# Venus wallet

  1. venus-wallet is a remote wallet that provides policy for Filecoin and supports JsonRPC2.0 call. It can dynamically configure whether various data types to be signed are signed or not.
  2. The project is decoupled from Lotus and Venus independently, and can be called by different implementations of Filecoin.

# quickstart

# 1-Downloadcode

git clone https://github.com/filecoin-project/venus-wallet.git

# 2-Compile

  • go version ^1.15
# Setting BLS compilation environment variables

# Compile the current platform executable

# If you need to cross compile Linux versions on MAC
# You need to install GCC related files (you can also download files to local via GitHub and install them locally by brew)
brew install FiloSottile/musl-cross/musl-cross
make linux

# 3-Startserviceprocess

# It starts on the Mainnetwork by default(--network=main)
# The address begins with f
$ ./venus-wallet run 

# Start in test network
# The address begins with t
$ ./venus-wallet run  --network=test      

# 4-Configurationintroduction

  • Default file location “~/.venus_wallet/config.toml”
  # The HTTP listening address of the local process
  ListenAddress = "/ip4/"

  # Data files that embedded store the database  by default
  Conn = "~/.venus_wallet/keystore.sqlit"
  Type = "sqlite"
  DebugMode = true

  # JWT token hex,If it is not configured, it will be generated randomly
  Token = "65794a68624763694f694a49557a49314e694973496e523563434936496b705856434a392e65794a42624778766479493657794a795a57466b4969776964334a70644755694c434a7a615764754969776959575274615734695858302e7133787a356f75634f6f543378774d5463743870574d42727668695f67697a4f7a365142674b2d6e4f7763"
  # JWT secret hex,If it is not configured, it will be generated randomly
  Secret = "7c40ce66a492e35ac828e8333a5703e38b23add87f29bd8fc7343989e08b3458"

  # keystore private key symmetric encryption variable
  ScryptN = 262144
  ScryptP = 1

  # Strategy level,0:Don't turn on strategy 1:Verify only the data type to be signed 2:Verify the data type to be signed, and verify the message type with the method policy configured
  Level = 2
  NodeURL = "/ip4/"

  # The URL of the gateway. If not configured, the gateway will not be connected
  RegisterAPI = ["/ip4/"]
  # The token of the gateway
  Token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoidGVzdG1pbmVyIiwicGVybSI6ImFkbWluIiwiZXh0IjoiIn0.oakIfSg1Iiv1T2F1BtH1bsb_1GeXWuirdPSjvE5wQLs"
  SupportAccounts = ["testminer"]

# CLIoperationguide

# ViewHelp

$ ./venus-wallet -h

   venus-wallet - A new cli application

   venus-wallet [global options] command [command options] [arguments...]


   run                   Start a venus wallet process
   auth                  Manage RPC permissions
   log                   Manage logging
   strategy, st          Manage logging
   new                   Generate a new key of the given type
   list, ls              List wallet address
   export                export keys
   import                import keys
   sign                  sign a message
   del                   del a wallet and message
   set-password, setpwd  Store a credential for a keystore file
   unlock                unlock the wallet and release private key
   lock                  Restrict the use of secret keys after locking wallet
   lockState, lockstate  unlock the wallet and release private key
   help, h               Shows a list of commands or help for one command

   --help, -h     show help (default: false)
   --version, -v  print the version (default: false)
  • The operation here is flat and single-layer. Different from the ./venus wallet list operation of Venus or Lotus, only ./venus-wallet list is needed in venus-wallet.
  • Some commands are XX processed, such as strategy, which can be directly replaced by st.

# BasicoperationofVenusWallet

# Thestateofthewallet

  1. Set the key of private key symmetric encryption
# ./venus-wallet setpwd (aliase)
$ ./venus-wallet set-password
Enter Password again:******

# res
Password set successfully

Note: this password is only stored in memory for symmetric encryption of the private key. Once the service process exits in any form, it cannot be restored. Therefore, the private key managed by this program needs to be backed up by itself or directly.

  • After setting the password, the default state of the wallet is unlock
  1. Lock Wallet

After the wallet is locked, the functions of signing, generating new address, importing and exporting private key will be disabled, which will affect the remote call chain, so please use it with caution.

