headrush
/
go-ethereum
forked from mirror/go-ethereum
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[DOCS] Apply clef docs updates from master (#21302)

Browse Source
gh-pages
chris-j-h 5 years ago committed by GitHub
parent 4b06034376
commit 608d791f4d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 163 additions and 188 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 16
      docs/_clef/Setup.md
  2. 18
      docs/_clef/Tutorial.md
  3. 299
      docs/_clef/apis.md
  4. 2
      docs/_clef/datatypes.md

16
docs/_clef/Setup.md
Unescape View File

@ -38,7 +38,7 @@ There are two ways that this can be achieved: integrated via Qubes or integrated
#### 1. Qubes Integrated #### 1. Qubes Integrated
Qubes provdes a facility for inter-qubes communication via `qrexec`. A qube can request to make a cross-qube RPC request Qubes provides a facility for inter-qubes communication via `qrexec`. A qube can request to make a cross-qube RPC request
to another qube. The OS then asks the user if the call is permitted. to another qube. The OS then asks the user if the call is permitted.
![Example](qrexec-example.png) ![Example](qrexec-example.png)
@ -52,7 +52,7 @@ This is how [Split GPG](https://www.qubes-os.org/doc/split-gpg/) is implemented.
![Clef via qrexec](clef_qubes_qrexec.png) ![Clef via qrexec](clef_qubes_qrexec.png)
On the `target` qubes, we need to define the rpc service. On the `target` qubes, we need to define the RPC service.
[qubes.Clefsign](qubes.Clefsign): [qubes.Clefsign](qubes.Clefsign):
@ -139,11 +139,11 @@ $ cat newaccnt.json
$ cat newaccnt.json| qrexec-client-vm debian-work qubes.Clefsign $ cat newaccnt.json| qrexec-client-vm debian-work qubes.Clefsign
``` ```
This should pop up first a dialog to allow the IPC call: A dialog should pop up first to allow the IPC call:
![one](qubes_newaccount-1.png) ![one](qubes_newaccount-1.png)
Followed by a GTK-dialog to approve the operation Followed by a GTK-dialog to approve the operation:
![two](qubes_newaccount-2.png) ![two](qubes_newaccount-2.png)
@ -173,7 +173,7 @@ However, it comes with a couple of drawbacks:
- The `Origin` header must be forwarded - The `Origin` header must be forwarded
- Information about the remote ip must be added as a `X-Forwarded-For`. However, Clef cannot always trust an `XFF` header, - Information about the remote ip must be added as a `X-Forwarded-For`. However, Clef cannot always trust an `XFF` header,
since malicious clients may lie about `XFF` in order to fool the http server into believing it comes from another address. since malicious clients may lie about `XFF` in order to fool the http server into believing it comes from another address.
- Even with a policy in place to allow rpc-calls between `caller` and `target`, there will be several popups: - Even with a policy in place to allow RPC calls between `caller` and `target`, there will be several popups:
- One qubes-specific where the user specifies the `target` vm - One qubes-specific where the user specifies the `target` vm
- One clef-specific to approve the transaction - One clef-specific to approve the transaction
@ -181,7 +181,7 @@ However, it comes with a couple of drawbacks:
#### 2. Network integrated #### 2. Network integrated
The second way to set up Clef on a qubes system is to allow networking, and have Clef listen to a port which is accessible The second way to set up Clef on a qubes system is to allow networking, and have Clef listen to a port which is accessible
form other qubes. from other qubes.
![Clef via http](clef_qubes_http.png) ![Clef via http](clef_qubes_http.png)
@ -190,13 +190,13 @@ form other qubes.
## USBArmory ## USBArmory
The [USB armory](https://inversepath.com/usbarmory) is an open source hardware design with an 800 Mhz ARM processor. It is a pocket-size The [USB armory](https://inversepath.com/usbarmory) is an open source hardware design with an 800 MHz ARM processor. It is a pocket-size
computer. When inserted into a laptop, it identifies itself as a USB network interface, basically adding another network computer. When inserted into a laptop, it identifies itself as a USB network interface, basically adding another network
to your computer. Over this new network interface, you can SSH into the device. to your computer. Over this new network interface, you can SSH into the device.
