Every Block Producer needs to be able to manage his keys in a secure and efficient manner for a sake of his own security and security of the EOS Blockchain.
As a best practice every BP account must use 4 key pairs:
- Owner keys - is the ultimate golden key proving ownership that you store security and hope to never need to use it.
- Active keys - used for signing and executing transactions and actions on a network. Should be kept secure.
- Signature keys - separate key pair used only for signing blocks and can not perform any other operation.
- Claim keys - separate key pair used only to claim rewards action but can not send transactions.
If you currently have your active key listed in your config.ini for signing blocks - you need to stop it and replace it with a separate Signature key following these simple three steps process:
Create new key pair to be assigned as Signature key:
cleos create key
Replace signature provider record in your config.ini with the new key:
signature-provider = EOS-SIGNATURE-PUBLIC-KEY=KEY:SIGNATURE-PRIVATE-KEY
Call regproducer command with the new signature key:
cleos system regproducer [PRODUCER-NAME] [EOS-SIGNATURE-PUBLIC-KEY] {PRODUCER_URL] [COUNTRY_CODE]
Example:
cleos system regproducer eostribeprod EOS7gD4EXA96SEQ9RQrLfbU19tLHmGPcJXSPXdkrQh4bCkUghg6QE https://eostribe.io 840
Restart your producer node after completing above steps. If you are an active Block Producer - you may want to do those steps as quickly as possible to avoid missing blocks.
Again if you have done this already as I believe is the case for top BPs - good job!
And if you have not - please implement these steps as soon as you can.
We will be auditing all top 21 BPs for their usage of keys and publishing report by August 1st, 2018.
The process for setting up separate Claim key is described in my personal post earlier:
https://steemit.com/eos/@eluzgin/how-to-set-special-claim-keys-for-block-producer
The Claim key allows you to automate the claim process or delegate this task to someone without disclosing your BP account active key.
Additional information and best practice guides by other BPs:
https://medium.com/@bensig/eos-block-producer-guide-51b8194283b8
https://steemit.com/eos/@blockmatrix/keeping-our-producing-nodes-safe
Great work!!
Looking forward to your Top 21 BP audit report @eostribe.
Good job. These steps are important to me as a user, knowing that BP'S are practising safe key handling. You're setting a fantastic example of what a top notch BP should be doing and sharing your knowledge with the rest of the BP'S. You got my respect and my trust.
Thanks for sharing EOS Tribe, we completely agree, every Block Producer should have a robust private key management.
Here are a few more articles/references about key permissions:
GenerEOS on how to create MultiSig Account
https://steemit.com/eos/@genereos/eosio-multisig-tutorial-video
EOS Canada to create claimer key (for single action / "throw away keys")
https://github.com/eoscanada/eos-claimer
I love seeing these types of activities. Great job!
Much respect to Eugene. EOS Teacher.