Hello I have a local blockchain, Geth client, 2 nodes and clique proof of authority algorithm.
I start geth with this command:
geth --datadir node2/ --syncmode 'full' --port 30312
--rpc --rpcport 8546 --rpccorsdomain "*"
--ipcpath geth.ipc --rpcapi 'personal,db,eth,net,web3,txpool,miner'
--bootnodes 'enode://702efed8e606...ad041b4371a91989#127.0.0.1:30310'
--networkid 2456 --gasprice '1' --mine
--unlock '0x46004DEAfddb60d11cA04501df8C52aE4679Be8f' --password password.txt
but because of unlock now everyone can transfer ether from this account to some other account
like so:
const Web3 = require("web3");
var web3Client = new Web3(new Web3.providers.HttpProvider("http://localhost:8546"));
await web3Client.eth.sendTransaction({
from: "0x46004DEAfddb60d11cA04501df8C52aE4679Be8f",
to: "0xE77e5634A46153e1cfCa02350cf212BdbC18fbC6",
value: 23
});
but if I remove --unlock from geth command I can no longer seal blocks
WARN [06-01|14:44:52] Block sealing failed err="authentication needed: password or unlock"
is it possible to seal blocks in some other way so I won't have to unlock the account anymore?
Unfortunately, geth needs access to the private key to sign transactions, so you have to have it unlocked, otherwise it can't sign.
What you can do, is have this node signing, and get rid of
--ipcpath geth.ipc --rpcapi 'personal,db,eth,net,web3,txpool,miner'
instead, give the rpc to another node without an unlocked account.
Use this other node for all your interactions, and allow the first one to sign.
Cheers;
Evan
Related
I've spun up a local avalanche network using the avalanche network runner and I've successfully connected to it using geth:
❮❮❮ geth attach ws://127.0.0.1:35260/ext/bc/C/ws
Welcome to the Geth JavaScript console!
instance: v0.8.4-rc.3
coinbase: 0x0100000000000000000000000000000000000000
at block: 0 (Wed Dec 31 1969 18:00:00 GMT-0600 (CST))
modules: eth:1.0 net:1.0 rpc:1.0 web3:1.0
To exit, press ctrl-d or type exit
I'm trying to send a transaction from one account to another. I've found that this avalanche network pre-seeds account 0x8db97C7cEcE249c2b98bDC0226Cc4C2A57BF52FC with some ETH based on this comment and confirmed it using geth:
> eth.getBalance("0x8db97C7cEcE249c2b98bDC0226Cc4C2A57BF52Fc")
5e+25
However, when I try to send a transaction from this account, it fails:
> eth.getBalance("0x8db97C7cEcE249c2b98bDC0226Cc4C2A57BF52Fc")
5e+25
> eth.sendTransaction({from:"0x8db97C7cEcE249c2b98bDC0226Cc4C2A57BF52FC", to:"0x8db97C7cEcE249c2b98bDC0226Cc4C2A57BF52FD", value: web3.toWei(0.05, "ether")})
Error: unknown account
at web3.js:6365:37(47)
at send (web3.js:5099:62(35))
at <eval>:1:20(15)
I suspect it's because I don't have the account in the list of accounts:
> eth.accounts
[]
I've tried to import the account using geth account import <path to keyfile> but that did not result in eth.accounts having an entry.
I've also tried to use the personal.importRawKey function, but that doesn't work either:
> personal.importRawKey("56289e99c94b6912bfc12adc093c9b51124f0dc54ac7a766b2bc5ccf558d8027", "lol")
Error: the method personal_importRawKey does not exist/is not available
at web3.js:6365:37(47)
at send (web3.js:5099:62(35))
at <eval>:1:22(5)
> personal
{
listAccounts: undefined,
ecRecover: function(),
getListAccounts: function(callback),
importRawKey: function(),
lockAccount: function(),
newAccount: function github.com/ethereum/go-ethereum/internal/jsre.MakeCallback.func1(),
openWallet: function github.com/ethereum/go-ethereum/internal/jsre.MakeCallback.func1(),
sendTransaction: function(),
sign: function github.com/ethereum/go-ethereum/internal/jsre.MakeCallback.func1(),
unlockAccount: function github.com/ethereum/go-ethereum/internal/jsre.MakeCallback.func1()
}
Do I need to import this account? If so, how?
How do I send a transaction using geth on a local avalanche network using the default funded address by the avalanche network runner?
Turns out I was on the right track with importing the private key but I had to enable the personal namespace in the avalanche node.
The personal namespace can be enabled by adding internal-private-personal to the C Chain config being used by the node.
