Parallel Universe
  • Learn
    • Introduction to PUT
    • Getting started with PUT
  • Architecture
    • What is a PUT Cluster?
    • Clusters
      • PUT Clusters
      • RPC Endpoints
      • Benchmark a Cluster
      • Performance Metrics
    • Consensus
      • Synchronization
      • Leader Rotation
      • Fork Generation
      • Managing Forks
      • Turbine Block Propagation
      • Commitment Status
      • Secure Vote Signing
      • Stake Delegation and Rewards
    • Validators
      • Overview
      • TPU
      • TVU
      • Blockstore
      • Gossip Service
      • The Runtime
  • CLI
    • Command-line Guide
    • Install the PUT Tool Suite
    • Command-line Wallets
      • Command Line Wallets
      • Paper Wallet
      • File System Wallet
      • Support / Troubleshooting
    • Using PUT CLI
    • Connecting to a Cluster
    • Send and Receive Tokens
    • Staking
    • Deploy a Program
    • Offline Transaction Signing
    • Durable Transaction Nonces
    • CLI Usage Reference
  • Developers
    • Get Started
      • Hello World
      • Local development
      • Rust program
    • Core Concepts
      • Accounts
      • Transactions
        • Overview
        • Versioned Transactions
        • Address Lookup Tables
      • Programs
      • Rent
      • Calling between programs
      • Runtime
    • Clients
      • JSON RPC API -1
      • JSON RPC API -2
      • JSON RPC API -3
      • Web3 JavaScript API
      • Web3 API Reference
      • Rust API
    • Writing Programs
      • Overview
      • Developing with Rust
      • Deploying
      • Debugging
      • Program Examples
      • FAQ
    • Native Programs
      • Overview
      • Sysvar Cluster Data
    • Local Development
      • PUT Test Validator
    • Backward Compatibility Policy
  • Validators
    • Running a Validator
    • Getting Started
      • Validator Requirements
    • Voting Setup
      • Starting a Validator
      • Vote Account Management
      • Staking
      • Monitoring a Validator
      • Publishing Validator Info
      • Failover Setup
      • Troubleshooting
    • Geyser
      • Geyser Plugins
  • Staking
    • Staking on PUT
    • Stake Account Structure
  • Integrations
    • Add PUT to Your Exchange
    • Retrying Transactions
  • Library
    • Introduction
    • Token Program
    • Associated Token Account Program
    • Memo Program
    • Name Service
    • Feature Proposal Program
    • NFT Program
      • Overview
      • Interface
      • Usage Guidelines
        • Create a new NFT-Mint
        • Cast NFT
        • Transfer an NFT
        • Change account status
        • Permission settings
        • Query Interface
        • Continuous casting
        • Change the Mint attribute
      • Operation Overview
        • Create a new NFT-Mint
        • Transfer NFT
        • Destroy
        • Freeze NFT accounts
        • Update
    • PUT multi-sign program
      • Overview
      • Interface
      • Usage Guidelines
        • Create a multi-signature account
        • Create a proposal account
        • Vote proposal
        • Verify Proposal
        • Add-singer
        • Remove-signer
      • Operation Overview
        • Create a multi-signature account
        • Create a proposal account
        • Vote
        • Verify
        • Add-singer
        • Remove-signer
  • PUT Privacy Policy
Powered by GitBook
On this page
  • Offline Transaction Signing
  • Commands Supporting Offline Signing#
  • Signing Transactions Offline
  • Example: Offline Signing a Payment
  • Submitting Offline Signed Transactions to the Network
  • Example: Submitting an Offline Signed Payment
  • Offline Signing Over Multiple Sessions
  • Example: Transfer with Two Offline Signing Sessions
  • Buying More Time to Sign
  1. CLI

Offline Transaction Signing

Offline Transaction Signing

Some security models require keeping signing keys, and thus the signing process, separated from transaction creation and network broadcast.

