92 lines
3.6 KiB
Markdown
92 lines
3.6 KiB
Markdown
# Offline Transaction Signing
|
|
|
|
Some security models require keeping signing keys, and thus the signing
|
|
process, separated from transaction creation and network broadcast. Examples
|
|
include:
|
|
* Collecting signatures from geographically disparate signers in a
|
|
[multi-signature scheme](../api-reference/cli.md#multiple-witnesses)
|
|
* Signing transactions using an [airgapped](https://en.wikipedia.org/wiki/Air_gap_(networking))
|
|
signing device
|
|
|
|
This document describes using Solana's CLI to separately sign and submit a
|
|
transaction.
|
|
|
|
## Commands Supporting Offline Signing
|
|
|
|
At present, the following commands support offline signing:
|
|
* [`create-stake-account`](../cli/usage.md#solana-create-stake-account)
|
|
* [`deactivate-stake`](../cli/usage.md#solana-deactivate-stake)
|
|
* [`delegate-stake`](../cli/usage.md#solana-delegate-stake)
|
|
* [`split-stake`](../cli/usage.md#solana-split-stake)
|
|
* [`stake-authorize-staker`](../cli/usage.md#solana-stake-authorize-staker)
|
|
* [`stake-authorize-withdrawer`](../cli/usage.md#solana-stake-authorize-withdrawer)
|
|
* [`stake-set-lockup`](../cli/usage.md#solana-stake-set-lockup)
|
|
* [`transfer`](../cli/usage.md#solana-transfer)
|
|
* [`withdraw-stake`](../cli/usage.md#solana-withdraw-stake)
|
|
|
|
## Signing Transactions Offline
|
|
|
|
To sign a transaction offline, pass the following arguments on the command line
|
|
1) `--sign-only`, prevents the client from submitting the signed transaction
|
|
to the network. Instead, the pubkey/signature pairs are printed to stdout.
|
|
2) `--blockhash BASE58_HASH`, allows the caller to specify the value used to
|
|
fill the transaction's `recent_blockhash` field. This serves a number of
|
|
purposes, namely:
|
|
* Eliminates the need to connect to the network and query a recent blockhash
|
|
via RPC
|
|
* Enables the signers to coordinate the blockhash in a multiple-signature
|
|
scheme
|
|
|
|
### Example: Offline Signing a Payment
|
|
|
|
Command
|
|
|
|
```bash
|
|
solana@offline$ solana pay --sign-only --blockhash 5Tx8F3jgSHx21CbtjwmdaKPLM5tWmreWAnPrbqHomSJF \
|
|
recipient-keypair.json 1
|
|
```
|
|
|
|
Output
|
|
|
|
```text
|
|
|
|
Blockhash: 5Tx8F3jgSHx21CbtjwmdaKPLM5tWmreWAnPrbqHomSJF
|
|
Signers (Pubkey=Signature):
|
|
FhtzLVsmcV7S5XqGD79ErgoseCLhZYmEZnz9kQg1Rp7j=4vC38p4bz7XyiXrk6HtaooUqwxTWKocf45cstASGtmrD398biNJnmTcUCVEojE7wVQvgdYbjHJqRFZPpzfCQpmUN
|
|
|
|
{"blockhash":"5Tx8F3jgSHx21CbtjwmdaKPLM5tWmreWAnPrbqHomSJF","signers":["FhtzLVsmcV7S5XqGD79ErgoseCLhZYmEZnz9kQg1Rp7j=4vC38p4bz7XyiXrk6HtaooUqwxTWKocf45cstASGtmrD398biNJnmTcUCVEojE7wVQvgdYbjHJqRFZPpzfCQpmUN"]}'
|
|
```
|
|
|
|
## Submitting Offline Signed Transactions to the Network
|
|
|
|
To submit a transaction that has been signed offline to the network, pass the
|
|
following arguments on the command line
|
|
1) `--blockhash BASE58_HASH`, must be the same blockhash as was used to sign
|
|
2) `--signer BASE58_PUBKEY=BASE58_SIGNATURE`, one for each offline signer. This
|
|
includes the pubkey/signature pairs directly in the transaction rather than
|
|
signing it with any local keypair(s)
|
|
|
|
### Example: Submitting an Offline Signed Payment
|
|
|
|
Command
|
|
|
|
```bash
|
|
solana@online$ solana pay --blockhash 5Tx8F3jgSHx21CbtjwmdaKPLM5tWmreWAnPrbqHomSJF \
|
|
--signer FhtzLVsmcV7S5XqGD79ErgoseCLhZYmEZnz9kQg1Rp7j=4vC38p4bz7XyiXrk6HtaooUqwxTWKocf45cstASGtmrD398biNJnmTcUCVEojE7wVQvgdYbjHJqRFZPpzfCQpmUN
|
|
recipient-keypair.json 1
|
|
```
|
|
|
|
Output
|
|
|
|
```text
|
|
4vC38p4bz7XyiXrk6HtaooUqwxTWKocf45cstASGtmrD398biNJnmTcUCVEojE7wVQvgdYbjHJqRFZPpzfCQpmUN
|
|
```
|
|
|
|
## Buying More Time to Sign
|
|
|
|
Typically a Solana transaction must be signed and accepted by the network within
|
|
a number of slots from the blockhash in its `recent_blockhash` field (~2min at
|
|
the time of this writing). If your signing procedure takes longer than this, a
|
|
[Durable Transaction Nonce](durable-nonce.md) can give you the extra time you
|
|
need.
|