Once this namespace is enabled, you can connect to your node with geth and issue
> personal.importRawKey("56289e99c94b6912bfc12adc093c9b51124f0dc54ac7a766b2bc5ccf558d8027", "lol")
"0x8db97c7cece249c2b98bdc0226cc4c2a57bf52fc"
> personal.unlockAccount("0x8db97C7cEcE249c2b98bDC0226Cc4C2A57BF52FC", "lol", 300)
which then enables the account for spending.
Tried to make a single signature transfer between two address generated using node in regtest mode. During which I got the following
Error -> mandatory-script-verify-flag-failed (Signature must be zero for failed CHECK(MULTI)SIG operation) (code 16)
Following was the flow.
createrawtransaction -> args: [ UTXO (txid,vout,scriptPubKey,amount), Receiver address, change address]
-> Success
signrawtransactionwithkey -> args: [Hex-Transaction (output of createrawtransaction), PrivateKey, UTXO (txid,vout,scriptPubKey,amount) ] -> Success
sendrawtransaction -> args: [Hex- Signed Transaction (output of signrawtransactionwithkey)] -> Failed
From basic research, many suggested to add amount field in the signrawtransactionwithkey, Which I did, even after then I was getting the same error.
It is to be noted that the this error came all of a sudden, the Node setup was working fine for months. This happens only in a particular linux machine. Is there any other factors in the host machine can be affect Bitcoin Cash ABC node and cause this issue?
Bitcoin Cash ABC Node running in Regtest mode.
This error may arise due to older having older versions too, try updating the core. I got this error in 0.20.8 but later I updated the node to 0.21.8 it works fine. Not sure what is happening, or is there any kind of expiry to the Bitcoin Core ABC releases.
If it’s impossible to get public address from bitcoin address. How can a full node performing the transaction verify that the transaction is coming from authorised user.
The core of bitcoin is he language, Bitcoin Script, this is a language not Turing complete because is without loop.
The node bitcoin doesn't need the public key for spending the bitcoin, but a transaction input have an unlocked script (known as ScriptSig) this transaction can unlock a previous output transaction with have a locked script(Know as Script pubkey), for unlocked the node executed in the stack the ScriptSig + ScrptPubKey, if return true the transaction is spendable otherwise no.
an example
if you have two transaction
Input:
Previous tx: f5d8ee39a430901c91a5917b9f2dc19d6d1a0e9cea205b009ca73dd04470b9a6
Index: 0
scriptSig: 304502206e21798a42fae0e854281abd38bacd1aeed3ee3738d9e1446618c4571d10
90db022100e2ac980643b0b82c0e88ffdfec6b64e3e6ba35e7ba5fdd7d5d6cc8d25c6b241501
Output:
Value: 5000000000
scriptPubKey: OP_DUP OP_HASH160 404371705fa9bd789a2fcd52d2c580b65d35549d
OP_EQUALVERIFY OP_CHECKSIG
How bitcoin execute the script
Complete script
304502206e21798a42fae0e854281abd38bacd1aeed3ee3738d9e1446618c4571d10 OP_DUP OP_HASH160 404371705fa9bd789a2fcd52d2c580b65d35549d OP_EQUALVERIFY OP_CHECKSIG
if you push the script inside this ide and run it you can see how bitcoin run the script.
In this example the ide returned false because the transaction output cannot be sent with her input
The ScriptPubKey(most of the time) contains the pubKey
The ScriptSing contains the Signature of the private key
This are all informations for work the simple node bitcoin.
Now I have and question for you.
You say
impossible to get public address from bitcoin address.
what does it mean?
I am a relative newbie in bitcoin and blockchain and hope you can help me with some of the questions.
So I launched a "regtest" network and generated 101 blocks using
bitcoin-cli -regtest generate 101
Now, if I launch 'bitcoin-cli -regtest getaddressesbyaccount ""', I get the public address of my default account:
[
"mwpKJNJ4UZL7yFyj53RSVcwauGAK84UvV2"
]
And of course, I should not have any other accounts as for now.
When I launch 'bitcoin-cli -regtest listunspent':
[
{
"txid": "694030f8638318c8c54054515ec716159edc494b14234885deb48f294b75a2fe",
"vout": 0,
"address": "n1queZpweTHjrMLvwSmcfrrJSQjsrYG3nG",
"scriptPubKey": "21038cadb266ed1ae6c474f5c1b74fc5f6790eacde843a673a16cfc924a100f2a679ac",
"amount": 50.00000000,
"confirmations": 101,
"spendable": true,
"solvable": true,
"safe": true
}
]
First question:
I understand that the only transaction listed by "listunspent" is UTXO,
meaning this is a transaction what I received to my address "n1queZpweTHjrMLvwSmcfrrJSQjsrYG3nG" with 50 BTC as amount.