Running Clef off a USB armory means that you can use the armory as a very versatile offline computer, which only Running Clef off a USB armory means that you can use the armory as a very versatile offline computer, which only
ever connects to a local network between your computer and the device itself. ever connects to a local network between your computer and the device itself.
Needless to say, the while this model should be fairly secure against remote attacks, an attacker with physical access Needless to say, while this model should be fairly secure against remote attacks, an attacker with physical access
to the USB Armory would trivially be able to extract the contents of the device filesystem. to the USB Armory would trivially be able to extract the contents of the device filesystem.

18
docs/_clef/Tutorial.md
Unescape View File

@ -5,7 +5,7 @@ sort_key: A
## Initializing Clef ## Initializing Clef
First thing's first, Clef needs to store some data itself. Since that data might be sensitive (passwords, signing rules, accounts), Clef's entire storage is encrypted. To support encrypting data, the first step is to initialize Clef with a random master seed, itself too encrypted with your chosen password: First things first, Clef needs to store some data itself. Since that data might be sensitive (passwords, signing rules, accounts), Clef's entire storage is encrypted. To support encrypting data, the first step is to initialize Clef with a random master seed, itself too encrypted with your chosen password:
```text ```text
$ clef init $ clef init
@ -27,8 +27,8 @@ Enter 'ok' to proceed:
The master seed of clef will be locked with a password. The master seed of clef will be locked with a password.
Please specify a password. Do not forget this password! Please specify a password. Do not forget this password!
Passphrase: Password:
Repeat passphrase: Repeat password:
A master seed has been generated into /home/martin/.clef/masterseed.json A master seed has been generated into /home/martin/.clef/masterseed.json
@ -129,7 +129,7 @@ $ sha256sum rules.js
$ clef attest 645b58e4f945e24d0221714ff29f6aa8e860382ced43490529db1695f5fcc71c $ clef attest 645b58e4f945e24d0221714ff29f6aa8e860382ced43490529db1695f5fcc71c
Decrypt master seed of clef Decrypt master seed of clef
Passphrase: Password:
INFO [07-01|13:25:03.290] Ruleset attestation updated sha256=645b58e4f945e24d0221714ff29f6aa8e860382ced43490529db1695f5fcc71c INFO [07-01|13:25:03.290] Ruleset attestation updated sha256=645b58e4f945e24d0221714ff29f6aa8e860382ced43490529db1695f5fcc71c
``` ```
@ -198,12 +198,12 @@ In order to make more useful rules - like signing transactions - the signer need
```text ```text
$ clef setpw 0xd9c9cd5f6779558b6e0ed4e6acf6b1947e7fa1f3 $ clef setpw 0xd9c9cd5f6779558b6e0ed4e6acf6b1947e7fa1f3
Please enter a passphrase to store for this address: Please enter a password to store for this address:
Passphrase: Password:
Repeat passphrase: Repeat password:
Decrypt master seed of clef Decrypt master seed of clef
Passphrase: Password:
INFO [07-01|14:05:56.031] Credential store updated key=0xd9c9cd5f6779558b6e0ed4e6acf6b1947e7fa1f3 INFO [07-01|14:05:56.031] Credential store updated key=0xd9c9cd5f6779558b6e0ed4e6acf6b1947e7fa1f3
``` ```
@ -242,7 +242,7 @@ f163a1738b649259bb9b369c593fdc4c6b6f86cc87e343c3ba58faee03c2a178 rules.js
$ clef attest f163a1738b649259bb9b369c593fdc4c6b6f86cc87e343c3ba58faee03c2a178 $ clef attest f163a1738b649259bb9b369c593fdc4c6b6f86cc87e343c3ba58faee03c2a178
Decrypt master seed of clef Decrypt master seed of clef
Passphrase: Password:
INFO [07-01|14:11:28.509] Ruleset attestation updated sha256=f163a1738b649259bb9b369c593fdc4c6b6f86cc87e343c3ba58faee03c2a178 INFO [07-01|14:11:28.509] Ruleset attestation updated sha256=f163a1738b649259bb9b369c593fdc4c6b6f86cc87e343c3ba58faee03c2a178
``` ```

299
docs/_clef/apis.md
Unescape View File

@ -5,33 +5,27 @@ sort_key: C
### External API ### External API
The signer listens to HTTP requests on `rpcaddr`:`rpcport`, with the same JSONRPC standard as Geth. The messages are Clef listens to HTTP requests on `rpcaddr`:`rpcport` (or to IPC on `ipcpath`), with the same JSON-RPC standard as Geth. The messages are expected to be [JSON-RPC 2.0 standard](https://www.jsonrpc.org/specification).
expected to be JSON [jsonrpc 2.0 standard](http://www.jsonrpc.org/specification).
