keygen-docker
Guard Operation: Key Generation
Being a guard, you need a set of secret keys that will be used in multisig operations. One of these keys will be used by the TSS library for EcDSA and EdDSA multisig wallets.
The following document will help you through generating this key by activating the keygen mode in the guard application in a key generation ceremony.
Note: The guard application does not have a UI interface for key generation process.
Docker Deployment
Clone Operation repository and go to operation/guard directory
git clone https://github.com/rosen-bridge/operation.git
cd operation/guard/Create your environment file .env based on env.template file in the guard directory
cp env.template .envSet your parameters in .env file
Note: do not use space after
=sign
# Required Environments
POSTGRES_PASSWORD= # a random alphanumeric password without special characters (like $%!-#)
POSTGRES_USER= # a random name
POSTGRES_DB= # a random name
POSTGRES_PORT=5432 # 5432 is set as default, you can change it.
# Optional Environments
GUARD_PORT= # (default is 8081 if no value is set)
GUARD_IMAGE_VERSION= # Don't change it!
UI_IMAGE_VERSION= # Don't change it!Set required permissions and create thresholds.json and local.yaml files in the config directory
touch config/thresholds.json
touch config/local.yaml
sudo chown -R 8080:8080 logs configOnly on MacOS: set 707 permission for the logs directory
# only on MacOS
sudo chmod -R 707 logsPull the Docker image
docker compose pull # use `docker-compose pull` for older versions of DockerIn order to instruct the service to generate a new key, copy and paste the following lines in local.yaml file, fill in the required parameters, and save the file.
Ask the keygen ceremony moderator to provide the required info for the
FILL_ACCORDING_TO_YOUR_GUARD_SETparameters
# Paste these lines in local.yaml file, fill in the parameters.
keygen:
active: true # set true to start keygen process on startup
guards: FILL_ACCORDING_TO_YOUR_GUARD_SET(number) # total number of guards
threshold: FILL_ACCORDING_TO_YOUR_GUARD_SET(number) # signing threshold (at least threshold + 1 guards are required)
p2p:
addresses:
- peerId: FILL_ACCORDING_TO_YOUR_GUARD_SET
address: FILL_ACCORDING_TO_YOUR_GUARD_SETIn the guard directory, run the containers
docker compose up # use `docker-compose up` for older versions of DockerNote: Each guard has a unique peerId that you should provide to the moderator of the keygen ceremony. Your peerId will be whitelisted in the network's relay. Upon starting your guard, you can find the value of this parameter in your guard's logs. For example, you should see a line like this in your log file located at
./logs/guard-logs/or in your console:info: Dialer node started with peerId: 12D3KooWNGaHx3EAdNeKUFxAKrg3EyKFN8gHHw9H5ZiBmRVjxHpG.In this example,
12D3KooWNGaHx3EAdNeKUFxAKrg3EyKFN8gHHw9H5ZiBmRVjxHpGrepresents the peerId.
Successful Keygen
After discovering all peers, the colaborative key genaration process will be started. In case of a successful key genaration you can see the following message in the console as well as in the log file located at ./logs/guard-logs/.
info: [keygen] request start keygen with response {"shareID":"17919185987749025101810558434858548363703702891441976713238832618792983045264897561171919","pubKey":"9a685c62d667fd99c22dbd1d8e97b27a268003e146ac8af74b03c5a1f25f4f5f","status":"success"} calledPlease provide this data to the moderator of the keygen ceremony to acknowledge your successful operation.
Backup
After a successful keygen ceremony, back up the keygen data as well as the p2p data by executing the following commands in the guard directory:
mkdir guard_data_backup
docker compose cp service:/app/peer-dialer/peer-dialer.json ./guard_data_backup/
docker compose cp service:/app/tss-api/home/eddsa/keygen_data.json ./guard_data_backup/Note: Keep the directory
guard_data_backupin a secure location. Your key share can be found inkeygen_data.json.
Last updated