This feature of
fetchd allows users to securely control keys in a number of configurations. Using a threshold number K of maximum N keys, a user or group of users can set the minimum number of keys required to sign a transaction. Some examples of these configurations allow some useful features such as the choice of a spare key, where only one key is required to sign (K=1) but there are two keys available to do so. Another more complex example configuration is set out below.
Creating a multisig key
The following represents the syntax and argument layout of the
fetchd command to create a multisig key.
# Create a simple multisig key with a threshold of 1 as default fetchd keys add <multisig_key_name> --multisig <list_of_key_names> # Creating a multisig key with a higher threshold, K fetchd keys add <multisig_key_name> --multisig <list_of_key_names> --multisig-threshold <threshold integer K>
Example instantiation of a multisig key
This example represents a shared multisig key that could be used within a business amongst three account holders - where at least two of three (K=2) must sign off on each transaction.
# Create the three keys owned by the separate account holders fetchd keys add fred fetchd keys add ted fetchd keys add ned # Create the multisig key from keys above fetchd keys add business_key --multisig fred,ted,ned --multisig-threshold 2
Signing and broadcasting multisig transactions
Transactions must be signed and broadcast before they are carried out.
In order to sign a multisig transaction, the transaction itself must not be immediately broadcast; but instead, the keyholders must each sign until a the minimum threshold K signatures are present.
For this example we will be representing the transaction on the Stargate network and will therefore will be using
atestfet as the denomination - this should be changed relative to the currency used on the relevant network
Multisig transaction example
# Create a key to represent a vendor that the business must pay fetchd keys add vendor # Generate a transaction as an output file to be signed by # the keyholders, 'ted' and 'fred' in this example fetchd tx bank send <business_key address> <vendor address> 1000atestfet --generate-only > transfer.json # This transaction file (transfer.json) is then made available for # the first keyholder to sign, 'fred' fetchd tx sign transfer.json --chain-id stargateworld-1 --from fred --multisig <address of business_key> > transfer_fredsigned.json # This is repeated for 'ted' fetchd tx sign transfer.json --chain-id stargateworld-1 --from ted --multisig <address of business_key> > transfer_tedsigned.json # These two files are then collated together and used as inputs to the # multisign command to create a fully signed transaction fetchd tx multisign transfer.json business_key transfer_fredsigned.json transfer_tedsigned.json > signed_transfer.json # Now that the transaction is fully signed, it may be broadcast fetchd tx broadcast signed_transfer.json # Now display the result of the transaction and confirm that the vendor has # received payment fetchd query bank balances <address of vendor>
Other multisig transaction examples
# In order to create a staking transaction using a multisig key # the same process as above can be used with the output file of this command fetchd tx staking delegate <wallet address> 10000atestfet --generate-only > stake.json # The following command can also be used to create a withdrawal transaction for the # rewards from staking when using a multisig key - this too must be signed as before fetchd tx distribution withdraw-all-rewards --generate-only > withdrawal.json