Some of these call can require user interaction. Clients must be aware that responses Some of these calls can require user interaction. Clients must be aware that responses may be delayed significantly or may never be received if a user decides to ignore the confirmation request.
may be delayed significantly or may never be received if a users decides to ignore the confirmation request.
The External API is **untrusted** : it does not accept credentials over this api, nor does it expect The External API is **untrusted**: it does not accept credentials, nor does it expect that requests have any authority.
that requests have any authority.
### UI API ### Internal UI API
The signer has one native console-based UI, for operation without any standalone tools. Clef has one native console-based UI, for operation without any standalone tools. However, there is also an API to communicate with an external UI. To enable that UI, the signer needs to be executed with the `--stdio-ui` option, which allocates `stdin` / `stdout` for the UI API.
However, there is also an API to communicate with an external UI. To enable that UI,
the signer needs to be executed with the `--stdio-ui` option, which allocates the
`stdin`/`stdout` for the UI-api.
An example (insecure) proof-of-concept of has been implemented in `pythonsigner.py`. An example (insecure) proof-of-concept of has been implemented in `pythonsigner.py`.
The model is as follows: The model is as follows:
* The user starts the UI app (`pythonsigner.py`). * The user starts the UI app (`pythonsigner.py`).
* The UI app starts the `signer` with `--stdio-ui`, and listens to the * The UI app starts `clef` with `--stdio-ui`, and listens to the
process output for confirmation-requests. process output for confirmation-requests.
* The `signer` opens the external http api. * `clef` opens the external HTTP API.
* When the `signer` receives requests, it sends a `jsonrpc` request via `stdout`. * When the `signer` receives requests, it sends a JSON-RPC request via `stdout`.
* The UI app prompts the user accordingly, and responds to the `signer` * The UI app prompts the user accordingly, and responds to `clef`.
* The `signer` signs (or not), and responds to the original request. * `clef` signs (or not), and responds to the original request.
### More resoruces ### More resoruces
@ -43,7 +37,7 @@ process output for confirmation-requests.
## External API ## External API
See the [external api changelog](https://github.com/ethereum/go-ethereum/blob/master/cmd/clef/extapi_changelog.md) for information about changes to this API. See the [external API changelog](https://github.com/ethereum/go-ethereum/blob/master/cmd/clef/extapi_changelog.md) for information about changes to this API.
### Encoding ### Encoding
@ -53,13 +47,11 @@ See the [external api changelog](https://github.com/ethereum/go-ethereum/blob/ma
All hex encoded values must be prefixed with `0x`. All hex encoded values must be prefixed with `0x`.
## Methods
### account_new ### account_new
#### Create new password protected account #### Create new password protected account
The signer will generate a new private key, encrypts it according to [web3 keystore spec](https://github.com/ethereum/wiki/wiki/Web3-Secret-Storage-Definition) and stores it in the keystore directory. The signer will generate a new private key, encrypt it according to [web3 keystore spec](https://github.com/ethereum/wiki/wiki/Web3-Secret-Storage-Definition) and store it in the keystore directory.
The client is responsible for creating a backup of the keystore. If the keystore is lost there is no method of retrieving lost accounts. The client is responsible for creating a backup of the keystore. If the keystore is lost there is no method of retrieving lost accounts.
