Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for building transactions with multiple signers who aren't the source account #1264

Open
leighmcculloch opened this issue Mar 20, 2024 · 3 comments
Open

Add support for building transactions with multiple signers who aren't the source account #1264

leighmcculloch opened this issue Mar 20, 2024 · 3 comments

Comments

@leighmcculloch
Copy link
Member

leighmcculloch commented Mar 20, 2024
edited

What

The CLI needs to support for adding a different signer or multiple signers to a transaction without any of those signers being the source account.

Why

The CLI today assumes that the signer of a transaction is the master key of the source account. This is fine for development and for simpler user key setups, but doesn't support more complex signers configurations that the Stellar accounts of organizations (e.g. asset issuers) and security sensitive individuals.

To address those advanced needs the CLI should support constructing transactions that are signed by a different key than the source account, and support being signed by multiple keys.

How

Add a new option --signer that is supported anywhere that --source is supported.

The --signer option can appear zero, one, or many times.

When a --signer is not present, the --source is also the signer.

When a --signer is present one or many, the --source is not a signer, and each signer is looked up separately and signs the transaction in sequence.

Examples

For example, today the CLI supports, and it would continue to support:

soroban contract deploy --wasm ... --source me

And for example, a user should be able to sign the tx with a different key than the source:

soroban contract deploy --wasm ... --source me --signer myotherkey

And for example, a user should also be able to specify multiple keys:

soroban contract deploy --wams ... --source me --signer myotherkey --signer mysecondkey

This change makes the first example in the issue above shorthand for:

soroban contract deploy --wasm ... --source me --signer me

Notes

Note that the use of multiple keys/signers located on a local machine doesn't really increase security, and so the importance of supporting multiple keys is significantly less than the importance of supporting a different key. The critically important feature of this issue is to support a different key for signing. But it's a natural extension to support multiple, and a tiny effort to add it in conjunction.
@tomerweller
Copy link

What if the user doesn't want to sign with any key? they just want to go through the build->simulate flow and then take the tx XDR and sign elsewhere?

@leighmcculloch
Copy link
Member Author

I think we should capture that in a separate issue. I'm hoping once #1180 gets broken up into two issues that the issue that comes out of that for skipping signing on any tx built will involve adding a --no-sign or --sign false.

@leighmcculloch
Copy link
Member Author

@tomerweller A separate issue now captures supporting that scenario: #1265

@leighmcculloch leighmcculloch mentioned this issue Mar 20, 2024
Closed
@leighmcculloch leighmcculloch mentioned this issue May 10, 2024
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
DevX
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
2 participants
@leighmcculloch @tomerweller