Using EthSigner with Multiple Signing Keys

EthSigner supports file-based signing using multiple keys.

Prerequisites

Start Besu

Start Besu with the --rpc-http-port option set to 8590.

Example

besu --network=dev --miner-enabled --miner-coinbase=0xfe3b557e8fb62b89f4916b721be55ceb828dbd73 --rpc-http-cors-origins="all" --host-whitelist=* --rpc-http-enabled --rpc-http-port=8590 --data-path=/Users/me/Datadir

Create Password and Key Files

Create a password file and V3 Keystore key for each account that needs to sign transactions. The password files and V3 Keystore keys must follow the naming convention and be in the same directory.

The password file must be named [<prefix>]<accountAddress>.password. The 0x portion of the account address must be removed. For example, 78e6e236592597c09d5c137c2af40aecd42d12a2.password

Password text file must not contain characters other than those used in your password

EthSigner reads the password file as binary and any character in the file is considered part of your password.

Some POSIX compliant editors automatically add an end-of-line in text files. If your editor adds an end-of-line character, the end-of-line is considered part of your password.

Replace the placeholders and use the following command to ensure the password file is correct:

echo -n "Type your password:";read -s password;echo -ne $password > [<prefix>]<accountAddress>.password;

Enter the password when prompted.

Use the web3.js library to create a key file where:

  • <AccountPrivateKey> is the private key of the account with which EthSigner will sign transactions.

  • <Password> is the password for the key file being created. The password must match the password saved in the password file created above.

Example

1
2
3
4
5
6
7
8
const Web3 = require('web3')

// Web3 initialization (should point to the JSON-RPC endpoint)
const web3 = new Web3(new Web3.providers.HttpProvider('http://127.0.0.1:8590'))

var V3KeyStore = web3.eth.accounts.encrypt("<AccountPrivateKey>", "<Password>");
console.log(JSON.stringify(V3KeyStore));
process.exit();
1
2
3
4
5
6
7
8
const Web3 = require('web3')

// Web3 initialization (should point to the JSON-RPC endpoint)
const web3 = new Web3(new Web3.providers.HttpProvider('http://127.0.0.1:8590'))

var V3KeyStore = web3.eth.accounts.encrypt("0x8f2a55949038a9610f50fb23b5883af3b4ecb3c3bb792cbcefbd1542c692be63", "password");
console.log(JSON.stringify(V3KeyStore));
process.exit();

Copy and paste the example JS script to a file (for example, createKeyFile.js) and replace the placeholders.

Use the JS script to display the text for the key file:

node createKeyFile.js

Copy and paste the text to a file that is named [<prefix>]<accountAddress>.key. The file name must be identical to the password file except for the .key suffix.

Start EthSigner

Start EthSigner with options:

  • chain-id is the chain ID specified in the Besu genesis file.

  • downstream-http-port is the rpc-http-port specified for Besu (8590 in this example).

  • directory is the location of the key and password files created above.

Example

ethsigner --chain-id=2018 --downstream-http-port=8590 multifile-based-signer --directory=/Users/me/mydirectory

Confirm EthSigner is Up

Use the upcheck endpoint to confirm EthSigner is running.

Example

curl -X GET http://127.0.0.1:8545/upcheck
I'm up

Confirm EthSigner Passing Requests to Besu

Request the current block number using eth_blockNumber with the EthSigner JSON-RPC endpoint (8545 in this example):

curl -X POST --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":51}' http://127.0.0.1:8545

You can now use EthSigner to sign transactions with the keys stored in the V3 Keystore key files.