#### Arguments #### Arguments
@ -68,7 +60,6 @@ None
#### Result #### Result
- address [string]: account address that is derived from the generated key - address [string]: account address that is derived from the generated key
- url [string]: location of the keyfile
#### Sample call #### Sample call
```json ```json
@ -80,14 +71,11 @@ None
} }
``` ```
Response Response
``` ```json
{ {
"id": 0, "id": 0,
"jsonrpc": "2.0", "jsonrpc": "2.0",
"result": { "result": "0xbea9183f8f4f03d427f6bcea17388bdff1cab133"
"address": "0xbea9183f8f4f03d427f6bcea17388bdff1cab133",
"url": "keystore:///my/keystore/UTC--2017-08-24T08-40-15.419655028Z--bea9183f8f4f03d427f6bcea17388bdff1cab133"
}
} }
``` ```
@ -103,8 +91,6 @@ None
#### Result #### Result
- array with account records: - array with account records:
- account.address [string]: account address that is derived from the generated key - account.address [string]: account address that is derived from the generated key
- account.type [string]: type of the
- account.url [string]: location of the account
#### Sample call #### Sample call
```json ```json
@ -115,21 +101,13 @@ None
} }
``` ```
Response Response
``` ```json
{ {
"id": 1, "id": 1,
"jsonrpc": "2.0", "jsonrpc": "2.0",
"result": [ "result": [
{ "0xafb2f771f58513609765698f65d3f2f0224a956f",
"address": "0xafb2f771f58513609765698f65d3f2f0224a956f", "0xbea9183f8f4f03d427f6bcea17388bdff1cab133"
"type": "account",
"url": "keystore:///tmp/keystore/UTC--2017-08-24T07-26-47.162109726Z--afb2f771f58513609765698f65d3f2f0224a956f"
},
{
"address": "0xbea9183f8f4f03d427f6bcea17388bdff1cab133",
"type": "account",
"url": "keystore:///tmp/keystore/UTC--2017-08-24T08-40-15.419655028Z--bea9183f8f4f03d427f6bcea17388bdff1cab133"
}
] ]
} }
``` ```
@ -137,10 +115,10 @@ Response
### account_signTransaction ### account_signTransaction
#### Sign transactions #### Sign transactions
Signs a transactions and responds with the signed transaction in RLP encoded form. Signs a transaction and responds with the signed transaction in RLP-encoded and JSON forms.
#### Arguments #### Arguments
2. transaction object: 1. transaction object:
- `from` [address]: account to send the transaction from - `from` [address]: account to send the transaction from
- `to` [address]: receiver account. If omitted or `0x`, will cause contract creation. - `to` [address]: receiver account. If omitted or `0x`, will cause contract creation.
- `gas` [number]: maximum amount of gas to burn - `gas` [number]: maximum amount of gas to burn
@ -148,12 +126,13 @@ Response
- `value` [number:optional]: amount of Wei to send with the transaction - `value` [number:optional]: amount of Wei to send with the transaction
- `data` [data:optional]: input data - `data` [data:optional]: input data
- `nonce` [number]: account nonce - `nonce` [number]: account nonce
3. method signature [string:optional] 1. method signature [string:optional]
- The method signature, if present, is to aid decoding the calldata. Should consist of `methodname(paramtype,...)`, e.g. `transfer(uint256,address)`. The signer may use this data to parse the supplied calldata, and show the user. The data, however, is considered totally untrusted, and reliability is not expected. - The method signature, if present, is to aid decoding the calldata. Should consist of `methodname(paramtype,...)`, e.g. `transfer(uint256,address)`. The signer may use this data to parse the supplied calldata, and show the user. The data, however, is considered totally untrusted, and reliability is not expected.
#### Result #### Result
- signed transaction in RLP encoded form [data] - raw [data]: signed transaction in RLP encoded form
- tx [json]: signed transaction in JSON form
#### Sample call #### Sample call
```json ```json
@ -178,11 +157,22 @@ Response
```json ```json
{ {
"id": 2,
"jsonrpc": "2.0", "jsonrpc": "2.0",
"error": { "id": 2,
"code": -32000, "result": {
