准备工作
启动nodeos:docker start -i nodeos
启动keosd: keosd --http-server-address=127.0.0.1:8889
一、创建账号
1.为之前创建的default导入密钥
cleos wallet create_key //使用此命令无需再次将私钥导入到钱包
返回一个公钥 EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8
可以用下面的命令查看对应公私钥:
cleos wallet private_keys
password: [[
"EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8",
"5KNgUjPzHxjgkGB5pD6dmXw4J6EfjeB4a9wAUQ6QJgx1pUT6JoP"
]
]
为eosio账户导入密钥
cleos wallet import
5KQwrPbwdL6PhXujxW37FSSQZ1JiwsST4cqQzDeyXtP79zkvFD3
private key: imported private key for: EOS6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV
2.查看创建账号命令的说明
cleos create account
输出结果:
ERROR: RequiredError: creator
Create an account, buy ram, stake for bandwidth for the account
Usage: cleos create account [OPTIONS] creator name OwnerKey [ActiveKey]
Positionals:
creator TEXT The name of the account creating the new account (required)
name TEXT The name of the new account (required)
OwnerKey TEXT The owner public key for the new account (required)
ActiveKey TEXT The active public key for the new account
Options:
-h,--help Print this help message and exit
-x,--expiration set the time in seconds before a transaction expires, defaults to 30s
-f,--force-unique force the transaction to be unique. this will consume extra bandwidth and remove any protections against accidently issuing the same transaction multiple times
-s,--skip-sign Specify if unlocked wallet keys should be used to sign transaction
-j,--json print result as json
-d,--dont-broadcast don't broadcast transaction to the network (just print to stdout)
--return-packed used in conjunction with --dont-broadcast to get the packed transaction
-r,--ref-block TEXT set the reference block num or block id used for TAPOS (Transaction as Proof-of-Stake)
-p,--permission TEXT ... An account and permission level to authorize, as in 'account@permission'
--max-cpu-usage-ms UINT set an upper limit on the milliseconds of cpu usage budget, for the execution of the transaction (defaults to 0 which means no limit)
--max-net-usage UINT set an upper limit on the net usage budget, in bytes, for the transaction (defaults to 0 which means no limit)
分析输出:
在Positionals结构中包含四个字断:
creator TEXT(必填):创建者账号的名称。
name TEXT(必填) :新账号的名称。
OwnerKey TEXT(必填):新账号的owner权限的公钥。
ActiveKey TEXT(可选):新账号的active权限的公钥,默认与owner权限的公钥一致。
在Options结构中有很多可选参数,介绍一下比较常用的几个:
-d:是不广播到网络。
-j:是返回为json格式的数据。
-s:是交易数据不经过签名。
-p:是指定签名的账号以及权限,默认是active权限。
-h:是帮助命令。
3.创建新账户xtk
cleos create account eosio xtk EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8
成功返回以下结果
executed transaction: 12b311852f8ea9392cf6bbc29225f417484b38acfa93700787cae2aa114e884e 200 bytes 818 us
# eosio <= eosio::newaccount {"creator":"eosio","name":"xtk","owner":{"threshold":1,"keys":[{"key":"EOS5FkwsbhmPygwgMehCyCb7Dq11V...
warning: transaction executed locally, but may not be confirmed by the network yet ]
二、新增权限
刚创建好的xtk账户有两个原生权限:owner和active,owner拥有很多功能给的操作权限,如:转账、投票、购买ram等等,
现在将投票权限任命给一个自定义权限voting,那么单单通过voting权限所对应的私钥对投票操作进行签名就可以完成投票操作
1、先看一下xtk的权限分配
cleos get account xtk
返回如下结果:
created: 2018-11-21T10:38:29.500
permissions:
owner 1: 1 EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8
active 1: 1 EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8
memory:
quota: unlimited used: 2.66 KiB
net bandwidth:
used: unlimited
available: unlimited
limit: unlimited
cpu bandwidth:
used: unlimited
available: unlimited
limit: unlimited
分析输出:
owner阀值为1,权重也为1,active阀值为1,权重为1,且EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8
同时拥有owner和active两个权限
2、新建一对公私钥控制voting权限
xiaohulu@xiaohulu-virtual-machine:~/eosio-wallet$ cleos create key --to-console
Private key: 5JetsRMzqYgni4NdVzPecjwyV13TDUEspyuuvkFyZJmErcyttWw
Public key: EOS6q2QkyGqPX1ds8vnGva3N4ebSJR2UNiutyffDSaKJwFP13HtjB
3.给账号xtk新增voting权限
由EOS6q2QkyGqPX1ds8vnGva3N4ebSJR2UNiutyffDSaKJwFP13HtjB控制
xiaohulu@xiaohulu-virtual-machine:~/eosio-wallet$ cleos set account permission xtk voting EOS6q2QkyGqPX1ds8vnGva3N4ebSJR2UNiutyffDSaKJwFP13HtjB
返回结果:
executed transaction: 3c073b48dad78a734f072fd72e92ac0767d9182b36096cfc1095ce10b4bded21 160 bytes 509 us
# eosio <= eosio::updateauth {"account":"xtk","permission":"voting","parent":"active","auth":{"threshold":1,"keys":[{"key":"EOS6q...