Examples include:

  • Collecting signatures from geographically disparate signers in a multi-signature scheme

  • Signing transactions using an airgapped signing device

This document describes using PUT's CLI to separately sign and submit a transaction.

Commands Supporting Offline Signing#

At present, the following commands support offline signing:

  • create-stake-account

  • create-stake-account-checked

  • deactivate-stake

  • delegate-stake

  • split-stake

  • stake-authorize

  • stake-authorize-checked

  • stake-set-lockup

  • stake-set-lockup-checked

  • transfer

  • withdraw-stake

  • create-vote-account

  • vote-authorize-voter

  • vote-authorize-voter-checked

  • vote-authorize-withdrawer

  • vote-authorize-withdrawer-checked

  • vote-update-commission

  • vote-update-validator

  • withdraw-from-vote-account

Signing Transactions Offline

To sign a transaction offline, pass the following arguments on the command line

  1. --sign-only, prevents the client from submitting the signed transaction to the network. Instead, the pubkey/signature pairs are printed to stdout.

  2. --blockhash BASE58_HASH, allows the caller to specify the value used to fill the transaction's recent_blockhash field. This serves a number of purposes, namely: Eliminates the need to connect to the network and query a recent blockhash via RPC Enables the signers to coordinate the blockhash in a multiple-signature scheme

Example: Offline Signing a Payment

Command

put@offline$ put transfer --sign-only --blockhash 5Tx8F3jgSHx21CbtjwmdaKPLM5tWmreWAnPrbqHomSJF \
    recipient-keypair.json 1

Output

Blockhash: 5Tx8F3jgSHx21CbtjwmdaKPLM5tWmreWAnPrbqHomSJF
Signers (Pubkey=Signature):
  FhtzLVsmcV7S5XqGD79ErgoseCLhZYmEZnz9kQg1Rp7j=4vC38p4bz7XyiXrk6HtaooUqwxTWKocf45cstASGtmrD398biNJnmTcUCVEojE7wVQvgdYbjHJqRFZPpzfCQpmUN

{"blockhash":"5Tx8F3jgSHx21CbtjwmdaKPLM5tWmreWAnPrbqHomSJF","signers":["FhtzLVsmcV7S5XqGD79ErgoseCLhZYmEZnz9kQg1Rp7j=4vC38p4bz7XyiXrk6HtaooUqwxTWKocf45cstASGtmrD398biNJnmTcUCVEojE7wVQvgdYbjHJqRFZPpzfCQpmUN"]}'

Submitting Offline Signed Transactions to the Network

To submit a transaction that has been signed offline to the network, pass the following arguments on the command line

  1. --blockhash BASE58_HASH, must be the same blockhash as was used to sign

  2. --signer BASE58_PUBKEY=BASE58_SIGNATURE, one for each offline signer. This includes the pubkey/signature pairs directly in the transaction rather than signing it with any local keypair(s)

Example: Submitting an Offline Signed Payment

Command

put@online$ put transfer --blockhash 5Tx8F3jgSHx21CbtjwmdaKPLM5tWmreWAnPrbqHomSJF \
    --signer FhtzLVsmcV7S5XqGD79ErgoseCLhZYmEZnz9kQg1Rp7j=4vC38p4bz7XyiXrk6HtaooUqwxTWKocf45cstASGtmrD398biNJnmTcUCVEojE7wVQvgdYbjHJqRFZPpzfCQpmUN
    recipient-keypair.json 1

Output

4vC38p4bz7XyiXrk6HtaooUqwxTWKocf45cstASGtmrD398biNJnmTcUCVEojE7wVQvgdYbjHJqRFZPpzfCQpmUN

Offline Signing Over Multiple Sessions

Offline signing can also take place over multiple sessions. In this scenario, pass the absent signer's public key for each role.