"message": "Request denied" "raw": "0xf88380018203339407a565b7ed7d7a678680a4c162885bedbb695fe080a44401a6e4000000000000000000000000000000000000000000000000000000000000001226a0223a7c9bcf5531c99be5ea7082183816eb20cfe0bbc322e97cc5c7f71ab8b20ea02aadee6b34b45bb15bc42d9c09de4a6754e7000908da72d48cc7704971491663",
"tx": {
"nonce": "0x0",
"gasPrice": "0x1234",
"gas": "0x55555",
"to": "0x07a565b7ed7d7a678680a4c162885bedbb695fe0",
"value": "0x1234",
"input": "0xabcd",
"v": "0x26",
"r": "0x223a7c9bcf5531c99be5ea7082183816eb20cfe0bbc322e97cc5c7f71ab8b20e",
"s": "0x2aadee6b34b45bb15bc42d9c09de4a6754e7000908da72d48cc7704971491663",
"hash": "0xeba2df809e7a612a0a0d444ccfa5c839624bdc00dd29e3340d46df3870f8a30e"
}
} }
} }
``` ```
@ -234,7 +224,7 @@ Response
Bash example: Bash example:
```bash ```bash
#curl -H "Content-Type: application/json" -X POST --data '{"jsonrpc":"2.0","method":"account_signTransaction","params":[{"from":"0x694267f14675d7e1b9494fd8d72fefe1755710fa","gas":"0x333","gasPrice":"0x1","nonce":"0x0","to":"0x07a565b7ed7d7a678680a4c162885bedbb695fe0", "value":"0x0", "data":"0x4401a6e40000000000000000000000000000000000000000000000000000000000000012"},"safeSend(address)"],"id":67}' http://localhost:8550/ > curl -H "Content-Type: application/json" -X POST --data '{"jsonrpc":"2.0","method":"account_signTransaction","params":[{"from":"0x694267f14675d7e1b9494fd8d72fefe1755710fa","gas":"0x333","gasPrice":"0x1","nonce":"0x0","to":"0x07a565b7ed7d7a678680a4c162885bedbb695fe0", "value":"0x0", "data":"0x4401a6e40000000000000000000000000000000000000000000000000000000000000012"},"safeSend(address)"],"id":67}' http://localhost:8550/
{"jsonrpc":"2.0","id":67,"result":{"raw":"0xf88380018203339407a565b7ed7d7a678680a4c162885bedbb695fe080a44401a6e4000000000000000000000000000000000000000000000000000000000000001226a0223a7c9bcf5531c99be5ea7082183816eb20cfe0bbc322e97cc5c7f71ab8b20ea02aadee6b34b45bb15bc42d9c09de4a6754e7000908da72d48cc7704971491663","tx":{"nonce":"0x0","gasPrice":"0x1","gas":"0x333","to":"0x07a565b7ed7d7a678680a4c162885bedbb695fe0","value":"0x0","input":"0x4401a6e40000000000000000000000000000000000000000000000000000000000000012","v":"0x26","r":"0x223a7c9bcf5531c99be5ea7082183816eb20cfe0bbc322e97cc5c7f71ab8b20e","s":"0x2aadee6b34b45bb15bc42d9c09de4a6754e7000908da72d48cc7704971491663","hash":"0xeba2df809e7a612a0a0d444ccfa5c839624bdc00dd29e3340d46df3870f8a30e"}}} {"jsonrpc":"2.0","id":67,"result":{"raw":"0xf88380018203339407a565b7ed7d7a678680a4c162885bedbb695fe080a44401a6e4000000000000000000000000000000000000000000000000000000000000001226a0223a7c9bcf5531c99be5ea7082183816eb20cfe0bbc322e97cc5c7f71ab8b20ea02aadee6b34b45bb15bc42d9c09de4a6754e7000908da72d48cc7704971491663","tx":{"nonce":"0x0","gasPrice":"0x1","gas":"0x333","to":"0x07a565b7ed7d7a678680a4c162885bedbb695fe0","value":"0x0","input":"0x4401a6e40000000000000000000000000000000000000000000000000000000000000012","v":"0x26","r":"0x223a7c9bcf5531c99be5ea7082183816eb20cfe0bbc322e97cc5c7f71ab8b20e","s":"0x2aadee6b34b45bb15bc42d9c09de4a6754e7000908da72d48cc7704971491663","hash":"0xeba2df809e7a612a0a0d444ccfa5c839624bdc00dd29e3340d46df3870f8a30e"}}}
``` ```
@ -281,7 +271,7 @@ Response
### account_signTypedData ### account_signTypedData
#### Sign data #### Sign data
Signs a chunk of structured data conformant to [EIP712](https://github.com/ethereum/EIPs/blob/master/EIPS/eip-712.md) and returns the calculated signature. Signs a chunk of structured data conformant to [EIP-712](https://github.com/ethereum/EIPs/blob/master/EIPS/eip-712.md) and returns the calculated signature.
#### Arguments #### Arguments
- account [address]: account to sign with - account [address]: account to sign with
@ -377,7 +367,7 @@ Response
### account_ecRecover ### account_ecRecover
#### Sign data #### Recover the signing address
Derive the address from the account that was used to sign data with content type `text/plain` and the signature. Derive the address from the account that was used to sign data with content type `text/plain` and the signature.
