the environment (usually a dedicated "air gap machine") if you haven't already.
Follow [these instructions](./air-gap) to procure the environment (usually a dedicated "air gap machine") if you haven't already.

### Move any existing keys inside the air gap
### Move any existing keys inside the air gap

Second, if you've been running your applications, token/NFT generation, or stake pool with keys stored on any Internet connected machine (whether desktop or server):

- Move all those keys onto the air gap host and [securely delete](../get-started/air-gap#install-secure-deletion-tools) the originals.
- Move all those keys onto the air gap host and [securely delete](../get-started/air-gap#install-secure-deletion-tools) the originals.
- Also, seriously consider whether those resources should be rebuilt due to the exposure of those private keys.

To simplify the commands below, this guide assumes you will store all your keys and addresses *in the same single directory* where you will be building your transactions.

### Dedicate a memory stick to moving your Tx files

Format a memory stick on a machine you believe to be secure, and then (to be on the safe side) format it again on the air gap machine. Some ideas:
Format a memory stick on a machine you believe to be secure, and then (to be on the safe side) format it again on the air gap machine. Some ideas:

- The objective here is to avoid bringing malicious software from your host computer into the air gap environment, especially via viruses that are designed to propagate by memory sticks.
- Use a filesystem that will be compatible with your regular Internet connected machine *and* your air gapped Linux environment: the one most likely to be writable by all types of desktop is FAT32.
- The objective here is to avoid bringing malicious software from your host computer into the air gap environment, especially via viruses that are designed to propagate by memory sticks.
- Use a filesystem that will be compatible with your regular Internet connected machine *and* your air gapped Linux environment: the one most likely to be writable by all types of desktop is FAT32.

## Steps of a secure transaction

Expand Down Expand Up @@ -117,7 +107,6 @@ Then copy both this file and `protocol.json` to the transfer memory stick.

### 2\. *Build* Tx details into a signed transaction.

Attach your transfer memory stick to the air gap host and copy the files to your working directory:
Attach your transfer memory stick to the air gap host and copy the files to your working directory:

- `protocol.json`
Expand Down Expand Up @@ -145,15 +134,11 @@ cardano-cli transaction build-raw \

#### Calculate the fee

The generally simplest transaction needs one input (a valid UTXO from `payment.addr`) and two outputs:
The generally simplest transaction needs one input (a valid UTXO from `payment.addr`) and two outputs:

1. The address that receives the transaction.
1. The address that receives the change of the transaction.
1. The address that receives the transaction.
1. The address that receives the change of the transaction.
2. The address that receives the change of the transaction.

Note that to calculate the fee you need to include the draft transaction:
Note that to calculate the fee you need to include the draft transaction:

``` sh
Expand Down Expand Up @@ -182,7 +167,6 @@ expr 20000000 - 10000000 - 167965

#### Build the transaction

We write the transaction in a file; we will name it `tx.raw`:
We write the transaction in a file; we will name it `tx.raw`:

``` sh
Expand All @@ -207,15 +191,12 @@ cardano-cli transaction sign \
```

Save the `tx.signed` file back on the transfer memory stick, then [safely remove](https://help.ubuntu.com/stable/ubuntu-help/files-removedrive.html.en) the memory stick from the air gap machine.
Save the `tx.signed` file back on the transfer memory stick, then [safely remove](https://help.ubuntu.com/stable/ubuntu-help/files-removedrive.html.en) the memory stick from the air gap machine.

### 3\. **Upload** and submit the Tx file.

Reattach your transfer memory stick back to the Internet connected computer, then upload the `tx.signed` file to your Cardano node.

#### Submit the transaction

Log into your Cardano node (or prepare Daedalus if using its node) and execute:
Log into your Cardano node (or prepare Daedalus if using its node) and execute:

``` sh
Expand All @@ -240,21 +221,15 @@ However, this discussion revealed the undocumented condition that `transaction b

- Using `transaction build` would require, in addition to accumulating the UTxO and balance information from your live Cardano node or network environment to build your transaction, that you also run the `build` command in the networked environment as well and save the unsigned transaction file on your transfer media.
- This transaction file would then need to be copied from the live environment to the air gap environment, where it would be signed... but in a security paranoid environment the user could never be sure the transaction was not built or modified maliciously outside the air gap.
- This transaction file would then need to be copied from the live environment to the air gap environment, where it would be signed... but in a security paranoid environment the user could never be sure the transaction was not built or modified maliciously outside the air gap.