All pubkeys that were specified, but no signature was generated for will be listed as absent in the offline signing output

Example: Transfer with Two Offline Signing Sessions

Command (Offline Session #1)

put@offline1$ put transfer Fdri24WUGtrCXZ55nXiewAj6RM18hRHPGAjZk3o6vBut 10 \
--blockhash 7ALDjLv56a8f6sH6upAZALQKkXyjAwwENH9GomyM8Dbc \
--sign-only \
--keypair fee_payer.json \
--from 674RgFMgdqdRoVtMqSBg7mHFbrrNm1h1r721H1ZMquHL

Output (Offline Session #1)

Blockhash: 7ALDjLv56a8f6sH6upAZALQKkXyjAwwENH9GomyM8Dbc
Signers (Pubkey=Signature):
    3bo5YiRagwmRikuH6H1d2gkKef5nFZXE3gJeoHxJbPjy=ohGKvpRC46jAduwU9NW8tP91JkCT5r8Mo67Ysnid4zc76tiiV1Ho6jv3BKFSbBcr2NcPPCarmfTLSkTHsJCtdYi
  Absent Signers (Pubkey):
    674RgFMgdqdRoVtMqSBg7mHFbrrNm1h1r721H1ZMquHL

Command (Offline Session #2)

put@offline2$ put transfer Fdri24WUGtrCXZ55nXiewAj6RM18hRHPGAjZk3o6vBut 10 \
  --blockhash 7ALDjLv56a8f6sH6upAZALQKkXyjAwwENH9GomyM8Dbc \
  --sign-only \
  --keypair from.json \
  --fee-payer 3bo5YiRagwmRikuH6H1d2gkKef5nFZXE3gJeoHxJbPjy

Output (Offline Session #2)

Blockhash: 7ALDjLv56a8f6sH6upAZALQKkXyjAwwENH9GomyM8Dbc
Signers (Pubkey=Signature):
  674RgFMgdqdRoVtMqSBg7mHFbrrNm1h1r721H1ZMquHL=3vJtnba4dKQmEAieAekC1rJnPUndBcpvqRPRMoPWqhLEMCty2SdUxt2yvC1wQW6wVUa5putZMt6kdwCaTv8gk7sQ
Absent Signers (Pubkey):3bo5YiRagwmRikuH6H1d2gkKef5nFZXE3gJeoHxJbPjy

Command (Online Submission)

put@online$ put transfer Fdri24WUGtrCXZ55nXiewAj6RM18hRHPGAjZk3o6vBut 10 \
  --blockhash 7ALDjLv56a8f6sH6upAZALQKkXyjAwwENH9GomyM8Dbc \
  --from 674RgFMgdqdRoVtMqSBg7mHFbrrNm1h1r721H1ZMquHL \
  --signer 674RgFMgdqdRoVtMqSBg7mHFbrrNm1h1r721H1ZMquHL=3vJtnba4dKQmEAieAekC1rJnPUndBcpvqRPRMoPWqhLEMCty2SdUxt2yvC1wQW6wVUa5putZMt6kdwCaTv8gk7sQ \
  --fee-payer 3bo5YiRagwmRikuH6H1d2gkKef5nFZXE3gJeoHxJbPjy \
  --signer 3bo5YiRagwmRikuH6H1d2gkKef5nFZXE3gJeoHxJbPjy=ohGKvpRC46jAduwU9NW8tP91JkCT5r8Mo67Ysnid4zc76tiiV1Ho6jv3BKFSbBcr2NcPPCarmfTLSkTHsJCtdYi

Output (Online Submission)

ohGKvpRC46jAduwU9NW8tP91JkCT5r8Mo67Ysnid4zc76tiiV1Ho6jv3BKFSbBcr2NcPPCarmfTLSkTHsJCtdYi

Buying More Time to Sign

Typically a PUT transaction must be signed and accepted by the network within a number of slots from the blockhash in its recent_blockhash field (~1min at the time of this writing). If your signing procedure takes longer than this, a Durable Transaction Nonce can give you the extra time you need.

PreviousDeploy a ProgramNextDurable Transaction Nonces

Last updated 2 years ago