keygen-docker
Guard Operation: Key Generation
Being a guard, you need a set of secret keys that will be used in multisig operations. One of these keys will be used by the TSS library
for EcDSA
and EdDSA
multisig wallets.
The following document will help you through generating this key by activating the keygen mode
in the guard application in a key generation ceremony
.
Note: The guard application does not have a UI interface for key generation process.
Docker Deployment
Clone Operation repository and go to operation/guard
directory
git clone https://github.com/rosen-bridge/operation.git
cd operation/guard/
Create your environment file .env
based on env.template
file in the guard
directory
cp env.template .env
Set your parameters in .env
file
Note: do not use space after
=
sign
# Required Environments
POSTGRES_PASSWORD= # a random alphanumeric password without special characters (like $%!-#)
POSTGRES_USER= # a random name
POSTGRES_DB= # a random name
POSTGRES_PORT=5432 # 5432 is set as default, you can change it.
# Optional Environments
GUARD_PORT= # (default is 8081 if no value is set)
GUARD_IMAGE_VERSION= # Don't change it!
UI_IMAGE_VERSION= # Don't change it!
Set required permissions and create thresholds.json
and local.yaml
files in the config
directory
touch config/thresholds.json
touch config/local.yaml
sudo chown -R 8080:8080 logs config
Only on MacOS
: set 707
permission for the logs
directory
# only on MacOS
sudo chmod -R 707 logs
Pull the Docker image
docker compose pull # use `docker-compose pull` for older versions of Docker
In order to instruct the service to generate a new key, copy and paste the following lines in local.yaml
file, fill in the required parameters, and save the file.
Ask the keygen ceremony moderator to provide the required info for the
FILL_ACCORDING_TO_YOUR_GUARD_SET
parameters
# Paste these lines in local.yaml file, fill in the parameters.
keygen:
active: true # set true to start keygen process on startup
guards: FILL_ACCORDING_TO_YOUR_GUARD_SET(number) # total number of guards
threshold: FILL_ACCORDING_TO_YOUR_GUARD_SET(number) # signing threshold (at least threshold + 1 guards are required)
p2p:
addresses:
- peerId: FILL_ACCORDING_TO_YOUR_GUARD_SET
address: FILL_ACCORDING_TO_YOUR_GUARD_SET
In the guard
directory, run the containers
docker compose up # use `docker-compose up` for older versions of Docker
Note: Each guard has a unique peerId that you should provide to the moderator of the keygen ceremony. Your peerId will be whitelisted in the network's relay. Upon starting your guard, you can find the value of this parameter in your guard's logs. For example, you should see a line like this in your log file located at
./logs/guard-logs/
or in your console:info: Dialer node started with peerId: 12D3KooWNGaHx3EAdNeKUFxAKrg3EyKFN8gHHw9H5ZiBmRVjxHpG.
In this example,
12D3KooWNGaHx3EAdNeKUFxAKrg3EyKFN8gHHw9H5ZiBmRVjxHpG
represents the peerId.
Successful Keygen
After discovering all peers, the colaborative key genaration process will be started. In case of a successful key genaration you can see the following message in the console as well as in the log file located at ./logs/guard-logs/
.
info: [keygen] request start keygen with response {"shareID":"17919185987749025101810558434858548363703702891441976713238832618792983045264897561171919","pubKey":"9a685c62d667fd99c22dbd1d8e97b27a268003e146ac8af74b03c5a1f25f4f5f","status":"success"} called
Please provide this data to the moderator of the keygen ceremony to acknowledge your successful operation.
Backup
After a successful keygen ceremony, back up the keygen data
as well as the p2p data
by executing the following commands in the guard directory:
mkdir guard_data_backup
docker compose cp service:/app/peer-dialer/peer-dialer.json ./guard_data_backup/
docker compose cp service:/app/tss-api/home/eddsa/keygen_data.json ./guard_data_backup/
Note: Keep the directory
guard_data_backup
in a secure location. Your key share can be found inkeygen_data.json
.
Last updated