diff --git a/docs/get-started/running-cardano.md b/docs/get-started/running-cardano.md index 934cf0d667..4c2b388d11 100644 --- a/docs/get-started/running-cardano.md +++ b/docs/get-started/running-cardano.md @@ -28,17 +28,6 @@ There are two types of testnet: `preview` and `pre-prod`. ### Production (Mainnet) This is the live Production. Only gets official Mainnet releases. Please use this net once you are ready to use the cardano-node. -## Cardano blockchain nets: -### Testnet -There are two types of testnet: `preview` and `pre-prod`. - -- **Preview Testnet**: Testing release candidates and Mainnet releases. Leads Mainnet hard forks by at least 4 weeks. This net is for those who just want to see how it runs, get familiarised and play with cardano-node. - -- **Pre-Production Testnet**: Testing release candidates and Mainnet releases. Forks at approximately same time as Mainnet (within an epoch of each other). This net is ideal for those who are ready to run the Mainnet but want to test it before running it. - -### Production (Mainnet) -This is the live Production. Only gets official Mainnet releases. Please use this net once you are ready to use the cardano-node. - ### Configuration Files The `cardano-node` application requires at least four configuration files to run as of writing this article. diff --git a/docs/get-started/secure-workflow.md b/docs/get-started/secure-workflow.md index 95298fd32b..8067c810ae 100644 --- a/docs/get-started/secure-workflow.md +++ b/docs/get-started/secure-workflow.md @@ -15,7 +15,6 @@ Payment keys can never be stored, even for a moment, on an Internet connected ma ::: -Therefore we present a secure, standard workflow for this sequence of `cardano-cli` commands for a simple, single transaction for funds transfer: Therefore we present a secure, standard workflow for this sequence of `cardano-cli` commands for a simple, single transaction for funds transfer: - **[Create Simple Transaction](/docs/get-started/create-simple-transaction)** (*insecure* version) @@ -33,34 +32,28 @@ All transactions will be done in these 3 steps: 1. on Internet connected computer: - **Assemble** all transaction details (from Cardano node or other query) in a file & save it to a removable device. -2. in [air gap environment](./air-gap): 2. in [air gap environment](./air-gap): - **Build** information from this file into a signed transaction & save the Tx file back on the same device (note `Tx` = "transaction"). 3. on Internet connected computer: - **Upload** the Tx file to your Cardano node and submit it. -Therefore, the payment signing key (the private component of the [Cardano wallet address key pair](../operate-a-stake-pool/cardano-key-pairs#wallet-address-key-pairs)) **never leaves the air gap environment**. This is vital because: Therefore, the payment signing key (the private component of the [Cardano wallet address key pair](../operate-a-stake-pool/cardano-key-pairs#wallet-address-key-pairs)) **never leaves the air gap environment**. This is vital because: - A standard assumption in security is that *any* Internet connection on *any* computer creates opportunities for malicious people or programs to copy, view, or modify *anything* unencrypted on that computer. - Unlike transactions with cryptocurrenty wallet software, in which the wallet's private payment keys are carefully encrypted and securely managed, the payment key (in this documentation, `payment.skey`) used for the raw transactions of development & stake pool operations is *not encrypted*. - This means that this file stored anywhere on your Internet connected computer or server, even for an instant, creates an opportunity for the funds at that address (`payment.addr`) to be ***lost***. - - This means that this file stored anywhere on your Internet connected computer or server, even for an instant, creates an opportunity for the funds at that address (`payment.addr`) to be ***lost***. ## Prerequisites ### Your [air gap environment](./air-gap) ### Your [air gap environment](./air-gap) -Follow [these instructions](./air-gap) to procure the environment (usually a dedicated "air gap machine") if you haven't already. Follow [these instructions](./air-gap) to procure the environment (usually a dedicated "air gap machine") if you haven't already. -### Move any existing keys inside the air gap ### Move any existing keys inside the air gap Second, if you've been running your applications, token/NFT generation, or stake pool with keys stored on any Internet connected machine (whether desktop or server): - - Move all those keys onto the air gap host and [securely delete](../get-started/air-gap#install-secure-deletion-tools) the originals. - Move all those keys onto the air gap host and [securely delete](../get-started/air-gap#install-secure-deletion-tools) the originals. - Also, seriously consider whether those resources should be rebuilt due to the exposure of those private keys. @@ -68,13 +61,10 @@ To simplify the commands below, this guide assumes you will store all your keys ### Dedicate a memory stick to moving your Tx files -Format a memory stick on a machine you believe to be secure, and then (to be on the safe side) format it again on the air gap machine. Some ideas: Format a memory stick on a machine you believe to be secure, and then (to be on the safe side) format it again on the air gap machine. Some ideas: - The objective here is to avoid bringing malicious software from your host computer into the air gap environment, especially via viruses that are designed to propagate by memory sticks. - Use a filesystem that will be compatible with your regular Internet connected machine *and* your air gapped Linux environment: the one most likely to be writable by all types of desktop is FAT32. - - The objective here is to avoid bringing malicious software from your host computer into the air gap environment, especially via viruses that are designed to propagate by memory sticks. - - Use a filesystem that will be compatible with your regular Internet connected machine *and* your air gapped Linux environment: the one most likely to be writable by all types of desktop is FAT32. ## Steps of a secure transaction @@ -117,7 +107,6 @@ Then copy both this file and `protocol.json` to the transfer memory stick. ### 2\. *Build* Tx details into a signed transaction. -Attach your transfer memory stick to the air gap host and copy the files to your working directory: Attach your transfer memory stick to the air gap host and copy the files to your working directory: - `protocol.json` @@ -145,15 +134,11 @@ cardano-cli transaction build-raw \ #### Calculate the fee -The generally simplest transaction needs one input (a valid UTXO from `payment.addr`) and two outputs: The generally simplest transaction needs one input (a valid UTXO from `payment.addr`) and two outputs: 1. The address that receives the transaction. -1. The address that receives the change of the transaction. -1. The address that receives the transaction. -1. The address that receives the change of the transaction. +2. The address that receives the change of the transaction. -Note that to calculate the fee you need to include the draft transaction: Note that to calculate the fee you need to include the draft transaction: ``` sh @@ -182,7 +167,6 @@ expr 20000000 - 10000000 - 167965 #### Build the transaction -We write the transaction in a file; we will name it `tx.raw`: We write the transaction in a file; we will name it `tx.raw`: ``` sh @@ -207,15 +191,12 @@ cardano-cli transaction sign \ ``` Save the `tx.signed` file back on the transfer memory stick, then [safely remove](https://help.ubuntu.com/stable/ubuntu-help/files-removedrive.html.en) the memory stick from the air gap machine. -Save the `tx.signed` file back on the transfer memory stick, then [safely remove](https://help.ubuntu.com/stable/ubuntu-help/files-removedrive.html.en) the memory stick from the air gap machine. - ### 3\. **Upload** and submit the Tx file. Reattach your transfer memory stick back to the Internet connected computer, then upload the `tx.signed` file to your Cardano node. #### Submit the transaction -Log into your Cardano node (or prepare Daedalus if using its node) and execute: Log into your Cardano node (or prepare Daedalus if using its node) and execute: ``` sh @@ -240,21 +221,15 @@ However, this discussion revealed the undocumented condition that `transaction b - Using `transaction build` would require, in addition to accumulating the UTxO and balance information from your live Cardano node or network environment to build your transaction, that you also run the `build` command in the networked environment as well and save the unsigned transaction file on your transfer media. - This transaction file would then need to be copied from the live environment to the air gap environment, where it would be signed... but in a security paranoid environment the user could never be sure the transaction was not built or modified maliciously outside the air gap. - - This transaction file would then need to be copied from the live environment to the air gap environment, where it would be signed... but in a security paranoid environment the user could never be sure the transaction was not built or modified maliciously outside the air gap. Therefore this guide suggests *only* assembling transaction *details* outside the air gap, to be applied to `cardano-cli transaction build-raw` inside the air gap, because there is not much convenience overall to using `transaction build` and perhaps some security risk as well. -Therefore this guide suggests *only* assembling transaction *details* outside the air gap, to be applied to `cardano-cli transaction build-raw` inside the air gap, because there is not much convenience overall to using `transaction build` and perhaps some security risk as well. ## Other pending topics in secure workflow These are not directly related to transacations, and will all eventually be addressed in their own pages on the Developer Portal: - - pool key installation & updates: transferring keys (e.g. VRF and KES) securely from within the air gap to your stake pool block producer - - making encrypted backups of your private keys (so they can be kept offsite / stored outside your air gap environment) - pool key installation & updates: transferring keys (e.g. VRF and KES) securely from within the air gap to your stake pool block producer - making encrypted backups of your private keys (so they can be kept offsite / stored outside your air gap environment) - keeping secure (encrypted) records of your stake pool & development resources For ideas on secure backup & record-keeping, see [Get Started with the Frankenwallet > Making & verifying backups of assets & keys](/docs/operate-a-stake-pool/frankenwallet#making--verifying-backups-of-assets--keys). - -For ideas on secure backup & record-keeping, see [Get Started with the Frankenwallet > Making & verifying backups of assets & keys](/docs/operate-a-stake-pool/frankenwallet#making--verifying-backups-of-assets--keys). diff --git a/sidebars.js b/sidebars.js index 89de120cea..64c0791e9c 100644 --- a/sidebars.js +++ b/sidebars.js @@ -23,17 +23,6 @@ module.exports = { type: "category", label: "Builder Tools", items: [ - "get-started/aiken", - { - type: "category", - label: "Blockfrost", - items: [ - { - type: "autogenerated", - dirName: "get-started/blockfrost", - }, - ], - }, "get-started/aiken", { type: "category", @@ -60,19 +49,8 @@ module.exports = { }, ], }, - { - type: "category", - label: "Mesh (Web3 SDK)", - items: [ - { - type: "autogenerated", - dirName: "get-started/mesh", - }, - ], - }, "get-started/ogmios", "get-started/plu-ts", - "get-started/plu-ts", "get-started/cardanosharp-wallet", { type: "category", @@ -82,8 +60,6 @@ module.exports = { // Generate sidebar automatically from docs/get-started/cardano-serialization-lib type: "autogenerated", dirName: "get-started/cardano-serialization-lib", - type: "autogenerated", - dirName: "get-started/cardano-serialization-lib", }, ], }, @@ -101,10 +77,8 @@ module.exports = { "integrate-cardano/listening-for-payments-cli", "integrate-cardano/listening-for-payments-wallet", "integrate-cardano/point-of-sale", - "integrate-cardano/point-of-sale", "integrate-cardano/testnet-faucet", "integrate-cardano/user-wallet-authentication", - "integrate-cardano/user-wallet-authentication", ], "Build with Transaction Metadata": [ "transaction-metadata/overview", @@ -127,17 +101,6 @@ module.exports = { }, ], }, - { - type: "category", - label: "Token Registry", - items: [ - { - // Generate sidebar automatically from docs/native-tokens/token-registry - type: "autogenerated", - dirName: "native-tokens/token-registry", - }, - ], - }, ], "Create Smart Contracts": [ "smart-contracts/overview", @@ -146,9 +109,6 @@ module.exports = { "smart-contracts/aiken", "smart-contracts/opshin", "smart-contracts/plu-ts", - "smart-contracts/aiken", - "smart-contracts/opshin", - "smart-contracts/plu-ts", ], "Be Part of the Governance": [ "governance/overview", @@ -164,18 +124,6 @@ module.exports = { ], }, "governance/project-catalyst", - { - type: "category", - label: "Cardano Improvement Proposals (CIPs)", - items: [ - { - // Generate sidebar automatically from docs/governance/cardano-improvement-proposals - type: "autogenerated", - dirName: "governance/cardano-improvement-proposals", - }, - ], - }, - "governance/project-catalyst", ], "Operate a Stake Pool": [ "operate-a-stake-pool/overview",