EOS BP guide on how to setup a block signing key

in #eos6 years ago (edited)

EOS BP Security Statement.png

Every Block Producer needs to be able to manage his keys in a secure and efficient manner for a sake of his own security and security of the EOS Blockchain.

As a best practice every BP account must use 4 key pairs:

  1. Owner keys - is the ultimate golden key proving ownership that you store security and hope to never need to use it.
  2. Active keys - used for signing and executing transactions and actions on a network. Should be kept secure.
  3. Signature keys - separate key pair used only for signing blocks and can not perform any other operation.
  4. Claim keys - separate key pair used only to claim rewards action but can not send transactions.

If you currently have your active key listed in your config.ini for signing blocks - you need to stop it and replace it with a separate Signature key following these simple three steps process:

Create new key pair to be assigned as Signature key:

cleos create key

Replace signature provider record in your config.ini with the new key:

signature-provider = EOS-SIGNATURE-PUBLIC-KEY=KEY:SIGNATURE-PRIVATE-KEY

Call regproducer command with the new signature key:

cleos system regproducer [PRODUCER-NAME] [EOS-SIGNATURE-PUBLIC-KEY] {PRODUCER_URL] [COUNTRY_CODE]

Example:

cleos system regproducer eostribeprod EOS7gD4EXA96SEQ9RQrLfbU19tLHmGPcJXSPXdkrQh4bCkUghg6QE https://eostribe.io 840

Restart your producer node after completing above steps. If you are an active Block Producer - you may want to do those steps as quickly as possible to avoid missing blocks.

Again if you have done this already as I believe is the case for top BPs - good job!
And if you have not - please implement these steps as soon as you can.

We will be auditing all top 21 BPs for their usage of keys and publishing report by August 1st, 2018.

The process for setting up separate Claim key is described in my personal post earlier:

https://steemit.com/eos/@eluzgin/how-to-set-special-claim-keys-for-block-producer

The Claim key allows you to automate the claim process or delegate this task to someone without disclosing your BP account active key.

Sort:  

Good job. These steps are important to me as a user, knowing that BP'S are practising safe key handling. You're setting a fantastic example of what a top notch BP should be doing and sharing your knowledge with the rest of the BP'S. You got my respect and my trust.

Thanks for sharing EOS Tribe, we completely agree, every Block Producer should have a robust private key management.

Here are a few more articles/references about key permissions:

GenerEOS on how to create MultiSig Account
https://steemit.com/eos/@genereos/eosio-multisig-tutorial-video

EOS Canada to create claimer key (for single action / "throw away keys")
https://github.com/eoscanada/eos-claimer

I love seeing these types of activities. Great job!

Much respect to Eugene. EOS Teacher.