Therefore this guide suggests *only* assembling transaction *details* outside the air gap, to be applied to `cardano-cli transaction build-raw` inside the air gap, because there is not much convenience overall to using `transaction build` and perhaps some security risk as well.
Therefore this guide suggests *only* assembling transaction *details* outside the air gap, to be applied to `cardano-cli transaction build-raw` inside the air gap, because there is not much convenience overall to using `transaction build` and perhaps some security risk as well.

## Other pending topics in secure workflow

These are not directly related to transacations, and will all eventually be addressed in their own pages on the Developer Portal:

- pool key installation & updates: transferring keys (e.g. VRF and KES) securely from within the air gap to your stake pool block producer
- making encrypted backups of your private keys (so they can be kept offsite / stored outside your air gap environment)
- pool key installation & updates: transferring keys (e.g. VRF and KES) securely from within the air gap to your stake pool block producer
- making encrypted backups of your private keys (so they can be kept offsite / stored outside your air gap environment)
- keeping secure (encrypted) records of your stake pool & development resources

For ideas on secure backup & record-keeping, see [Get Started with the Frankenwallet > Making & verifying backups of assets & keys](/docs/operate-a-stake-pool/frankenwallet#making--verifying-backups-of-assets--keys).

For ideas on secure backup & record-keeping, see [Get Started with the Frankenwallet > Making & verifying backups of assets & keys](/docs/operate-a-stake-pool/frankenwallet#making--verifying-backups-of-assets--keys).
52 changes: 0 additions & 52 deletions sidebars.js
Original file line number Diff line number Diff line change
Expand Up @@ -23,17 +23,6 @@ module.exports = {
type: "category",
label: "Builder Tools",
items: [
"get-started/aiken",
{
type: "category",
label: "Blockfrost",
items: [
{
type: "autogenerated",
dirName: "get-started/blockfrost",
},
],
},
"get-started/aiken",
{
type: "category",
Expand All @@ -60,19 +49,8 @@ module.exports = {
},
],
},
{
type: "category",
label: "Mesh (Web3 SDK)",
items: [
{
type: "autogenerated",
dirName: "get-started/mesh",
},
],
},
"get-started/ogmios",
"get-started/plu-ts",
"get-started/plu-ts",
"get-started/cardanosharp-wallet",
{
type: "category",
Expand All @@ -82,8 +60,6 @@ module.exports = {
// Generate sidebar automatically from docs/get-started/cardano-serialization-lib
type: "autogenerated",
dirName: "get-started/cardano-serialization-lib",
type: "autogenerated",
dirName: "get-started/cardano-serialization-lib",
},
],
},
Expand All @@ -101,10 +77,8 @@ module.exports = {
"integrate-cardano/listening-for-payments-cli",
"integrate-cardano/listening-for-payments-wallet",
"integrate-cardano/point-of-sale",
"integrate-cardano/point-of-sale",
"integrate-cardano/testnet-faucet",
"integrate-cardano/user-wallet-authentication",
"integrate-cardano/user-wallet-authentication",
],
"Build with Transaction Metadata": [
"transaction-metadata/overview",
Expand All @@ -127,17 +101,6 @@ module.exports = {
},
],
},
{
type: "category",
label: "Token Registry",
items: [
{
// Generate sidebar automatically from docs/native-tokens/token-registry
type: "autogenerated",
dirName: "native-tokens/token-registry",
},
],
},
],
"Create Smart Contracts": [
"smart-contracts/overview",
Expand All @@ -146,9 +109,6 @@ module.exports = {
"smart-contracts/aiken",
"smart-contracts/opshin",
"smart-contracts/plu-ts",
"smart-contracts/aiken",
"smart-contracts/opshin",
"smart-contracts/plu-ts",
],
"Be Part of the Governance": [
"governance/overview",
Expand All @@ -164,18 +124,6 @@ module.exports = {
],
},
"governance/project-catalyst",
{
type: "category",
label: "Cardano Improvement Proposals (CIPs)",
items: [
{
// Generate sidebar automatically from docs/governance/cardano-improvement-proposals
type: "autogenerated",
dirName: "governance/cardano-improvement-proposals",
},
],
},
"governance/project-catalyst",
],
"Operate a Stake Pool": [
"operate-a-stake-pool/overview",
Expand Down

0 comments on commit 447040c

Please sign in to comment.