Fulfill requests from CLI

Overview

This is a step-by-step guide explaining how to fulfill key and signature requests with your Keychain from the command line. For generating keys and signing messages, you'll use the CLIChain (clichain) tool.

Learn more:

For a list of CLIChain commands, see Implementation: CLIChain.
To learn more about key and signature requests, see Request flow.

tip

In this guide, you'll interact with a local chain and create key and signature requests using node commands. Alternatively, you can Join Buenavista and take the same steps but create requests using SpaceWard.

Prerequisites

Before you start, complete the following prerequisites:

Run a local chain. If you used manual configuration, make sure you created a Space.
Create a Keychain. You can skip it if you used a just script or a devnet snapshot to run your node.

1. Install CLIChain

To install CLIChain, navigate to the wardenprotocol directory and run this:

go install ./cmd/clichain

2. Export variables

Next steps require that you export your node and Keychain settings as environment variables.

If you used a just script or a devnet snapshot to run your node, you can export the predefined settings:

export CHAIN_ID=warden_1337-1 
export KEY_NAME=shulgin
export SPACE_ID=1
export KEYCHAIN_ID=1
export KEYCHAIN_WRITER_NAME=shulgin

Otherwise, use custom values:

export CHAIN_ID=chain_123-1 
export KEY_NAME=my-key-name
export SPACE_ID=1
export KEYCHAIN_ID=1
export KEYCHAIN_WRITER_NAME=my-keychain-writer-name

CHAIN_ID: The chain ID you used when running a node.
Returned by wardend status in the network field.
KEY_NAME: Your local account name, or key name.
Returned by wardend keys list.
SPACE_ID: Your Space ID.
Returned by wardend query warden spaces.
KEYCHAIN_ID: Your Keychain ID obtained when registering a Keychain.
Returned by wardend query warden keychains in the id field.
KEYCHAIN_WRITER_NAME: Your Keychain Writer name specified when adding a Keychain Writer.
Returned by wardend keys list.

3. Fulfill a key request

When a user requests a new key, the Keychain generates a new private key, stores it securely, and submits the public key to the chain. To test this flow, take the steps below.

Request a new key:

wardend tx warden new-action new-key-request \
  --space-id $SPACE_ID --keychain-id $KEYCHAIN_ID --key-type KEY_TYPE_ECDSA_SECP256K1 \
  --from $KEY_NAME -y --chain-id $CHAIN_ID | wardend q wait-tx

Get all key requests:
```
wardend query warden key-requests --keychain-id $KEYCHAIN_ID
```
Your request ID will be returned in the id field of the output:
```
id: "1"
```
Export the request ID using the command below. Replace 1 with the actual ID you obtained.
```
export KEY_REQUEST_ID=1
```
Use the CLIChain generate command to generate the key:
```
clichain generate -o private_$KEY_REQUEST_ID.key
```

Export the public key, derived with the CLIChain public-key command:

export PUBLIC_KEY=$(go run ./cmd/clichain public-key -k private_$KEY_REQUEST_ID.key -o base64)

Fulfill the request by submitting a transaction from the Keychain Writer account:

wardend tx warden fulfill-key-request $KEY_REQUEST_ID $PUBLIC_KEY \
  --from $KEYCHAIN_WRITER_NAME --chain-id $CHAIN_ID

Check the request status to make sure it was fulfilled:
```
wardend query warden key-request-by-id --id=$KEY_REQUEST_ID
```
Your request status will be returned in the status field of the output:
```
status: KEY_REQUEST_STATUS_FULFILLED
```

4. Fulfill a signature request

When a user requests a new key, the Keychain signs a message with the private key and submits the signature to the chain. To test this flow, take the steps below.

Create a signature request:

wardend tx warden new-action new-sign-request --from $KEY_NAME \
  --input "MrT1dvxgez7QoVFudyVn5S8xCTJjxUi5xxZyWHcji5Q=" \
  --key-id 1 -y --chain-id $CHAIN_ID | wardend q wait-tx

tip

In the --input flag, you should provide a Base64-encoded hash. For testing purposes, you can use the hash from the example above. Alternatively, you can create one yourself – run the following command, replacing 00112233 with arbitrary raw data:

RAW_DATA="00112233"
HASH=$(echo -n $RAW_DATA | sha256sum | awk '{print $1}')
BASE64_HASH=$(echo -n $HASH | xxd -r -p | base64)

Then run a signature request with the $BASE64_HASH variable in the --input flag:

wardend tx warden new-action new-sign-request --from $KEY_NAME \
 --input $BASE64_HASH \
 --key-id 1 -y --chain-id $CHAIN_ID | wardend q wait-tx

Get all signature requests:

wardend query warden sign-requests --keychain-id $KEYCHAIN_ID

Your request ID and data for signing will be returned in the id and data_for_signing fields of the output:

id: "1"
data_for_signing: MrT1dvxgez7QoVFudyVn5S8xCTJjxUi5xxZyWHcji5Q=

Export the request details using the command below. Specify the actual request ID and data you obtained.
```
export DATA=MrT1dvxgez7QoVFudyVn5S8xCTJjxUi5xxZyWHcji5Q=
export SIGN_REQUEST_ID=1
```

Use the CLIChain sign command to sign the message with the key generated in Step 3. Export the signature.

export SIGNATURE=$(echo -n $DATA | base64 -d | clichain sign -k private_$KEY_REQUEST_ID.key -o base64)

Fulfill the signature request by submitting a transaction from the Keychain Writer account:

wardend tx warden fulfill-sign-request $SIGN_REQUEST_ID $SIGNATURE \
  --from $KEYCHAIN_WRITER_NAME --chain-id $CHAIN_ID

Check the request status to make sure it was fulfilled:
```
wardend query warden sign-request-by-id --id=$KEY_REQUEST_ID
```
Your request status will be returned in the status field of the output:
```
status: SIGN_REQUEST_STATUS_FULFILLED
```

Overview​

Prerequisites​

1. Install CLIChain​

2. Export variables​

3. Fulfill a key request​

4. Fulfill a signature request​