warning: transaction executed locally, but may not be confirmed by the network yet .
4.在次查看xtk账号的权限分配
cleos get account xtk
返回结果:
created: 2018-11-21T10:38:29.500
permissions:
owner 1: 1 EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8
active 1: 1 EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8
voting 1: 1 EOS6q2QkyGqPX1ds8vnGva3N4ebSJR2UNiutyffDSaKJwFP13HtjB
memory:
quota: unlimited used: 2.99 KiB
net bandwidth:
used: unlimited
available: unlimited
limit: unlimited
cpu bandwidth:
used: unlimited
available: unlimited
limit: unlimited
可知voting权限已经加入,并且由EOS6q2QkyGqPX1ds8vnGva3N4ebSJR2UNiutyffDSaKJwFP13HtjB控制
三、新增权限控制的主体(由多个主体控制一个权限)
常见的新增权限控制的主体有两种:公私钥对、账号,修改权限控制的主体,既是让多个主体控制一个权限,实现多重签名,
注意:阀值是主体能够进行该操作的根本,只有当主体的权重大于等于阀值才能拥有该权限进行操作
严格按照上面的json数据结构设置
修改的公钥、账号必须按照从小到大进行排序
所有控制体的权重的和必须大于等于阀值。
JSON字符创数据结构
{
"threshold":
"keys": [
...
{
"key":
"weight":
}
...
],
"accounts": [
...
{
"permission": {
"actor":
"permission":
},
"weight":
}
...
],
"waits": [
...
{
"wait_sec":
"weight":
}
...
]
}
2、 新增权限控制的主体:公私钥对
xiaohulu@xiaohulu-virtual-machine:~/eosio-wallet$ cleos create key --to-console
Private key: 5J8ZhubxPZmoPkuo3XGtAsvgmtqrpnTCGHGPHES91FfPgdATGM5
Public key: EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x
设置阀值threshold、keys字段
cleos set account permission xtk active '{"threshold": 1, "keys": [{"key":"EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8","weight": 1},{"key":"EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x","weight": 1}]}'
权限的主体需要按照公钥进行排序
再次执行cleos get account xtk 得到以下结果
xiaohulu@xiaohulu-virtual-machine:~/eosio-wallet$ cleos get account xtk
created: 2018-11-21T10:38:29.500
permissions:
owner 1: 1 EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8
active 1: 1 EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8, 1 EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x
voting 1: 1 EOS7qnszhS19DtgnPQRPuFmxVNmjzAPD9A3Zh3MSVS6ZN9KLa5Fa9
memory:
quota: unlimited used: 3.039 KiB
net bandwidth:
used: unlimited
available: unlimited
limit: unlimited
cpu bandwidth:
used: unlimited
available: unlimited
limit: unlimited
可知,active权限新增了控制主体,由"EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x"控制,
两个active都可以单独使用active权限,后面更改阀值,让两个公钥合作完成active,达到多重签名的目的
四、修改阀值
修改xtk账号的active权限阀值为2,这样因为两个公钥的权限都是1,所以要想使用active权限,需要两个合作
实现多重签名的功能
1、先测试xtk的active权限的"EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x"是否拥有active功能
cleos create account xtk aaa "EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x" -p xtk@active
executed transaction: 4a3fa2e1a1f8e4c812369d104c2907f033f4ac0cc0cc5afcc206151c1cc25600 200 bytes 578 us
# eosio <= eosio::newaccount {"creator":"xtk","name":"aaa","owner":{"threshold":1,"keys":[{"key":"EOS8XX11uRAjWrAbt6V5AA2xLQvz4bN...