@ -395,7 +385,6 @@ Derive the address from the account that was used to sign data with content type
"jsonrpc": "2.0", "jsonrpc": "2.0",
"method": "account_ecRecover", "method": "account_ecRecover",
"params": [ "params": [
"data/plain",
"0xaabbccdd", "0xaabbccdd",
"0x5b6693f153b48ec1c706ba4169960386dbaa6903e249cc79a8e6ddc434451d417e1e57327872c7f538beeb323c300afa9999a3d4a5de6caf3be0d5ef832b67ef1c" "0x5b6693f153b48ec1c706ba4169960386dbaa6903e249cc79a8e6ddc434451d417e1e57327872c7f538beeb323c300afa9999a3d4a5de6caf3be0d5ef832b67ef1c"
] ]
@ -411,122 +400,39 @@ Response
} }
``` ```
### account_import ### account_version
#### Import account #### Get external API version
Import a private key into the keystore. The imported key is expected to be encrypted according to the web3 keystore
format.
#### Arguments Get the version of the external API used by Clef.
- account [object]: key in [web3 keystore format](https://github.com/ethereum/wiki/wiki/Web3-Secret-Storage-Definition) (retrieved with account_export)
#### Result
- imported key [object]:
- key.address [address]: address of the imported key
- key.type [string]: type of the account
- key.url [string]: key URL
#### Sample call
```json
{
"id": 6,
"jsonrpc": "2.0",
"method": "account_import",
"params": [
{
"address": "c7412fc59930fd90099c917a50e5f11d0934b2f5",
"crypto": {
"cipher": "aes-128-ctr",
"cipherparams": {
"iv": "401c39a7c7af0388491c3d3ecb39f532"
},
"ciphertext": "eb045260b18dd35cd0e6d99ead52f8fa1e63a6b0af2d52a8de198e59ad783204",
"kdf": "scrypt",
"kdfparams": {
"dklen": 32,
"n": 262144,
"p": 1,
"r": 8,
"salt": "9a657e3618527c9b5580ded60c12092e5038922667b7b76b906496f021bb841a"
},
"mac": "880dc10bc06e9cec78eb9830aeb1e7a4a26b4c2c19615c94acb632992b952806"
},
"id": "09bccb61-b8d3-4e93-bf4f-205a8194f0b9",
"version": 3
}
]
}
```
Response
```json
{
"id": 6,
"jsonrpc": "2.0",
"result": {
"address": "0xc7412fc59930fd90099c917a50e5f11d0934b2f5",
"type": "account",
"url": "keystore:///tmp/keystore/UTC--2017-08-24T11-00-42.032024108Z--c7412fc59930fd90099c917a50e5f11d0934b2f5"
}
}
```
### account_export
#### Export account from keystore
Export a private key from the keystore. The exported private key is encrypted with the original passphrase. When the
key is imported later this passphrase is required.
#### Arguments #### Arguments
- account [address]: export private key that is associated with this account
None
#### Result #### Result
- exported key, see [web3 keystore format](https://github.com/ethereum/wiki/wiki/Web3-Secret-Storage-Definition) for
more information * external API version [string]
#### Sample call #### Sample call
```json ```json
{ {
"id": 5, "id": 0,
"jsonrpc": "2.0", "jsonrpc": "2.0",
"method": "account_export", "method": "account_version",
"params": [ "params": []
"0xc7412fc59930fd90099c917a50e5f11d0934b2f5"
]
} }
``` ```
Response
Response
```json ```json
{ {
"id": 5, "id": 0,
"jsonrpc": "2.0", "jsonrpc": "2.0",
"result": { "result": "6.0.0"
"address": "c7412fc59930fd90099c917a50e5f11d0934b2f5",
"crypto": {
"cipher": "aes-128-ctr",
"cipherparams": {
"iv": "401c39a7c7af0388491c3d3ecb39f532"
},
"ciphertext": "eb045260b18dd35cd0e6d99ead52f8fa1e63a6b0af2d52a8de198e59ad783204",
"kdf": "scrypt",
"kdfparams": {
"dklen": 32,
"n": 262144,
"p": 1,
"r": 8,
"salt": "9a657e3618527c9b5580ded60c12092e5038922667b7b76b906496f021bb841a"
},
"mac": "880dc10bc06e9cec78eb9830aeb1e7a4a26b4c2c19615c94acb632992b952806"
},
"id": "09bccb61-b8d3-4e93-bf4f-205a8194f0b9",
"version": 3
}
} }
``` ```
## UI API ## UI API
These methods needs to be implemented by a UI listener. These methods needs to be implemented by a UI listener.
