certusone
/
cosmos-sdk
mirror of https://github.com/certusone/cosmos-sdk.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge PR #3968: Documentation on how to sign Cosmos transactions

This commit is contained in:
Zaki Manian 2019-03-25 10:20:03 -07:00 committed by Christopher Goes
parent 2ca86c8605
commit 2788c2250d
1 changed files with 66 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
docs/clients/service-providers.md
View File

@ -121,3 +121,69 @@ mechanism for instance.
In order to generate an unsigned transaction (example with
[coin transfer](https://cosmos.network/rpc/#/ICS20/post_bank_accounts__address__transfers)),
you need to use the field `generate_only` in the body of `base_req`.
## Cosmos SDK Transaction Signing
Cosmos SDK transaction signing is a fairly simple process.
Every Cosmos SDK transaction has a canonical JSON representation. The `gaiacli`
and Stargate REST interfaces provide canonical JSON representations of transactions
and their "broadcast" functions will provide compact Amino (a protobuf-like wire format)
encoding translations.
Things to know when signing messages:
The format is as follows
```json
{
"account_number": XXX,
"chain_id": XXX,
"fee": XXX,
"sequence": XXX,
"memo": XXX,
"msgs": XXX
}
```
The signer must supply `"chain_id"`, `"account number"` and `"sequence number"`.
The `"fee"`, `"msgs"` and `"memo"` fields will be supplied by the transaction
composer interface.
The `"account_number"` and `"sequence"` fields can be queried directly from the
blockchain or cached locally. Getting these numbers wrong, along with the chainID,
is a common cause of invalid signature error. You can load the mempool of a full
node or validator with a sequence of uncommitted transactions with incrementing
sequence numbers and it will mostly do the correct thing.
Before signing, all keys are lexicographically sorted and all white space is
removed from the JSON output.
The signature encoding is the 64-byte concatenation of ECDSArands (i.e. `r || s`),
where `s` is lexicographically less than its inverse in order to prevent malleability.
This is like Ethereum, but without the extra byte for PubKey recovery, since
Tendermint assumes the PubKey is always provided anyway.
Signatures and public key examples in a signed transaction:
``` json
{
"type": "auth/StdTx",
"value": {
"msg": [...],
"signatures": [
{
"pub_key": {
"type": "tendermint/PubKeySecp256k1",
"value": XXX
},
"signature": XXX
}
],
}
}
```
Once signatures are properly generated, insert the JSON into into the generated
transaction and then use the broadcast endpoint.