warning: transaction executed locally, but may not be confirmed by the network yet ]
显示结果证明,主体能够使用active权限的功能
2、修改xtk账号active权限的阀值为2
cleos set account permission xtk active '{"threshold":2,"keys":[{"key":"EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8","weight":1},{"key":"EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x","weight":1}]}'
设置完成之后,再次执行cleos get account xtk
结果如下:
xiaohulu@xiaohulu-virtual-machine:~/eosio-wallet$ cleos get account xtk
created: 2018-11-21T10:38:29.500
permissions:
owner 1: 1 EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8
active 2: 1 EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8, 1 EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x
voting 1: 1 EOS6q2QkyGqPX1ds8vnGva3N4ebSJR2UNiutyffDSaKJwFP13HtjB
memory:
quota: unlimited used: 3.039 KiB
net bandwidth:
used: unlimited
available: unlimited
limit: unlimited
cpu bandwidth:
used: unlimited
available: unlimited
limit: unlimited
可以看到,active的阀值已经修改为2
现在,任何主体都不能单独使用active权限的功能
cleos create account xtk t2 EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x -p xtk@active
执行结果:3090003:提供的密钥、权限和延迟不满足该权限的阀值,请确保钱包内有相关的私钥。
Error 3090003: Provided keys, permissions, and delays do not satisfy declared authorizations
Ensure that you have the related private keys inside your wallet and your wallet is unlocked.
使用active权限的方法:
·两个主体加起来才能使用active 权限的功能(两个主体的权限加起来为2)
·使用-p xtk@owner签名
·修改主体权重大于等于active权重的阀值
五、修改权重
修改EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8主体的权重为2
cleos set account permission xtk active '{"threshold": 2, "keys": [{"key":"EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8","weight": 2},{"key":"EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x","weight": 1}]}' -p xtk@owner
执行成功:
executed transaction: 4abbcf8722d9b00217aed66ac685cb4b107db2160a344ca6c54e92fcb18975bb 200 bytes 347 us
# eosio <= eosio::updateauth {"account":"xtk","permission":"active","parent":"owner","auth":{"threshold":2,"keys":[{"key":"EOS5Fk...
warning: transaction executed locally, but may not be confirmed by the network yet ]
此时,active阀值为2,主体权限EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8已经修改为2,
"EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x"权限为1
六、多重签名
何为多重签名呢,就是多个私钥一起对交易进行签名
重新修改active的阀值为3
cleos set account permission xtk active '{"threshold": 3, "keys": [{"key":"EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8","weight": 2},{"key":"EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x","weight": 1}], "accounts": [{"permission":{"actor":"tester", "permission":"owner"}, "weight":1}]}'
执行之后,再次执行cleos get account xtk
xiaohulu@xiaohulu-virtual-machine:~/eosio-wallet$ cleos get account xtk
created: 2018-11-21T10:38:29.500
permissions:
owner 1: 1 EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8
active 3: 2 EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8, 1 EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x, 1 tester@owner
voting 1: 1 EOS6q2QkyGqPX1ds8vnGva3N4ebSJR2UNiutyffDSaKJwFP13HtjB
memory:
quota: unlimited used: 3.07 KiB
net bandwidth:
used: unlimited
available: unlimited
limit: unlimited
cpu bandwidth:
used: unlimited
available: unlimited
limit: unlimited
可知对active权限已经修改为3
现在,EOS5FkwsbhmPygwgMehCyCb7Dq11VCJwm8Ue344GNvBxH9Byfp5c8与
EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x单独任意一个都不能时限active权限
只有将EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x私钥导入default钱包实现多重签名
xiaohulu@xiaohulu-virtual-machine:~/eosio-wallet$ cleos wallet import --private-key 5J8ZhubxPZmoPkuo3XGtAsvgmtqrpnTCGHGPHES91FfPgdATGM5
imported private key for: EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x
xiaohulu@xiaohulu-virtual-machine:~/eosio-wallet$ cleos create account xtk bbb EOS8XX11uRAjWrAbt6V5AA2xLQvz4bNcDdwTdMPjFPA31n2GRfV3x -p xtk@active
executed transaction: f6e93eb8abb9d25e34a4929139902336b614631b3b8de9322f3b189af98ee432 208 bytes 273 us
# eosio <= eosio::newaccount {"creator":"xtk","name":"bbb","owner":{"threshold":1,"keys":[{"key":"EOS8XX11uRAjWrAbt6V5AA2xLQvz4bN...
warning: transaction executed locally, but may not be confirmed by the network yet ]
总结:
对于每一个权限都会有一个阀值,每一个公私钥对都有一个权重,只有达到阀值得公私钥对,才有资格执行此权限。后续账户可以修改权限的阀值,或者为每个公私钥对分配不同的权重,以此执行权限。