Seed participant configuration with DFINITY Canister SDK

From Internet Computer Wiki
Jump to: navigation, search

Introduction

Steps to configure a neuron using the DFINITY Canistr SDK.

Warning

This process is not currently possible on macOS computers with M1 chips. You can only install the DFINITY Canister SDK dfx and the Candid compiler didc on Intel-based macOS and Linux computers.

Step 1: Derive a native Internet Computer principal from your Ethereum seed

As an early contributor or seed donor, Seed participants wrote down a 12-word mnemonic seed phrase that was generated by the DFINITY Chrome extension. To create an identity, seed participants must derive a private key from their seed phrase and import that private key into the DFINITY Canister SDK. This step is required before seed participants can take control of their neurons.

Step 1a: Secure your environment

The safety and security of the seed participant's private key is their responsibility and there is no substitute for planning ahead, bringing the right equipment, having the right skills, and using good judgment. It is strongly recommended they proceed using an air-gapped computer to reduce the risk of having their private key compromised. Depending on the hardware available, they might want to physically remove the network controller, microphone, speakers, and other components, or disable them in their BIOS. Covert channels can be established through a variety of different mediums, including sound, light, radio-frequency, and physical media. Be sure to evaluate the capabilities of your system before settling on a configuration that makes sense for you. If one is unsure, one should consult with a computer security expert. Do not contact the DFINITY Foundation for help with securing your environment.

Step 1b: Install Keysmith

You need Keysmith to derive your private/public key pair from the seed phrase.

To install Keysmith, there are two options:

a. Fetch the release binary

b. Build Keysmith from source.

Option A: Fetch the release binary

If you want to download the Keysmith release binary, keep in mind that you must perform this action on a computer with a network connection. If you are using an air-gapped computer, then you must copy the release binary from your networked computer to your air-gapped computer. How you do this will depend on your configuration.

To download the Keysmith release binary, fetch release v1.5.0 from Github.

Keysmith supports the following operating systems and architectures:

  • Darwin / AMD64 – for macOS models with an Intel chip ([how to check])
  • Darwin / ARM64 – for newer macOS models with an M1 chip ([how to check])
  • Linux / AMD64
  • Linux / ARM32
  • Linux / ARM64
  • Windows / AMD64

Download the .tar.gz file matching your architecture and operating system. If you have a newer M1-based macOS, download keysmith-darwin-arm64.tar.gz. Although you can install keysmith on macOS computers with an M1 chip, you can only install the DFINITY Canister SDK dfx command-line interface on Intel-based macOS computers. For an Intel-based macOS, download keysmith-darwin-amd64.tar.gz.

Verify the SHA256 checksum of your download

Open a terminal and change to the download directory. On a Mac this is

$ cd ~/Downloads

Compute the SHA256 checksum of your download.

$ openssl dgst -sha256 keysmith-*.tar*

Make sure the output matches one of the following lines:

SHA256(keysmith-darwin-amd64.tar.gz)= ad7383d60bced19580fa37b77e133b1e80416b482e4c5326ac2fd17a7710a318
SHA256(keysmith-darwin-arm64.tar.gz)= da1a4ac5ae04b85d4c5b0a3deb6442fb7c456dcf97cbd6ff8153316c5dbb29a9
SHA256(keysmith-linux-amd64.tar.gz)= 7901c3a23aef298f930d1dddf8eee23bc51a55ffda670accfd7b9e37748913d8
SHA256(keysmith-linux-arm32.tar.gz)= 0ab44e74cc502aa653dcb28962bcada5cbefb9e0ec41853a03fb4745c5cd51a9
SHA256(keysmith-linux-arm64.tar.gz)= 635c0bf98dd15f27b302ec0ea793f75c797441009c74500bd9d0a5df26092264
SHA256(keysmith-windows-amd64.tar.gz)= cb398c39583b81d5170dd0a9539d902715317572f6a640b45d3d2db01946b8fa

If your browser already unzipped the .tar.gz for you and you have a file ending in .tar then make sure the output of openssl matches one of the following lines:

SHA256(keysmith-darwin-amd64.tar)= 97b8048f00e75d6adc8651aac1aa77d9bd9c150b0dbc0b0f6409f0d6bdbb24a4
SHA256(keysmith-darwin-arm64.tar)= 07e296fbf33b0c06bd04a8ead30487762aa30ca2daf7e19948d74a96f2c34067
SHA256(keysmith-linux-amd64.tar)= 1d2d986a971f8c7ef0eeb4b01624f023ef8dc9c71d2f0127f21fcc99aebdc99a
SHA256(keysmith-linux-arm32.tar)= 8eb8efecd9182822326f2e60fcff32c0b1541cce206a12b3f2e94547c66dfe63
SHA256(keysmith-linux-arm64.tar)= 82264487e83cbfdd758c1227375758b7d1f0c864adb555775777e7d3afa19e08
SHA256(keysmith-windows-amd64.tar)= b85224d4e9807b8335295193c12dd0cab22bd38881d14c1f1c21479801ace17d

Unpack and install keysmith

To extract the executable from the tarball, enter the following command into your terminal:

$ tar -f keysmith-*.tar* -x

Next, add the executable to your PATH by entering the commands below:

$sudo install -d /usr/local/bin
$sudo install keysmith /usr/local/bin

You will be prompted to enter your laptop password. The password itself will not appear, simply type it and press enter.

Run it

$ keysmith

You should see:

usage: keysmith <command> [<args>]

Available Commands:
    account             Print your account identifier.
    generate            Generate your mnemonic seed.
    legacy-address      Print your legacy address.
    principal           Print your principal identifier.
    private-key         Write your private key to a file.
    public-key          Print your public key.
    version             Print the version number.
    x-public-key        Print your extended public key.

If you are using macOS, making the keysmith binary executable might require you to change a permission setting using System Preferences > Security & Privacy > General.

Option B: Build Keysmith from source

f you want to build the Keysmith from source, keep in mind that you must perform this action on a computer with a network connection. If you are using an air-gapped computer, then you must copy the target binary from your networked computer to your air-gapped computer. How you do this will depend on your configuration.

Keysmith is written in Go, so if you choose to build it from source, then you must first download and install Go, verify that go is in your PATH, and configure your GOPATH and GOBIN environment variables.

Run the following command to build Keysmith from source.

$ go get github.com/dfinity/keysmith

Step 1c: Install the DFINITY Canister SDK

You can install the DFINITY Canister SDK by fetching the v0.7.0 release binary from our website. It is not yet possible to build the DFINITY Canister SDK from source. Note that this action can only be performed on a networked computer. If you are using an air-gapped computer, then you must copy the release binary from your networked computer to your air-gapped computer. How you do this will depend on your configuration.

Run the following command to install the DFINITY Canister SDK.

$ sh -ci "$(curl -fsSL https://sdk.dfinity.org/install.sh)"

Warning: Note that dfx will currently not install on M1-based Macs.

Step 1d: Set your seed phrase for use with keysmith

Step 1e: Check your legacy address and balance (optional)

Step 1f: Derive and import your private key

Step 2: Take control of your neurons

Step 3: Enable disbursal by passing the KYC process

Step 4: Instruct the neurons you wish to unstake to dissolve

Step 5: Disburse ICP from neurons that are fully dissolved