If I have signed a key from Public key authority or public key certificate how can I cancel it?
And here some pictures which shows how public key authority and public key certificate works
In the environment you described and illustrated in your question, in order to initiate a encrypted comunication, the Initiator has to encrypt the data with the Responder public key, so when the Responder receives a message, will be able to decrypt it with its private key.
So the authorities described in the diagrams, play the roles of public-key distribution, and trust authority, confirming that users are really who they say they are. This means that by uploading a public key or sign ing a public certificate with these authorities, you are just providing other users/machines a mechanism to comunicate with you in a secure maner.
If you want to cancel that public key/certificate from being available, or in other words, prevent your key/certificate to be available to anyone to initiate a secure comunication with you, is the authority who has control over it, becasue it lies in their database, and this is why, you should ask them to revoke the key or the certificate.
Related
On the ethers documentation, it says that the two most commons signers are:
Wallet, which is a class which knows its private key and can execute any operations with it.
JsonRpcSigner, which is connected to a JsonRpcProvider (or sub-class) and is acquired using getSigner
What I'm having trouble understanding is how a JsonRpcSigner is created when the provider is a web3provider (i.e., MetaMask). Doesn't a web3provider know its private key and should therefore return a Wallet when provider.getSigner() is run?
The Wallet singer is used when your ethers.js instance knows the private key directly.
Since MetaMask doesn't share the key with other applications, ethers.js uses the JsonRpcSigner to be able to request the local MetaMask instance over its API to sign the transaction when needed, and then receive the signed transaction back, without ethers.js ever knowing the key.
I think the Wallet subclass of abstract signer has both the sign and signMessage methods, but JsonRpcSigner (what you get from provider.getSigner()) does not. The use case is I'm trying to sign a transaction using sign from metamask for instance and then submit it later.
I've been trying to make an NFT marketplace with the functionality of auctioning an item. But I don't know how to achieve this via signing transaction.
I have tried to use almost every method of signing from web3.js, but it requires the private key of the user.
However there's the function web3.eth.signTransaction which doesn't require any private key to sign the transaction, but it gives an error on the console. saying : Error: The method 'eth_signTransaction' does not exist / is not available.
Can someone give me an overview of how this signing and sending transaction can be done implementing the functionality of auctioning an nft like nft marketplaces: opensea or foundation.
From the docs:
Signs a transaction. This account needs to be unlocked.
It doesn't require the private key, but it requires the account (that is used for signing the transaction) to be unlocked on the node. Which means the node needs to hold the private key to unlock the account.
It's usually allowed on local nodes such as Ganache or private nodes.
And public nodes such as Infura usually disable this functionality (hence the error message "eth_signTransaction is not available") since they don't store your private keys.
You can ask the user to sign the transaction using their wallet. For example using MetaMask (or any other wallet implementing the Ethereum provider API):
const transactionParameters = {
from: ethereum.selectedAddress, // must match user's active address
to: 'your address'
};
await ethereum.request({
method: 'eth_sendTransaction',
params: [transactionParameters],
});
Currently going over MCD Doc's 'Creating a Value' section.
It requires one to set the Infura api key as well as a private key. Currently, I have a MetaMask account with test ether (Kovan) inside it. Yet, MetaMask only seems to allow you to reveal the private key through a 12-keyword seed phrase. How could I convert this phrase into the proper private key that the MCD docs is looking for (which I assume in this case is just a 64 hexadecimal string)?
Metamask allows to export the private key.
Go to your account, select details. It will show your address and QR code. Below there is a "Export your private key" menu, after typing Metamask password it will reveal the private key.
For example, I have a game, and I want the players to interact, only through the application. But they can call functions if they just copy the ABI and contact address.
Is there any case to allow call public contract functions only through the application, using some kind of secret token? But I don’t know how to make such a secret token in the public blockchain.
If secret token related logic is included in contract, that can be visible to anyone who runs node, so it seems to be difficult.
Normal web server can use cookie and domain name checking etc to protect api, but smart contract cannot access data outside contract, and data inside contracts are visible, so password protection is difficult.
Only possible solution seems using cryptographic digital signature, and use proxy server.
Proxy server control request from application, and create signed request to smart contract which permits request only from proxy server.
(1) One way to handle this is to sign the transactions yourself instead of having the user do it. You can add a modifier to the function like onlyAdmin and designate your app's account address as the admin. Then those functions will revert if called by anyone else.
The problem with this is you will have to pay gas and have mechanisms in your game to ensure that users can not exploit usage of your signing key.
function doSomething(bytes32 userId) public onlyAdmin {
// ...
}
(2)
The other thing you can do is set a value that gets hashed in the function, then verify that hash. In the game you can give the user the value that will pass verification, downside is you will have to make sure to update the hash after each use.
To do this you can emit an Event and listen for it then send a tx to update the appHash, but this costs you gas and may expose you to a timing attack depending on what the rest of your implementation is like.
You could also set the function to a locked state which you then unlock by resetting the appHash, but again this requires work and gas on your end.
bytes32 public appHash = '1s2a3d4g';
function doSomething(appSecret bytes32) public {
require(keccak256(appSecret) == appHash);
// ...
emit didSomething(msg.sender, appSecret);
}
With lock
bytes32 public appHash = '1s2a3d4g';
bool public locked = false;
function doSomething(bytes32 appSecret) public {
require(keccak256(appSecret) == appHash);
require(locked == false);
// ...
locked = true;
}
function unlock(bytes32 nextAppHash) public onlyAdmin {
appHash = nextAppHash;
locked = false;
}
As I understand when using web3.eth.accounts.create(), it doesn't add the account to chain (I'm using ganache-cli for testing), but web3.eth.personal.newAccount() does.
Is it the main purpose or is it a bug?
Is there other differences?
web3.js version: 1.0.0-beta.34
Both versions create a new account on the blockchain. The difference is how you interact with the node and having access to the private key. If you have a local node, you can use web3.eth.accounts.create which will create the account and provide you access to the private key generate so it can be stored locally. However, since returning the private key over a connection isn’t secure, you should never use this approach to create an account if you connect through a provider like Infura.
On the other hand, you can use web3.eth.personal to create a new account on a remote node. In this case, the private key will not be returned to you, so you lose some flexibility with accessing your account. When you don’t have the private key, you can’t sign transactions locally. In order to run transactions, you have to call unlockAccount on the remote node. Note that you have to send your password to create/unlock your account using web3.eth.personal, so you still need to make sure you using a secure connection.
Review this Medium blog post for additional info.