@ -535,9 +441,9 @@ By starting the signer with the switch `--stdio-ui-test`, the signer will invoke
denials. This can be used during development to ensure that the API is (at least somewhat) correctly implemented. denials. This can be used during development to ensure that the API is (at least somewhat) correctly implemented.
See `pythonsigner`, which can be invoked via `python3 pythonsigner.py test` to perform the 'denial-handshake-test'. See `pythonsigner`, which can be invoked via `python3 pythonsigner.py test` to perform the 'denial-handshake-test'.
All methods in this API uses object-based parameters, so that there can be no mixups of parameters: each piece of data is accessed by key. All methods in this API use object-based parameters, so that there can be no mixup of parameters: each piece of data is accessed by key.
See the [ui api changelog](https://github.com/ethereum/go-ethereum/blob/master/cmd/clef/intapi_changelog.md) for information about changes to this API. See the [ui API changelog](https://github.com/ethereum/go-ethereum/blob/master/cmd/clef/intapi_changelog.md) for information about changes to this API.
OBS! A slight deviation from `json` standard is in place: every request and response should be confined to a single line. OBS! A slight deviation from `json` standard is in place: every request and response should be confined to a single line.
Whereas the `json` specification allows for linebreaks, linebreaks __should not__ be used in this communication channel, to make Whereas the `json` specification allows for linebreaks, linebreaks __should not__ be used in this communication channel, to make
@ -694,12 +600,10 @@ Invoked when a request for account listing has been made.
{ {
"accounts": [ "accounts": [
{ {
"type": "Account",
"url": "keystore:///home/bazonk/.ethereum/keystore/UTC--2017-11-20T14-44-54.089682944Z--123409812340981234098123409812deadbeef42", "url": "keystore:///home/bazonk/.ethereum/keystore/UTC--2017-11-20T14-44-54.089682944Z--123409812340981234098123409812deadbeef42",
"address": "0x123409812340981234098123409812deadbeef42" "address": "0x123409812340981234098123409812deadbeef42"
}, },
{ {
"type": "Account",
"url": "keystore:///home/bazonk/.ethereum/keystore/UTC--2017-11-23T21-59-03.199240693Z--cafebabedeadbeef34098123409812deadbeef42", "url": "keystore:///home/bazonk/.ethereum/keystore/UTC--2017-11-23T21-59-03.199240693Z--cafebabedeadbeef34098123409812deadbeef42",
"address": "0xcafebabedeadbeef34098123409812deadbeef42" "address": "0xcafebabedeadbeef34098123409812deadbeef42"
} }
@ -729,7 +633,13 @@ Invoked when a request for account listing has been made.
{ {
"address": "0x123409812340981234098123409812deadbeef42", "address": "0x123409812340981234098123409812deadbeef42",
"raw_data": "0x01020304", "raw_data": "0x01020304",
"message": "\u0019Ethereum Signed Message:\n4\u0001\u0002\u0003\u0004", "messages": [
{
"name": "message",
"value": "\u0019Ethereum Signed Message:\n4\u0001\u0002\u0003\u0004",
"type": "text/plain"
}
],
"hash": "0x7e3a4e7a9d1744bc5c675c25e1234ca8ed9162bd17f78b9085e48047c15ac310", "hash": "0x7e3a4e7a9d1744bc5c675c25e1234ca8ed9162bd17f78b9085e48047c15ac310",
"meta": { "meta": {
"remote": "signer binary", "remote": "signer binary",
@ -739,12 +649,34 @@ Invoked when a request for account listing has been made.
} }
] ]
} }
```
### ApproveNewAccount / `ui_approveNewAccount`
Invoked when a request for creating a new account has been made.
