Cold transaction signing is a process in which the account keys are only used in an offline machine.
beempy (github) can be used for this purpose. It can be installed by
pip3 install beem
Check the github readme for more information.
Check your nodes
should show that we are on hive. If not change it by
beempy updatenodes --hive
Store the unsigned transaction as json
We will use the
-xd -e 3600 as parameter, which will prevent signing and broadcasting (
-xd) and set the expire time to 1 hour (
For this example, we will transfer 1 HIVE from holger80 to beempy.
On windows, we need to copy the output from beempy and store it in a file e.g.
beempy -xd -e 3600 transfer -a holger80 beempy 1 HIVE test
For linux, you can use the
beempy -xd -e 3600 transfer -a holger80 beempy 1 HIVE test > transfer.json
Now you can validate the transaction and check the amount and the account name. You have now 1 hour to sign and broadcast the signed transaction to the network.
Sign the transaction on the offline machine
We need now to copy the file to the offline machine. This machine has also beempy installed.
The following command will sign the transaction and we will be asked to enter a key. It is either possible to directly enter the necessary account key or when the key has already been stored, the wallet password can be entered.
beempy sign -i transfer.json -o sign_transfer.json
We have now a signed transfer, which we will broadcast in the next step.
Broadcasting the signed transaction
In the last step, we can now broadcast the signed transaction on a machine with internet connection. This needs to be done within 1 hour. The
broadcast command do not need any keys.
beempy broadcast --file sign_transfer.json
It has worked:
Changing the account recovery
Using cold transaction signing is a good idea when using the owner key, as for example for changing the account recovery.
beempy -xd -e 3600 changerecovery -a holger80 account.recovery
will create a transaction which will change the recovery account from holger80 to account.recovery.The transaction can be signed and broadcasted as shown above.