Offline signing: Store public keys in address book

[matevz]

Currently, there is no way to prepare an unsigned transaction using CLI without having the signer's private key. You can only store and use the private key from your wallet and in the address book, only addresses are stored.

I suggest the following: When adding an entry to the address book, one accepted format could also be a public key. In this case the address would be derived from the public key so it is consistent with other address book entries, but the public key would also be stored along. Then, to generate an unsigned transaction with that public key, --account <some_address_book_entry_pubkey> can be passed.

Alternatively, we could support importing accounts with public keys as accounts instead of address book entries. But this would break the current behavior of the wallet (accounts which you can sign tx with) and address book (accounts which you cannot sign txes with).

[gw0]

Any ETA for supporting preparation of unsigned transactions? The docs mention "First, generate an unsigned transaction on a networked machine,", but I can not find a way to do it with Oasis CLI (https://docs.oasis.io/general/manage-tokens/cli/account#unsigned). Attempts to modify the config file to create an account without a private key do not work...

[kostko]

Any ETA for supporting preparation of unsigned transactions

This is already possible which is how I create transactions that need to be signed by the multisig signer. It is just slightly awkward as you need to manually specify the correct nonce as otherwise it will use the nonce of the specified account from your wallet.

You can just specify --unsigned --format cbor --nonce X -o mytx.cbor to get an unsigned transaction saved into mytx.cbor.

[gw0]

Any ETA for supporting preparation of unsigned transactions

This is already possible which is how I create transactions that need to be signed by the multisig signer.

How? It does not seem to work?

$ oasis --version
Software version: v0.11.2-git284baec
Oasis SDK version: v0.12.1
Oasis Core version: v0.2500.0
Go toolchain version: go1.23.6

## no accounts in wallet
$ oasis account transfer 10 oasis1yyy --unsigned --offline --nonce 1 --format cbor -o tx1_unsigned.cbor
Error: no accounts configured in your wallet
$ oasis account transfer 10 oasis1yyy --unsigned --offline --nonce 1 --format cbor -o tx1_unsigned.cbor --account oasis1xxx
Error: account 'oasis1xxx' does not exist in the wallet
$ oasis account transfer 10 oasis1yyy --unsigned --offline --nonce 1 --format cbor -o tx1_unsigned.cbor --account ${XXX_ENTITY_ID}
Error: account '...' does not exist in the wallet

## account in wallet with manually changed address field
$ cat ~/.config/oasis/cli.toml
[wallets.xxx]
address = 'oasis1xxx'
algorithm = 'ed25519-adr8'
description = ''
kind = 'file'
number = 0
$ oasis account transfer 10 oasis1yyy --unsigned --offline --nonce 1 --format cbor -o tx1_unsigned.cbor
Unlock your account.
? Passphrase: 
Error: address mismatch after loading account (expected: oasis1zzz got: oasis1xxx)

Or you just need an (any/temporary) account, in order for --unsigned to work?

[kostko]

Yes you need any/temporary account for unsigned to work. The account itself is ignored.