@ -31,43 +31,51 @@ NOTE: This file does not contain your accounts. Those need to be backed up separ
## Creating rules
## Creating rules
Now, you can create a rule-file.
Now, you can create a rule-file. Note that it is not mandatory to use predefined rules, but it's really handy.
```javascript
```javascript
function ApproveListing(){
function ApproveListing(){
return "Approve"
return "Approve"
}
}
```
```
Get the `sha256` hash....
Get the `sha256` hash. If you have openssl, you can do `openssl sha256 rules.js` ...
```text
```text
#sha256sum rules.js
#sha256sum rules.js
6c21d1737429d6d4f2e55146da0797782f3c0a0355227f19d702df377c165d72 rules.js
6c21d1737429d6d4f2e55146da0797782f3c0a0355227f19d702df377c165d72 rules.js
```
```
...And then `attest` the file:
...now `attest` the file...
```text
```text
#./signer attest 6c21d1737429d6d4f2e55146da0797782f3c0a0355227f19d702df377c165d72
#./signer attest 6c21d1737429d6d4f2e55146da0797782f3c0a0355227f19d702df377c165d72
INFO [02-21|12:14:38] Ruleset attestation updated sha256=6c21d1737429d6d4f2e55146da0797782f3c0a0355227f19d702df377c165d72
INFO [02-21|12:14:38] Ruleset attestation updated sha256=6c21d1737429d6d4f2e55146da0797782f3c0a0355227f19d702df377c165d72
```
```
At this point, we then start the signer with the rule-file:
...and (this is required only for non-production versions) load a mock-up `4byte.json` by copying the file from the source to your current working directory:
```text
#cp $GOPATH/src/github.com/ethereum/go-ethereum/cmd/clef/4byte.json $PWD
```
At this point, we can start the signer with the rule-file:
```text
```text
#./signer --rules rules.js
#./signer --rules rules.js --rpc
INFO [02-21|12:15:18] Using CLI as UI-channel
INFO [09-25|20:28:11.866] Using CLI as UI-channel
INFO [02-21|12:15:18] Loaded 4byte db signatures=5509 file=./4byte.json
INFO [09-25|20:28:11.876] Loaded 4byte db signatures=5509 file=./4byte.json
INFO [02-21|12:15:18] Could not load rulefile, rules not enabled file=rulefile
INFO [09-25|20:28:11.877] Rule engine configured file=./rules.js
DEBUG[02-21|12:15:18] FS scan times list=35.335µs set=5.536µs diff=5.073µs
DEBUG[09-25|20:28:11.877] FS scan times list=100.781µs set=13.253µs diff=5.761µs
DEBUG[02-21|12:15:18] Ledger support enabled
DEBUG[09-25|20:28:11.884] Ledger support enabled
DEBUG[02-21|12:15:18] Trezor support enabled
DEBUG[09-25|20:28:11.888] Trezor support enabled
INFO [02-21|12:15:18] Audit logs configured file=audit.log
INFO [09-25|20:28:11.888] Audit logs configured file=audit.log
INFO [02-21|12:15:18] HTTP endpoint opened url=http://localhost:8550
DEBUG[09-25|20:28:11.888] HTTP registered namespace=account
INFO [09-25|20:28:11.890] HTTP endpoint opened url=http://localhost:8550
DEBUG[09-25|20:28:11.890] IPC registered namespace=account
INFO [09-25|20:28:11.890] IPC endpoint opened url=< nil >
------- Signer info -------
------- Signer info -------
* extapi_version : 2.0.0
* intapi_version : 2.0.0
* extapi_http : http://localhost:8550
* extapi_http : http://localhost:8550
* extapi_ipc : < nil >
* extapi_ipc : < nil >
* extapi_version : 2.0.0
* intapi_version : 1.2.0
```
```
Any list-requests will now be auto-approved by our rule-file.
Any list-requests will now be auto-approved by our rule-file.
@ -107,16 +115,16 @@ The `master_seed` was then used to derive a few other things:
## Adding credentials
## Adding credentials
In order to make more useful rules; sign transactions, the signer needs access to the passwords needed to unlock keystores.
In order to make more useful rules like signing transactions, the signer needs access to the passwords needed to unlock keystores.
```text
```text
#./signer addpw 0x694267f14675d7e1b9494fd8d72fefe1755710fa test
#./signer addpw " 0x694267f14675d7e1b9494fd8d72fefe1755710fa" " test_password"
INFO [02-21|13:43:21] Credential store updated key=0x694267f14675d7e1b9494fd8d72fefe1755710fa
INFO [02-21|13:43:21] Credential store updated key=0x694267f14675d7e1b9494fd8d72fefe1755710fa
```
```
## More advanced rules
## More advanced rules
Now let's update the rules to make use of credentials
Now let's update the rules to make use of credentials:
```javascript
```javascript
function ApproveListing(){
function ApproveListing(){
@ -134,13 +142,15 @@ function ApproveSignData(r){
}
}
```
```
In this example,
In this example:
* a ny requests to sign data with the account `0x694...` will be
* A ny requests to sign data with the account `0x694...` will be
* auto-approved if the message contains with `bazonk` ,
* auto-approved if the message contains with `bazonk`
* and a uto-rejected if it does not.
