Security Precautions when Minting Tokens

I have minted tokens successfully on my server. It loaded out a lot of key data and I am guessing that is stored on my server.

Security Questions

  1. Is it possible for an online server to get hacked and someone get those mint token keys and then go and generate millions more of the token? If so what security precautions should people know about since many are just minting tokens without considering security.
  2. If you hire someone else to generate your tokens for you, aren’t you then essentially leaving/sharing all the token keys with them so if your token is successful one day, they can just go and generate more tokens to keep themself or sell your key making them partially an owner?
  3. If you use the GUI that is coming soon, wouldn’t those token generating keys be on the GUI somewhere as well, is there a security risk there?
  4. If you use a script or token generator tool in the future, how are you to be certain it’s not sending your generating keys through a backdoor to someone?
  5. What would be the best policy or settings to use to generate a 1 time token that cannot be duplicated ever again by anyone. Generate a full batch and have the keys all self destruct and be void and useless after.

Just want to see what others think about all this.

1 Like

These are good questions. Here are a few thoughts about them:

  1. If the server isn’t minting tokens, the secret keys can be stored offline, using best practices for securing those keys. (I believe that minting transactions can be created and signed offline, so the server would never have the keys unless it is creating tokens on demand, as opposed to distributing previously created tokens.)

  2. Mostly yes, unless the token minting is limited to a particular time window. After that window passes you can verify exactly how many tokens were created and at which addresses they reside. You’d need to audit the monetary policy script that created the tokens and verify the hash of that script. (When Plutus smart contracts are available, there will be ways for someone to create a token-minting contract that you would have to sign in order to mint the tokens, and they would never have all of the keys to mint the tokens themselves.)

  3. & 4. The software and processes would have to be audited, but there is always a risk.

  4. Yes, the monetary policy script can limit minting to a time window, so after that window has passed even the keys cannot mint more under that policy.