$ ./venus-wallet lock

# res
wallet lock successfully
  1. unlock wallet

After unlocking, all functions of the wallet will be released.

$ ./venus-wallet unlock

# res
wallet unlock successfully
  1. View the wallet status
$ ./venus-wallet lockstate

wallet state: unlocked

# Privatekeymanagement

  1. Generate new random private key

venus-wallet new [command options] [bls|secp256k1 (default secp256k1)]

$ ./venus-wallet new 

  • The default type is secp256k1. You can also use ./venus-wallet new bls to generate BLS private key
  1. Import the private key

venus-wallet import [command options] [<path> (optional, will read from stdin if omitted)]

$ ./venus-wallet import
Enter private key:7b2254797065223a22736563703235366b31222c22507269766174654b6579223a22626e765665386d53587171346173384633654c647a7438794a6d68764e434c377132795a6c6657784341303d227d

imported key t12mchblwgi243re5i2pg2harmnqvm6q3rwb2cnpy successfully!
  1. Export the private key

venus-wallet export [command options] [address]

$ ./venus-wallet export t12mchblwgi243re5i2pg2harmnqvm6q3rwb2cnpy

# res
  1. View address list
$ ./venus-wallet list


Show all private key corresponding address, there are spec and bls two kinds of address

  1. Delete the specified private key

venus-wallet del [command options] <address>

$ ./venus-wallet del t12mchblwgi243re5i2pg2harmnqvm6q3rwb2cnpy


# JWTauthoritymanagement

For remote access interface authorization

  1. Gets the remote connection string

venus-wallet auth api-info [command options] [arguments...]

$ ./venus-wallet auth api-info --perm admin

  • perm has four kinds of permissions: read, write, sign and Admin. They are generated by the corresponding JWT configuration in the configuration file and will not change dynamically.

# strategy

The main purpose of policy function is to restrict the use of private key for the specified type of signature, which can effectively prevent some non allowed data signatures.

  • Concept

    • keyBind

      • Each address can be bound with multiple policies. Here, the name of the specified address binding policy is defined as keyBind.
      • The keywords are name, msgType and method.
      • name: The custom name of keyBind is globally unique.
      • msgType: Filecoin data type, such as block, msg, etc.
      • method: The method corresponding to the message type. There are more than 60 kinds in total.
    • group

      • A keyBind is composed of multiple keyBinds.
      • The keywords are name, keyBindName
    • token

      • The keywords are token,groupName
      • For a group, a random token is generated and provided to remote wallet for strategic access. The relationship between group and token is 1:n.
    • template

      • At present, there are two kinds of template: msgType and method
      • Keywords:name,msgType,method
      • Multiple policy templates can be configured for subsequent private key fast binding
  • Notes

    • At present, the change of keyBind will directly affect the group, and the group will directly affect the token policy configuration. At present, all these are linked.
$ ./venus-wallet strategy -h

   venus-wallet strategy - Manage logging

   venus-wallet strategy command [command options] [arguments...]

   types                              show all msgTypes
   methods                            show all methods (index are used for counting only)
   msgTypeTemplate, mtt               show msgTypeTemplate by name
   methodTemplateByName, mt           show methodTemplate by name
   keyBind, kb                        show keyBind by name
   keyBinds, kbs                      show keyBinds by address
   group, g                           show group by name
   listGroup, lg                      show a range of groups (the element of groups only contain name)
   groupTokens, gts                   show a range of tokens belong to group
   listKeyBinds, lkb                  show a range of keyBinds (the element of groups only contain name)
   stTokenInfo, ti                    show info about token
   listMethodTemplates, lmt           show a range of method templates
   listMsgTypeTemplates, lmtt         show a range of method templates
   newMsgTypeTemplate, newMTT         create a msgType common template
   newMethodTemplate, newMT           create a msg methods common template
   newKeyBindCustom, newKBC           create a strategy about wallet bind msgType and methods
   newKeyBindFromTemplate, newKBFT    create a strategy about wallet bind msgType and methods with template
   newGroup, newG                     create a group with keyBinds
   newStToken, newWT                  create a wallet token with group
   removeMsgTypeTemplate, rmMTT       remove msgTypeTemplate ( not affect the group strategy that has been created)
   removeMethodTemplate, rmMT         remove MethodTemplate ( not affect the group strategy that has been created)
   removeKeyBind, rmKB                remove keyBind ( not affect the group strategy that has been created)
   removeKeyBindByAddress, rmKBBA     remove keyBinds by address ( not affect the group strategy that has been created)
   removeGroup, rmG                   remove group by address ( not affect the group strategy that has been created)
   removeStToken, rmT                 remove token
   removeMethodFromKeyBind, rmM4KB    remove elements of methods in keyBind
   removeMsgTypeFromKeyBind, rmMT4KB  remove elements of msgTypes in keyBind
   addMethodIntoKeyBind, addM2KB      append methods into keyBind
   addMsgTypeIntoKeyBind, addMT2KB    append msgTypes into keyBind
   help, h                            Shows a list of commands or help for one command


# 1. View msgType and method

# View type (Code is the corresponding value of 1:1 of type, which never changes)
$ ./venus-wallet st types
# res
code	type
0	unknown
1	chainMsg
2	block
3	dealProposal
4	drawRandomParam
5	signedVoucher
6	storageAsk
7	askResponse
8	netWorkResponse
9	providerDealState
10	clientDeal

# View method(Alphabetic order. With the iteration of Filecoin, the index corresponding to method will change. Do not use index to mark method)

$ ./venus-wallet st methods
index	method
1	ActivateDeals
2	AddBalance
3	AddLockedFund
4	AddSigner
5	AddVerifiedClient
6	AddVerifier
7	ApplyRewards
8	Approve
9	AwardBlockReward
10	Cancel
11	ChangeMultiaddrs
12	ChangeNumApprovalsThreshold
13	ChangeOwnerAddress
14	ChangePeerID
15	ChangeWorkerAddress
16	CheckSectorProven
17	Collect
18	CompactPartitions
19	CompactSectorNumbers
20	ComputeDataCommitment
21	ConfirmSectorProofsValid
22	ConfirmUpdateWorkerKey
23	Constructor
24	ControlAddresses
25	CreateMiner
26	CronTick
27	CurrentTotalPower
28	DeclareFaults
29	DeclareFaultsRecovered
30	DisputeWindowedPoSt
31	EnrollCronEvent
32	EpochTick
33	Exec
34	ExtendSectorExpiration
35	LockBalance
36	OnConsensusFault
37	OnDeferredCronEvent
38	OnEpochTickEnd
39	OnMinerSectorsTerminate
40	PreCommitSector
41	Propose
42	ProveCommitSector
43	PubkeyAddress
44	PublishStorageDeals
45	RemoveSigner
46	RemoveVerifier
47	RepayDebt
48	ReportConsensusFault
49	RestoreBytes
50	Send
51	Settle
52	SubmitPoRepForBulkVerify
53	SubmitWindowedPoSt
54	SwapSigner
55	TerminateSectors
56	ThisEpochReward
57	UpdateChannelState
58	UpdateClaimedPower
59	UpdateNetworkKPI
60	UpdatePledgeTotal
61	UseBytes
62	VerifyDealsForActivation
63	WithdrawBalance

# 1. Create keyBind

# 1. Custom create

venus-wallet strategy newKeyBindCustom [command options] [name, address, codes, methods]

$ ./venus-wallet st newKBC kb1 <addr1> \
0,1,2,3 \

  • kb1 is the globally unique name of keyBind.
  • addr1 refers to the address of BLS or SECP.
# 2. Create from template
# 2.1 Create msgType template

venus-wallet strategy newMsgTypeTemplate [command options] [name, code1 code2 ...]

$ ./venus-wallet st newMsgTypeTemplate mttmp1 0 1 2 3 4 5

  • mttmp1 is the globally unique name of msgType template.
# 2.2 Create method template

venus-wallet strategy newMethodTemplate [command options] [name, method1 method2 ...]

$ ./venus-wallet st newMethodTemplate mtmp1 ActivateDeals AddBalance AddLockedFund

  • mtmp1 is the globally unique name of the method template.
# 2.3 Create keyBind from template

venus-wallet strategy newKeyBindFromTemplate [command options] [name, address, msgTypeTemplateName, methodTemplateName]

$ ./venus-wallet st newKeyBindFromTemplate kb2 <addr2> \
mttmp1 mtmp1

# 3. Create group

venus-wallet strategy newGroup [command options] [name, keyBindName1 keyBindName2 ...]

$ ./venus-wallet st newGroup group1 kb1 kb2
  • group1: group globally unique name
  • kb1, kb2: the names of the two keyBind created previously.
# 4. Generate a group token to call the public policy

venus-wallet strategy newStToken [command options] [groupName]

$ ./venus-wallet st newStToken group1

  • Here, a group can generate multiple tokens to distinguish call links. The token can be changed irregularly or quickly after leakage.
# 4. Modify keyBind policy configuration
# 4.1 Query keybind

venus-wallet strategy keyBind [command options] [name]

$ ./venus-wallet st keyBind kb1

address	: <addr1>
types	: 0,1,2,3
methods	: CreateMiner,Send
# 4.2 KeyBind add method

venus-wallet strategy addMethodIntoKeyBind [command options] [keyBindName, method1 method2 ...]

$ ./venus-wallet st addMethodIntoKeyBind kb1 Settle SwapSigner

address	: <addr1>
types	: 0,1,2,3
methods	: CreateMiner,Send,Settle,SwapSigner
  • After adding successfully, Settle SwapSigner will be atomically added to methods. At present, this operation is to prevent concurrency.
# 4.3 KeyBind adds msgType

venus-wallet strategy pushMsgTypeIntoKeyBind [command options] [keyBindName, code1 code2 ...]

$ ./venus-wallet st pushMsgTypeIntoKeyBind kb1 4 5 6

address	: <addr1>
types	: 0,1,2,3,4,5,6
methods	: CreateMiner,Send,Settle,SwapSigner
# 4.4 KeyBind remove method

venus-wallet strategy addMsgTypeIntoKeyBind [command options] [keyBindName, method1 method2 ...]

$ ./venus-wallet st addMsgTypeIntoKeyBind kb1 Settle SwapSigner

address	: <addr1>
types	: 0,1,2,3,4,5,6
methods	: CreateMiner,Send
# 4.5 KeyBind remove msgType

venus-wallet strategy removeMsgTypeFromKeyBind [command options] [keyBindName, code1 code2 ...]

$ ./venus-wallet st removeMsgTypeFromKeyBind kb1 4 5 6

address	: <addr1>
types	: 0,1,2,3
methods	: CreateMiner,Send
# 5. Query operation
# 5.1 Query msgType list

venus-wallet strategy listMsgTypeTemplates [command options]

$ ./venus-wallet st listMsgTypeTemplates

num	: 1
name	: mttmp1
types	: 0,1,2,3,4,5

num	: 2
name	: mttmp2
types	: 0,1,2,3,4,5
# 5.2 Query the specified msgType template

venus-wallet strategy msgTypeTemplate [command options] [name]

$ ./venus-wallet st msgTypeTemplate mttmp1

# res
# 5.3 Query method list

venus-wallet strategy listMethodTemplates [command options]

$ ./venus-wallet st listMethodTemplates

num	: 1
name	: mtmp1
methods	: ActivateDeals,AddBalance,AddLockedFund

num	: 2
name	: mtmp2
methods	: ActivateDeals,AddBalance,AddLockedFund
# 5.4 Query the specified method template

venus-wallet strategy methodTemplateByName [command options] [name]

$ ./venus-wallet st methodTemplateByName mtmp1

# 5.5 Query keyBind list

venus-wallet strategy listKeyBinds [command options]

$ ./venus-wallet st listKeyBinds
num	: 1
name	: kb1
addr    : <addr1>
types	: 0,1,2,3
methods	: CreateMiner,Send

num	: 2
name	: kb2
addr    : <addr2>
types	: 0,2,3
methods	: CreateMiner
# 5.6 Query the keyBind list of the specified address

venus-wallet strategy keyBinds [command options] [address]

$ ./venus-wallet st keyBinds <addr1>
$ ./venus-wallet st listKeyBinds
num	: 1
name	: kb1
addr    : <addr1>
types	: 0,1,2,3
methods	: CreateMiner,Send

num	: 2
name	: kb2
addr    : <addr1>
types	: 0,2,3
methods	: CreateMiner
# 5.6 Query the keyBind of the specified name

venus-wallet strategy keyBind [command options] [name]

$ ./venus-wallet st keyBind kb1
address	: <addr1>
types	: 0,1,2,3
methods	: CreateMiner,Send
# 5.7 Query group list

venus-wallet strategy listGroup [command options]

$ ./venus-wallet st listGroup
1	: group1
2	: group2
  • Here, only the name list of group is displayed, and detailed data is not included
# 5.8 Query the specified group

venus-wallet strategy group [command options] [name]

$ ./venus-wallet st group group1
num	: 1
keybind	: kb1
types	: 0,1,2,3
methods	: CreateMiner,Send
# 5.9 Query the token list derived from group

venus-wallet strategy groupTokens [command options] [groupName]

$ ./venus-wallet st groupTokens group1
# 5.10 Query the group details corresponding to the token

venus-wallet strategy stTokenInfo [command options] [token]

$ ./venus-wallet st stTokenInfo 041457f0-ea9a-4486-b648-1feb05dda0c0
groupName: group1
	num	: 1
	name	: kb1
	addr	: t3uktqgxtagiyk5cxrjn5h4wq4v247saxtfukfi6zsvt4sek2q2ufkg27biasg7247zhdpm2kpotukwsapr7pa
	types	: 0,1,2,3
	methods	: CreateMiner,Send
# 6. Delete data

Please use with caution

# 6.1 Delete msgType template (keyBind created from template is not affected)

venus-wallet strategy removeMsgTypeTemplate [command options] [name]

$ ./venus-wallet st removeMsgTypeTemplate mttmp1
# 6.2 Delete method template (keyBind created from template is not affected)

venus-wallet strategy removeMethodTemplate [command options] [name]

$ ./venus-wallet st removeMethodTemplate mtmp1
# 6.3 Delete keyBind according to the name (it will affect the group and thus the group policy corresponding to the token)

venus-wallet strategy removeKeyBind [command options] [name]

$ ./venus-wallet st removeKeyBind kb1
# 6.4 Delete keyBind according to the wallet address (batch deletion will affect the group, thus affecting the group policy corresponding to the token)

venus-wallet strategy removeKeyBindByAddress [command options] [name]

$ ./venus-wallet st removeKeyBindByAddress <addr1>
2 rows of data were deleted
  • Returns the number of keyBind removed
# 6.5 Remove group (all policies corresponding to the group will be invalid)

venus-wallet strategy removeGroup [command options] [name]

$ ./venus-wallet st removeGroup group1
# 6.6 Remove token

venus-wallet strategy removeStToken [command options] [token]

$ ./venus-wallet st removeStToken 041457f0-ea9a-4486-b648-1feb05dda0c0

# Config in venus

format: token:muitiaddr.

        "walletModule": {
                "defaultAddress": "f3ueri27yppflsxodo66r2u4jajw5d4lhrzlcv4ncx7efrrxyivnrsufi7wuvdjmpbepwb2npvj7wglla6gtcq",
                "passphraseConfig": {
                        "scryptN": 2097152,
                        "scryptP": 1
                "remoteEnable": true,
                "remoteBackend": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJBbGxvdyI6WyJyZWFkIiwid3JpdGUiLCJzaWduIl19.gCLPHlI5r9lyxfbPoeU8nSGQI9CpUBaBGA54EzgZ9vE_e78f9e6c-9033-4144-8992-a1890ad76ead:/ip4/"

# Config in lotus

format: token:muitiaddr .the same reason as before

   RemoteBackend = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJBbGxvdyI6WyJyZWFkIiwid3JpdGUiLCJzaWduIl19.gCLPHlI5r9lyxfbPoeU8nSGQI9CpUBaBGA54EzgZ9vE_e78f9e6c-9033-4144-8992-a1890ad76ead:/ip4/"
  #EnableLedger = false
  #DisableLocal = false