#### Sample call
```json
{
"jsonrpc": "2.0",
"id": 4,
"method": "ui_approveNewAccount",
"params": [
{
"meta": {
"remote": "signer binary",
"local": "main",
"scheme": "in-proc"
}
}
]
}
``` ```
### ShowInfo / `ui_showInfo` ### ShowInfo / `ui_showInfo`
The UI should show the info to the user. Does not expect response. The UI should show the info (a single message) to the user. Does not expect response.
#### Sample call #### Sample call
@ -754,9 +686,7 @@ The UI should show the info to the user. Does not expect response.
"id": 9, "id": 9,
"method": "ui_showInfo", "method": "ui_showInfo",
"params": [ "params": [
{ "Tests completed"
"text": "Tests completed"
}
] ]
} }
@ -764,18 +694,16 @@ The UI should show the info to the user. Does not expect response.
### ShowError / `ui_showError` ### ShowError / `ui_showError`
The UI should show the info to the user. Does not expect response. The UI should show the error (a single message) to the user. Does not expect response.
```json ```json
{ {
"jsonrpc": "2.0", "jsonrpc": "2.0",
"id": 2, "id": 2,
"method": "ShowError", "method": "ui_showError",
"params": [ "params": [
{ "Something bad happened!"
"text": "Testing 'ShowError'"
}
] ]
} }
@ -789,9 +717,36 @@ When implementing rate-limited rules, this callback should be used.
TLDR; Use this method to keep track of signed transactions, instead of using the data in `ApproveTx`. TLDR; Use this method to keep track of signed transactions, instead of using the data in `ApproveTx`.
Example call:
```json
{
"jsonrpc": "2.0",
"id": 1,
"method": "ui_onApprovedTx",
"params": [
{
"raw": "0xf88380018203339407a565b7ed7d7a678680a4c162885bedbb695fe080a44401a6e4000000000000000000000000000000000000000000000000000000000000001226a0223a7c9bcf5531c99be5ea7082183816eb20cfe0bbc322e97cc5c7f71ab8b20ea02aadee6b34b45bb15bc42d9c09de4a6754e7000908da72d48cc7704971491663",
"tx": {
"nonce": "0x0",
"gasPrice": "0x1",
"gas": "0x333",
"to": "0x07a565b7ed7d7a678680a4c162885bedbb695fe0",
"value": "0x0",
"input": "0x4401a6e40000000000000000000000000000000000000000000000000000000000000012",
"v": "0x26",
"r": "0x223a7c9bcf5531c99be5ea7082183816eb20cfe0bbc322e97cc5c7f71ab8b20e",
"s": "0x2aadee6b34b45bb15bc42d9c09de4a6754e7000908da72d48cc7704971491663",
"hash": "0xeba2df809e7a612a0a0d444ccfa5c839624bdc00dd29e3340d46df3870f8a30e"
}
}
]
}
```
### OnSignerStartup / `ui_onSignerStartup` ### OnSignerStartup / `ui_onSignerStartup`
This method provide the UI with information about what API version the signer uses (both internal and external) aswell as build-info and external api, This method provides the UI with information about what API version the signer uses (both internal and external) as well as build-info and external API,
in k/v-form. in k/v-form.
Example call: Example call:
@ -815,3 +770,23 @@ Example call:
``` ```
### OnInputRequired / `ui_onInputRequired`
Invoked when Clef requires user input (e.g. a password).
Example call:
```json
{
"jsonrpc": "2.0",
"id": 1,
"method": "ui_onInputRequired",
"params": [
{
"title": "Account password",
"prompt": "Please enter the password for account 0x694267f14675d7e1b9494fd8d72fefe1755710fa",
"isPassword": true
}
]
}
```

2
docs/_clef/datatypes.md
Unescape View File

@ -8,7 +8,7 @@ sort_key: C
These data types are defined in the channel between clef and the UI These data types are defined in the channel between clef and the UI
### SignDataRequest ### SignDataRequest
SignDataRequest contains information about a pending request to sign some data. The data to be signed can be of various types, defined by content-type. Clef has done most of the work in canonicalizing and making sense of the data, and it's up to the UI to presentthe user with the contents of the `message` SignDataRequest contains information about a pending request to sign some data. The data to be signed can be of various types, defined by content-type. Clef has done most of the work in canonicalizing and making sense of the data, and it's up to the UI to present the user with the contents of the `message`
Example: Example:
```json ```json

Write Preview
Loading…
Cancel
Save