Where this address comes from? By what bitcoin-cli command I can see/find it in my wallet?
Second question:
How can I create a new wallet with some balances and switch between them ( using bitcoin-cli )?
Basically, I would like to be able to test my app using bitcoin-cli - I need to be able to create wallets, switch between them and send btc between the addresses.
Coinbase coins can't be transferred until 100 blocks after they were created.
(Why did you generate "101" blocks specifically?)
So, the amount in your wallet you see is from the first block you mined. You can verify that by bitcoin-cli -regtest getblock "<hash of first block>" which you had got in return to the generate 101 command you ran earlier (an array of 101 block hashes).
Try the following
generate one more block bitcoin-cli -regtest generate 1
now listunspent and you should see 2 utxos instead of 1.
Depending on what you want to test, maybe simply creating a new address and sending money to it is enough for you?
[Edit]
Shut down core properly.
Rename your wallet.dat file
When you restart, a new wallet(wallet.dat) will be created. You can use them by supplying -wallet arg to bitcoin-qt
For example, if you are on linux:
Create 4 wallets by starting bitcoin core, stopping bitcoin core and then renaming the wallet.dat in your ~/.bitcoin folder (then repeating the process). For example, run this process 4 times to generate :
mywallet.dat
wifeswallet.dat
kidswallet.dat
businesswallet.dat
Then, in linux, in your .bashrc :
alias mywallet="bitcoin-qt -wallet=~/.bitcoin/mywallet.dat"
alias wifeswallet="bitcoin-qt -wallet=~/.bitcoin/wifeswallet.dat"
alias kidswallet="bitcoin-qt -wallet=~/.bitcoin/kidswallet.dat"
alias businesswallet="bitcoin-qt -wallet=~/.bitcoin/businesswallet.dat"
I am working on Mosquitto and plan to use Redis as the back end to handle both username/password pair authentication and ACL. I am using JPmens' authentication plugin to do this. The authentication works well, but I can't make the ACL work. Redis uses unique keys and the usernames (keys in my cases) are used in username/password pairs for authentication purposes. I have tried to mix user name,password and topics together in sets/list, but none of them work.
the mosquitto conf:
auth_plugin /etc/mosquitto/auth-plug.so
auth_opt_backends redis
auth_opt_redis_host 127.0.0.1
auth_opt_redis_port 6379
auth_opt_redis_userquery GET %s
auth_opt_redis_aclquery GET %s-%s
Following name/password pairs are working fine for the authentication
SET user1 PBKDF2$sha256$901$Qh18ysY4wstXoHhk$g8d2aDzbz3rYztvJiO3dsV698jzECxSg
SET user2 PBKDF2$sha256$901$R74X2ae3MufMS20M$CAbXZFDmXJN7Cc28Dm/Z97OfM8Tz1JHn
...
Following settings won't work for the ACL: (a/b... as topics)
sadd user22 PBKDF2$sha256$901$Qh18ysY4wstXoHhk$g8d2aDzbz3rYztvJiO3dsV698jzECxSg a/b c/d
rpush user33 PBKDF2$sha256$901$q5/N74O6Iaf/e8Cg$dEA3tZSi/sJeXKAkX39Gd3agy2WY96gE e/f
What's the correct way to do so?
In the Redis API, aclrequery shows that:
Single stepping until exit from function be_redis_aclcheck, which has no line number information.
redisCommand (c=0x6537d0, format=0x6561c0 "GET user1-t/c") at hiredis.c:1345
1345 void *redisCommand(redisContext *c, const char *format, ...) {
(gdb) bt
0 redisCommand (c=0x6537d0, format=0x6561c0 "GET my-t/c") at hiredis.c:1345
1 0x00007ffff5e61376 in be_redis_aclcheck () from /etc/mosquitto/auth-plug.so
2 0x00007ffff5e5c351 in mosquitto_auth_acl_check ()
from /etc/mosquitto/auth-plug.so
Here, user1 is the user name and t/c is the topic. GET user1-t/c seems to tell me a string type is expected in the Redis database. Can anyone give me an example of how to get this to work?
Thanks
I have figured out how it works. If MQTT broker only allow client user1 to pub and sub "a/b" and "c/d" topics, the correct ACL data in Redis for the JPmens plugin will be:
user1-a/b 2
user1-c/d 2
"user1-a/c" is the key and 2 is the value.
It's not preferred, if Redis goes down for any reason your entire system will be down also.
It will be a SPF (single point of failure) in your architecture.