Clef External Signer
Bee makes use of Go Ethereum's external signer, Clef.
Because Bee must sign a lot of transactions automatically and quickly, a Bee specific version of Clef, Bee-clef has been packaged which includes all the relevant configuration and implements the specific configuration needed to make Clef work with Bee.
caution
Clef will create a new Ethereum key pair for you during installation. Make sure you keep a backup of your key pair somewhere safe and secure!
#
PackagesBee clef can be installed automatically using your system's package manager.
#
Ubuntu / Raspbian / Debian#
AMD64#
ARM (Raspberry Pi)#
ARMv7#
ARM64#
CentOS#
AMD64#
ARM (Raspberry Pi)#
ARMv7#
ARM64#
MacOSTo run Bee Clef as a service now and on startup, run:
#
Configuring Bee-clefConfiguration files are stored in /etc/bee-clef/
Under a normal/default package install, there wont be any configuration changes necessary to start using bee-clef.
#
Interact With ClefOnce Clef has been installed, it will begin running as a service using systemd
.
To check Clef is running ok, we may use systemctl
to query the status of the bee-clef
service.
And if you want to follow it's logs, you can use:
When Bee-clef first starts, you should see something very similar to the following:
info
This line can be safely ignored, there is no action required: {"jsonrpc":"2.0","id":1,"method":"ui_onInputRequired","params":[{"title":"Master Password","prompt":"Please enter the password to decrypt the master seed","isPassword":true}]}
As soon as bee
starts interacting with bee-clef
you should start to see log messages populate, for a regularly active and connected node they will appear every few seconds:
#
Data LocationsKey material and other data is stored in /var/lib/bee-clef/
info
Bee can communicate with Bee-clef in a variety of ways. The default way, if installed via the packages, will use an Inter-process communication (IPC) file. This is a special file that Bee-clef creates on startup that Bee will use to send requests back-and-forth. When the Bee-clef service is running you'll notice that a /var/lib/bee-clef/clef.ipc
file is created.
#
Manual InstallationTo install Clef manually, first retrieve the relevant Clef binary from Ethereum's Geth & Tools download page, or build directly from the source.
Because Bee needs Clef to sign many transactions automatically, we must run Clef as a service with relaxed permissions and rules set. To ensure Clef only signs transactions from Bee, we must protect the clef.ipc
file by creating a Bee user and setting permissions so that it is only possible for this user to make use of the ipc socket.
Additionally, Clef requires transaction signatures for the Bee's chequebook interaction.
A shell script automating the post-initialisation permission changing and including the Clef config, clef-service
, as well as the 4byte.json
transaction signature file and rules.js
file can all be found in the Bee-clef repository.
Finally, once Clef is running, simply configure your Bee node to enable Clef using --clef-signer-enable
and point Bee to the correct ipc socket using --clef-signer-endpoint
.