Signing registration certificate examples incorrect.

Question

Signing registration certificate examples incorrect.

Closed this issue a year ago · 4 comments

The example for signing a registration certificate is no longer accurate and leads to failure to delegate (register the staking certificate more accurately).

Incorrect Example Documentation

This link to witness the transaction from the delegation page is incorrect as it shows 2 output files being created. However cardano-hw-cli will only generate a single output and error messages about the second.

Dropping the second output leads to still seeing warnings about superfluous signing files, but every file is required which will be covered in Real World Examples

This link to assemble the trasaction from the witness files leads to a failure because cardano-hw-cli did not actually produce both witness files and states that it did not.

Real World Examples

The transaction cannot be signed with only the payment.hwsfile or the stake.hwsfile. Below we can see that both files are required or cardano-hw-cli refuses to create ANY signed transactions.

Signing with only payment.hwsfile

$ cardano-hw-cli transaction witness --tx-file /tmp/tx.raw --testnet-magic 141 --hw-signing-file /opt/TrezorWallet-extra2/payment.hwsfile --out-file /tmp/tx.witness_xxxxxxxxx
Error: Missing signing file for certificate

Signing with only stake.hwsfile

$ cardano-hw-cli transaction witness --tx-file /tmp/tx.raw --hw-signing-file /opt/TrezorWallet-extra2/stake.hwsfile --out-file /tmp/tx.witness_yyyyyyyyyyy --testnet-magic 141
Warning! A superfluous HW signing file specified (1 of 1), the witness was not created.
Warning! A superfluous output file specified (1 of 1), the file was not written to.

Trying to sign with only the stake.hwsfile is not valid as the signature to spend the uTXO does not exist. No tx.witness file is created. So the transaction cannot be signed with only the payment.hwsfile or the stake.hwsfile, yet when signing with both there are still warnings regardless of using a single output file or two separate output files:

Compared to Cardano CLI

This works in cardano-cli as it can sign a transaction individually with the stake.skey and produce a signed transaction.
Similarly cardano-cli can sign a transaction individually with the payment.skey and produce a signed transaction.

Both keys are not required in combination to sign, both result in a unique signature file and then are combined with cardano-cli transaction assemble.

Using both keys but a single output file:

$ cardano-hw-cli transaction witness --tx-file /tmp/tx.raw --hw-signing-file /opt/TrezorWallet-extra2/stake.hwsfile --testnet-magic 141 --hw-signing-file /opt/TrezorWallet-extra2/payment.hwsfile --out-file /tmp/tx.witness_zzzzzzzzzz
Warning! A superfluous HW signing file specified (1 of 2), the witness was not created.
Writing to file '/tmp/tx.witness_zzzzzzzzzz'.
$ find /tmp/tx.witness_zzzzzzzzzz
/tmp/tx.witness_zzzzzzzzzz

cardano-hw-cli refuses to sign the registration cert with only one hwsfile at a time.
Signing with both hwsfile produces a single signed transaction but complains that one hwsfile is superfluous.

The warning seems inaccurate as today both the stake and payment hwsfile are required by cardano-hw-cli to sign a staking registration transaction. If the warning is going to exist in every instance of signing a staking certificate registration transaction it feels like this should be clearly described in examples of the documentation. Otherwise it seems like it was incorrectly implemented and should be removed as it causes confusion.

Separately examining a De Registration w/ cardano-hw-cli it is clear it:

Accepts both the hwsfile's for stake and payment without generating superfluous warnings.
Produces two separate --out-file witness signatures, one for the stake and one for the payment.
Using cardano-cli to assemble the transaction is a success because there is a signature per hwsfile to assemble

Cardano developer documentation still suggests that signing a registration certificate requires both the stake and payment signatures, so why the superfluous warning message?
Is there a different set of steps for registration which somehow removes the superfluous warnings?
Why are there no superfluous warnings when de-registering in the exact same way?
Why does de-registering still produce two, separate, witness signatures instead of one?

Answer 1 · 2023-04-29T22:07:15.000Z

Looks like a bug in the documentation yes. I am using the single witness output for a long time now:
https://github.com/gitmachtl/scripts/blob/9cbccaecc047181994bf107fc205c8ea969033fa/cardano/mainnet/03b_regStakingAddrCert.sh#L284

Answer 2 · 2023-04-29T22:15:38.000Z

Even though only providing a single witness output, that feels a bit wierd when providing two keys to witness tx with, it still throws the warning with A superfluous HW signing file specified.

For now my solution in CNTools for my general purpose witness function for all types (registration, deregistration, delegation etc.) is to provide as many outputs as keys needed to witness with. So for wallet registration using own utxo this means payment and stake key of HW device + 2 witness outputs. This will throw two warnings as mentioned and one of the witness outputs will be an empty file. I then check for this when assembling tx to ignore any empty file.

Sort of a hacky solution and I would prefer not to have the warnings displayed in the first place as this might scare the user that something is wrong.

Answer 3 · 2023-05-06T19:22:06.000Z

@davidmisiak @DavidTranDucVL As the committers to the delegation example documentation do either of you have any input to contribute on the topic of this issue?

Thanks

Answer 4 · 2023-08-18T09:06:31.000Z

Hi, we apologize for a late reply.

This link to witness the transaction from the delegation page is incorrect as it shows 2 output files being created. However cardano-hw-cli will only generate a single output and error messages about the second.

I believe the example should be correct - when signing a delegation certificate, both the payment and the staking signing file are needed and both witnesses should be created.

However, you are correct that when signing a stake registration certificate (which is not described in the documentation), the staking signing file is always required (because the HW wallet needs to display the derivation path in the certificate), but no staking witness is generated (because this is not needed to register a staking key according to the Cardano blockchain specification).

Therefore in cardano-hw-cli v1.14.0, we removed the "superfluous signing file" warning. The intended usage when signing a registration certificate - providing both signing files and a single witness output file - should now work without any warnings.

Let us know if there is still an issue.

Cardano developer documentation still suggests that signing a registration certificate requires both the stake and payment signatures, so why the superfluous warning message?

We believe this is just a mistake in cardano developer documentation, the registration certificate should be valid even without the staking witness (as registering a staking key poses no security risk to its owner). We tried to notify the documentation maintainers about this inaccuracy in the past.