* auto-rejected if it does not.
* Any other signing-requests will be passed along for manual approve/reject.
* Any other signing-requests will be passed along for manual approve/reject.
..attest the new file
_Note: make sure that `0x694...` is an account you have access to. You can create it either via the clef or the traditional account cli tool. If the latter was chosen, make sure both clef and geth use the same keystore by specifing `--keystore path/to/your/keystore` when running clef._
Attest the new file...
```text
```text
#sha256sum rules.js
#sha256sum rules.js
2a0cb661dacfc804b6e95d935d813fd17c0997a7170e4092ffbc34ca976acd9f rules.js
2a0cb661dacfc804b6e95d935d813fd17c0997a7170e4092ffbc34ca976acd9f rules.js
@ -155,21 +165,24 @@ And start the signer:
```
```
#./signer --rules rules.js --rpc
#./signer --rules rules.js --rpc
INFO [02-21|14:41:56] Using CLI as UI-channel
INFO [09-25|21:02:16.450] Using CLI as UI-channel
INFO [02-21|14:41:56] Loaded 4byte db signatures=5509 file=./4byte.json
INFO [09-25|21:02:16.466] Loaded 4byte db signatures=5509 file=./4byte.json
INFO [02-21|14:41:56] Rule engine configured file=rules.js
INFO [09-25|21:02:16.467] Rule engine configured file=./rules.js
DEBUG[02-21|14:41:56] FS scan times list=34.607µs set=4.509µs diff=4.87µs
DEBUG[09-25|21:02:16.468] FS scan times list=1.45262ms set=21.926µs diff=6.944µs
DEBUG[02-21|14:41:56] Ledger support enabled
DEBUG[09-25|21:02:16.473] Ledger support enabled
DEBUG[02-21|14:41:56] Trezor support enabled
DEBUG[09-25|21:02:16.475] Trezor support enabled
INFO [02-21|14:41:56] Audit logs configured file=audit.log
INFO [09-25|21:02:16.476] Audit logs configured file=audit.log
INFO [02-21|14:41:56] HTTP endpoint opened url=http://localhost:8550
DEBUG[09-25|21:02:16.476] HTTP registered namespace=account
INFO [09-25|21:02:16.478] HTTP endpoint opened url=http://localhost:8550
DEBUG[09-25|21:02:16.478] IPC registered namespace=account
INFO [09-25|21:02:16.478] IPC endpoint opened url=< nil >
------- Signer info -------
------- Signer info -------
* extapi_version : 2.0.0
* extapi_version : 2.0.0
* intapi_version : 1.2.0
* intapi_version : 2.0 .0
* extapi_http : http://localhost:8550
* extapi_http : http://localhost:8550
* extapi_ipc : < nil >
* extapi_ipc : < nil >
INFO [02-21|14:41:56] error occurred during execution error="ReferenceError: 'OnSignerStartup' is not defined"
```
```
And then test signing, once with `bazonk` and once without:
And then test signing, once with `bazonk` and once without:
```
```
@ -195,4 +208,4 @@ t=2018-02-21T14:42:41+0100 lvl=info msg=Sign api=signer type=request meta
t=2018-02-21T14:42:42+0100 lvl=info msg=Sign api=signer type=response data=93e6161840c3ae1efc26dc68dedab6e8fc233bb3fefa1b4645dbf6609b93dace160572ea4ab33240256bb6d3dadb60dcd9c515d6374d3cf614ee897408d41d541c error=nil
t=2018-02-21T14:42:42+0100 lvl=info msg=Sign api=signer type=response data=93e6161840c3ae1efc26dc68dedab6e8fc233bb3fefa1b4645dbf6609b93dace160572ea4ab33240256bb6d3dadb60dcd9c515d6374d3cf614ee897408d41d541c error=nil
t=2018-02-21T14:42:56+0100 lvl=info msg=Sign api=signer type=request metadata="{\"remote\":\"127.0.0.1:49708\",\"local\":\"localhost:8550\",\"scheme\":\"HTTP/1.1\"}" addr="0x694267f14675d7e1b9494fd8d72fefe1755710fa [chksum INVALID]" data=2020626f6e6b2062617a2067617a0a
t=2018-02-21T14:42:56+0100 lvl=info msg=Sign api=signer type=request metadata="{\"remote\":\"127.0.0.1:49708\",\"local\":\"localhost:8550\",\"scheme\":\"HTTP/1.1\"}" addr="0x694267f14675d7e1b9494fd8d72fefe1755710fa [chksum INVALID]" data=2020626f6e6b2062617a2067617a0a
t=2018-02-21T14:42:56+0100 lvl=info msg=Sign api=signer type=response data= error="Request denied"
t=2018-02-21T14:42:56+0100 lvl=info msg=Sign api=signer type=response data= error="Request denied"
```
```