Hi,
Pretty interesting title lol.
I am having big trouble installing a node, but will do it later. Just to make sure I am being able to get the keys correctly, would somebody please try my private keys (you take the ADA on these addresses to your wallet).
Don’t worry I’m not crazy for trial purposes only.
Thank you really this would very much help
Here are the addresses:
Adress:
addr1q85uewc4rz5ajcvrsmddj80luvt7aa424j9e3t6cgxrf6hp97x4uwemau5dgln98j7scpt8keq8g9v2vm7rj9ja4m0xsmwx8hx
I have confirmed that the association you are keeping between the private keys and the associated addresses is working. You should therefore be good to go ahead whenever you are ready… because you confirm above you knew that anyone could clean out these addresses, which are permanently blown.
If you’re anxious about not being able to get funds back from a manually created address, this should reassure you. Just make sure that pairing between the payment address and its corresponding payment key is strict, e.g. as in the Cardano documentation where the payment address for payment.addr is in a key called payment.skey.
And NEVER NEVER NEVER put that payment.skey on an Internet connected machine. For privacy reasons you should also keep that payment.addr in an encrypted file: if you use it to make your pool pledge, it may be in the stake pool part of the ledger (?), but even if so there’s no point making it easy for people to spy on you.
So I trust that cleaning out these addresses confirms that the key generation method you are using is working. I know what that anxiety is like, and I don’t think you’re crazy: just keep those private keys hidden whatever you do. I eventually got over that anxiety by coming up with a strict key management protocol, for keeping keys in encrypted files, that I’ll be writing publicly about in the next couple of weeks.
Anyway the addresses above are now zeroed out. Lots of work for 9 ada but I had ulterior motives: to test some things about manual transactions: like flexibility in the calculated fee (it’s flexible & allowed me to round up, as I’ve seen before it’s OK to come up a bit short), and how to submit multiple signing keys.
Also there was the weird exhilaration of creating transactions with a private key on an Internet connected machine, which I’ve never done before & probably will never do again… maybe how that’s how people feel when they play Russian Roulette.
good luck to you @thomas_boisson … and BTW next time you post JSON (surely not a signing key) or in fact any computer program to a forum, be sure to use the back-ticks (`), so the double quotation marks aren’t transformed into typographical quotes, which won’t copy-paste into valid computer code; e.g.:
I do not want to be off-topic, but just a question for the signing of a transaction: you mean I could sign a transaction offline and then transfer the tx.signed file to my online computer and submit the transaction? That way could somebody know the payment.skey with which I signed?
If nobody could deduce my payment.skey from submitting the transaction, I did not know that. I thought everytime you send a transaction you expose your private key to the internet. That is why all bitcoin security advisors say you must only use each wallet once: you transfer the amount you want to transfer then the remaining balance you transfer to a new wallet of yours.
Yes, that is exactly how the system was designed to work.
No, it is impossible for the signing key to be deduced / extracted / reverse engineered from the signed transaction. It’s factored into part of that big string you see in the transaction file, with a mathematical function that only goes in a single direction.
The Cardano nodes run a validation function on the transaction, which contains that payment address, and if they don’t have that common factor of the payment key you supplied at transaction signing, the transaction will be rejected. That does not mean these nodes will ever see that payment key you used for the signing, nor is it computationally possible to determine it.
For more about how asymmetric encryption works, and why you can feel safe with it, check these out:
