Difference between revisions of "How-To: Claim neurons for seed participants"

A guide for seed contributors to claim their ICP utility tokens as NNS neurons. For controlling the neurons after claiming see this tutorial instead.

Introduction

You are a seed participant if you donated to the DFINITY foundation in February of 2017 to support the development of the Internet Computer. At that time, 30 tokens per Swiss Franc of value donated were allotted to your key. These tokens are now called "ICP utility tokens" or "ICP" for short.

At Genesis Unlock, your ICP were disbursed to you in the form of a basket of 49 voting neurons. These neurons already exist inside the Network Nervous System. Your neurons contain the tokens you have been awarded, which are staked inside.

Your neurons have been configured to vote automatically and are already earning voting rewards for you. You do not need to do anything to initialize your neurons in order to continue earning voting rewards.

The 49 neurons created for you have dissolve delays of 0 days, 30 days, 60 days, 90 days and so on. Apart from the first neuron which has a dissolve delay of 0 days (which can be dissolved immediately), the other dissolve delays may have a small random number of days added to it.

Your neurons have also been pre-aged. At the moment of Genesis Unlock, their age was already set to 18 months old. This is important, because neuron age significantly increases your voting power and the voting rewards you receive.

To control your neurons, you must use the same secret key that you generated when the donation was made. It was recorded by you as a 12-word mnemonic phrase. In order to control your neurons you need to first claim your basket of neurons. There are two ways to claim which are explained below in this article:

1. Claiming with Ledger Nano device (recommended)
2. Claiming with an air-gapped computer + networked computer/smartphone

After claiming, there are two ways to control your neurons:

1. The NNS dapp (GUI) as described in this tutorial
2. A command line tool ic-hardware-wallet-cli available on github.

Claiming with a Ledger Nano device

Prepare your Nano device

Connect your Ledger Nano device to USB power. On the Nano device, select "Set up with Recovery phrase" (as opposed to "Set up as new device"). Choose a PIN. Select "Recovery phrase with 12 words" (not 18 or 24 words). Enter the 12 word phrase the was generated by the Chrome extension during the seed donation phase.

On your computer, install Ledger Live from ledger.com and start it. If offered to upgrade to a newer version then do so. Connect the Nano device to USB and, if necessary, unlock it with the PIN. In Ledger Live, select "Manager" in the "Menu" column on the left. Confirm the access on the Nano device.

If offered to update the firmware of the Nano device then do so. Confirm the update on the Nano device. After an update you have to re-enter the PIN. If the previous firmware was very old then you even have to re-enter the 12-word phrase. Moreover, if the previous firmware was very old then you may not get to the latest firmware version in one step (multiple incremental updates will be needed). It is important that you get to the latest _available_ firmware on your Nano device.

From within the Ledger Live "Manager" install the app called "Internet computer (ICP)" version >=2.0.6 onto your Nano device. You can search for the app in the search bar by typing "ICP" or "internet". After the installation succeeded you can close Ledger Live.

Install the CLI tool

Install `node` from https://nodejs.org/en/download/. Follow the download or installation link for your operating system.

Open a terminal and run this command:

npm install -g @dfinity/hardware-wallet-cli

Depending on your OS you may have to put sudo in front of the command.

This will install the package https://www.npmjs.com/package/@dfinity/hardware-wallet-cli and build an executable called `ic-hardware-wallet`. To verify that the executable is accessible run the command:

ic-hardware-wallet

and you should see output like this:

 Usage: ic-hardware-wallet [options] [command]
 A CLI for the Ledger hardware wallet.
 Options:
   --network <network>  The IC network to talk to. (default: "https://ic0.app", env: IC_NETWORK)
   -h, --help           display help for command
 Commands:
   info [options]       Show the wallet's principal, address, and balance.
   icp                  Commands for managing ICP.
   neuron               Commands for managing neurons.
   help [command]       display help for command

If you had already installed an older version of the package `@dfinity/hardware-wallet-cli` then install it again and make sure the version of the package is >= 0.2.1. You can check the installed version with the command:

npm list

Claim

Connect the Nano device to USB, unlock it with PIN and start the "ICP" app on it.

On your computer run the command:

ic-hardware-wallet neuron claim

You will have to approve twice on the Nano device. Once for the actual `claim` message and once for obtaining the result status. You should see output like this:

OK: Successfully claimed the following neurons:

followed by 49 numbers (the neuron ids).

Note: there is no risk of harm if your computer is compromised or infected with malware. The signed "claim" message cannot be abused. The worst that can happen is that it is not submitted to the IC. There is no harm in sending the "claim" message multiple times. If something went wrong in the process then you can simply retry.

Claiming with an air-gapped computer

Claiming requires access to your secret mnemonic phrase and to secret keys derived from it. It is highly advised that you use an air-gapped computer for the purpose of claiming. If you are not comfortable with such a setup or with any of the following steps then you have to wait for the next release of the "ICP" app for the Ledger Nano device.

As an air-gapped device you can use a Windows, Linux or MacOS machine. Linux includes Raspberry Pi.

Download the tools

To download the tools you need a second, networked computer. The tools are called keysmith and quill. We describe here how to find and download a binary for your architecture. Alternatively, you can compile the tools yourself from the source code available on github for keysmith and quill.

Binaries are available for the following hardware architectures. Here, architecture refers to the air-gapped computer, not the networked computer.

Download keysmith

Go to keysmith, choose the latest release (currently v1.6.2) and fetch the .tar.gz file that matches the air-gapped machine's architecture in the table above.

Download quill

Go to quill , choose the latest release (must be >= 0.2.12) and fetch the executable file that matches the air-gapped machine's architecture in the table above.

Copy to air-gapped machine

Copy the keysmith .tar.gz file and the quill executable from the networked machine to the air-gapped machine. For example, you can do so with a USB drive.

Verify the hashes

On the air-gapped machine, go to the terminal. Change the directory to the folder where the keysmith .tar.gz files and quill executables are. Compute the SHA256 hashes with the commands

openssl dgst -sha256 keysmith-*

and

openssl dgst -sha256 quill-*

The hashes should match the following entries:

SHA256(keysmith-darwin-amd64.tar.gz)= a53bad6fa36c1eb35cd36059ffe9cbf4c063b515e47ccf666b7e1c174a7d1088
SHA256(keysmith-darwin-arm64.tar.gz)= 47932452353fe7f921b4ac41828dd19530ae0c4bdb72bcbb016a0715ca80e879
SHA256(keysmith-linux-amd64.tar.gz)= cb283dac031d8676f25e72d19115be347d2b85c864a17dd563104bf496b14a06
SHA256(keysmith-linux-arm32.tar.gz)= b28670e2b3483ea9f9ba691e9f76f99df31b2678db33b69c888fb08b634de162
SHA256(keysmith-linux-arm64.tar.gz)= ebe9cde3cf440ebbfb53dd10bf7f412cbff8b089551100ee0fa48f3ac9bd66c3
SHA256(keysmith-windows-amd64.tar.gz)= 1ef9b77ccaae980aad4a227fe1a817821245da491a90f0e6ad323426b49ae40a

and

SHA256(quill-arm_32)= ebe2506e4dc4422e7670094e8b2b1d854a3b3c317b25c1c88990853d3d85c064
SHA256(quill-linux-x86_64)= 18fc671ee8c96b367875b39470073d68db78d32d242d14d4682025ef2a5d9ad4
SHA256(quill-macos-x86_64)= 97c373ab871be377ac784faff089ca26d23c37725230fb36d78f17d7a73b0867
SHA256(quill-windows-x86_64.exe)= 2542244c9ad3a9baf54bc2227e8c71ea8a8fb9f7e6065cc7a848c7b1cdce906e

Unpack and install

For keysmith:

tar -f keysmith-*.tar* -x
sudo install -d /usr/local/bin
sudo install keysmith /usr/local/bin

You will be prompted to enter your laptop password. The password itself will not appear, simply type it and press enter. For quill:

mv quill-arm_32 quill 
sudo install quill /usr/local/bin

Produce the private key file with keysmith

Test the installation

On the air-gapped computer run:

keysmith

You should see:

usage: keysmith <command> [<args>]

Available Commands:
    account             Print your account identifier.
    generate            Generate your mnemonic seed and write it to a file.
    legacy-address      Print your legacy address.
    principal           Print your principal identifier.
    private-key         Derive your private key and write it to a file.
    public-key          Print your public key.
    shortlist           Print the available commands.
    version             Print the version number.
    x-private-key       Derive your extended private key and write it to a file.
    x-public-key        Print your extended public key.

If you are using macOS, running keysmith for the first time might require you to grant permission under System Preferences > Security & Privacy > General.

Enter your mnemonic phrase (aka "seed")

If you confident that your environment is secure, then you are ready to enter your seed for use with keysmith. For the duration of your session, you store your seed phrase in an environment variable. It will be eliminated from your system when you turn your computer off.

read seed

Enter your seed phrase and finish with Return.

If you prefer to not have your seed phrase displayed as you type then use this command instead:

read -s seed

Optional: check your legacy address and balance

At this point you can already verify your legacy address and ICPT balance. The legacy address matches to what was formerly called "DFN address" in the Dfinity Chrome extension. You may have copied it from the Chrome extension for your records back when you used the extension.

echo $seed | keysmith legacy-address -f -

The output is a 40 character hex string. It looks something like this:

 2d89d96b10f7a9456a9154b2f5309ee70df5bce1

You can check your ICPT balance as follows: Go to https://ic.rocks/principal/renrk-eyaaa-aaaaa-aaada-cai, look for "Canister interface" and the method "balance". There, paste your DFN address in to the field labeled "text" and click the button labeled "Query". Your ICP balance will appear below "nat32".

Create your private key (.pem file)

Derive your private key from your seed phrase.

echo $seed | keysmith private-key -f -

This creates a file identity.pem containing your private key.

Optional: Store .pem file only in RAM

We will later wipe the identity.pem file from the filesystem. There is however a remaining risk that the data could survive in the disk and later extracted despite it being wiped. It is more secure to create a RAM disk and store the .pem file only in the RAM disk.

Create RAM disk on MacOS

Run these commands

1DISK=$(hdiutil attach -nomount ram://16384)
2diskutil erasevolume HFS+ RD $DISK
3cd /Volumes/RD

before running

echo $seed | keysmith private-key -f -

Create RAM disk on Linux

Run these commands

1sudo mkdir /mnt/ramdisk
2sudo mount -t ramfs keysmith /mnt/ramdisk
3sudo mkdir /mnt/ramdisk/workspace
4sudo chown $USER /mnt/ramdisk/workspace
5cd /mnt/ramdisk/workspace

before running

echo $seed | keysmith private-key -f -

Create RAM disk on Windows

Todo

Submit claim with quill

Test the installation

On the air-gapped computer run:

quill

You should see:

quill 0.2.12

Ledger & Governance ToolKit for cold wallets

USAGE:
    quill [OPTIONS] <SUBCOMMAND>

OPTIONS:
    -h, --help                   Print help information
        --pem-file <PEM_FILE>    Path to your PEM file (use "-" for STDIN)
    -V, --version                Print version information

SUBCOMMANDS:
    account-balance      Queries a ledger account balance
    claim-neurons        Claim seed neurons from the Genesis Token Canister
    get-proposal-info
    help                 Print this message or the help of the given subcommand(s)
    list-neurons         Signs the query for all neurons belonging to the signin principal
    list-proposals
    neuron-manage        Signs a neuron configuration change
    neuron-stake         Signs topping up of a neuron (new or existing)
    public-ids           Prints the principal id and the account id
    send                 Sends a signed message or a set of messages
    transfer             Signs an ICP transfer transaction

If you are using macOS, running quill for the first time might require you to grant permission under System Preferences > Security & Privacy > General.

Sign the claim request

On the air-gapped computer run:

quill --pem-file identity.pem claim-neurons >msg.json

Submit the claim to the IC

Option 1: With quill on the networked computer

Copy the resulting file `msg.json` back to the networked computer. On the networked computer, change into the directory where `msg.json` is and run:

quill send msg.json

Your neurons should now be claimed.

You can double-check if you claim was successful in the following way: Go to https://ic.rocks/genesis/2d89d96b10f7a9456a9154b2f5309ee70df5bce1 where you replace 2d89d96b10f7a9456a9154b2f5309ee70df5bce1 with your own DFN address. Under "Status" you should see "Claimed".

Option 2: Use the QR scanner app

• Install qrencode
• Run cat msg.json | gzip -c | base64 | qrencode -o msg.png
• Open msg.png in an image viewer
• Open scanner app in a browser on a phone: https://p5deo-6aaaa-aaaab-aaaxq-cai.raw.ic0.app
• Scan QR code and submit

Clean up the air-gapped computer

If your claim was successful then do not forget to remove the .pem file on the air-gapped computer:

rm identity.pem