smidgen - an IOTA Multisignature Wallet
The security of our users is very important to us. For this reason, we are excited to be able to announce the release of smidgen, a Multisignature wallet for IOTA.
Multisignature wallets add an extra layer of security. By using Multisignature wallets, we can create addresses which require multiple seeds for each transaction, each seed owned by one or multiple persons.
smidgen is Open Source Software and licensed unter the MIT license.
Right now, smidgen is in its final beta stage. smidgen is beta software and supports many other handy commands, ranging from address generation to balance checking.
You can install smidgen with:npm install -g smidgen
Important: Seeds to create Multisignature wallets should be used for only one wallet.
smidgen uses a file which is shared between seed owners. With this file, we can manage the wallet, with its addresses and transfers. This makes it easier to keep track of the current state. Private keys are not part of the file. Please make sure you read and understood the Offical IOTA Multisig FAQ.
Important: As of this moment, smidgen is dependent on a full node as a provider for transfers. You can specify a full node with --provider.
Creating a Multisignature Wallet
The command for creating a wallet is:smidgen multisig create <id>
id is the identifier for the current party. The order of the signing parties is important for each transfer. By assigning an identifier to each party, it becomes easier to verify the correect signing order. file is the file we will use to store our transactions and addresses.
Let’s say we have two parties – Bob and Alice – who want to manage a wallet.
Bob starts the process and creates the Multisignature Wallet:smidgen multisig create bob multisig.txt
smidgen asks for the seed Bob wants to use, and creates the file with the digest. Tip: smidgen generate-seed creates a secure seed.Enter your seed: info Successfully wrote to multisig.txt info Used key index 0 (main) and 1 (remainder) info info Add another party with: info smidgen multisig add <id> multisig.txt info You can finalize the wallet with: info smidgen multisig finalize multisig.txt
Bob now shares the multisig.txt file with Alice to continue the process.
When Alice receives the file, she has to use the smidgen multisig add command to add herself as the next party. Adding parties is possible until we finalize the wallet.smidgen multisig add alice multisig.txt
Enter your seed: info Successfully wrote to multisig.txt info Used key index 0 (main) and 1 (remainder) info info Add another party with: info smidgen multisig add <id> multisig.txt info You can finalize the wallet with: info smidgen multisig finalize multisig.txt
As there are no remaining parties, Alice finalizes the wallet:smidgen multisig finalize multisig.txt
smidgen returns the current main address:info Successfully wrote to multisig.txt info Main address: SNEERGHLCZDUYDATGDQSCGCSROWBJVFGDKRSSQLCISMU9IYPJHQHUMFZLARRSEPHISJCDFMZAZEWTBYJZTCKUNDMJA
That’s it. Alice can now share the finalized wallet file with Bob. Transfers from the generated address are only possible if both Alice and Bob sign the transfer.
Using a Multisignature Wallet
Let’s take some IOTA from another wallet and transfer them to the new Multisignature wallet:smidgen transfer 3 --provider=http://fullnode.example.com LDSWPKCQ9HNPIVHDRUBUWB9ZZPEDFZLYXJNZKIXBFQTWZFVJZJTTOJQWYOR9XVR9NZOQXNQGWQPCCSSWZQPLPDAOIZ
smidgen returns:Enter your seed: info Successfully sent 3i to LDSWPKCQ9HNPIVHDRUBUWB9ZZPEDFZLYXJNZKIXBFQTWZFVJZJTTOJQWYOR9XVR9NZOQXNQGWQPCCSSWZQPLPDAOIZ info Transaction sent, hash: HMBROOZJBZYCFZTRVCDINXBLCAUX9ZREKIDWGLFAFYSFFBVBHDZTBBOCRKPNLEBZIURQXGJNXSU999999 info Reattach with `smidgen reattach HMBROOZJBZYCFZTRVCDINXBLCAUX9ZREKIDWGLFAFYSFFBVBHDZTBBOCRKPNLEBZIURQXGJNXSU999999`
Awesome! In case our transaction is stuck, we can try to reattach it with:smidgen reattach --provider=http://fullnode.example.com HMBROOZJBZYCFZTRVCDINXBLCAUX9ZREKIDWGLFAFYSFFBVBHDZTBBOCRKPNLEBZIURQXGJNXSU999999
We can now monitor the balance of our Multisignature wallet with smidgen:smidgen get-balance --watch LDSWPKCQ9HNPIVHDRUBUWB9ZZPEDFZLYXJNZKIXBFQTWZFVJZJTTOJQWYOR9XVR9NZOQXNQGWQPCCSSWZQPLPDAOIZ
smidgen will print the current balance every 15 seconds:Balance: 0 i (0 Mi) - 3s since last update
Time for a tea until the funds arrive in our Multisignature wallet…
The IOTA arrived!Balance: 3 (0.000003 Mi) - 3s since last update
Let’s continue and complete our first transfer.
To kick off a transfer, both Bob and Alice have to sign with their respective seeds. As Bob signed as the first party, he also has to sign first this time.
A transfer is created from the wallet file that is shared between the parties. Each transfer is appended to the file. This way we keep track of the key indexes and other details, like the current address.
The signature of the command is:smidgen multisig transfer <value> <address> <id> <file>
When we try to sign in a wrong order, smidgen will notify us:smidgen multisig transfer 3 VSBHQVNJNWR... alice multisig.txt --provider=http://fullnode.example.com ERR! Wrong party signing. Current party: bob ERR! Signing order: bob, alice
So Bob has to sign first:smidgen multisig transfer 3 VSBHQVNJNWR... bob multisig.txt
smidgen returns:info Successfully signed transfer info Share multisig.txt with 'alice' to continue
Great! Now it is Alice’s turn to sign the transfer after Bob sent her the updated wallet file. smidgen will detect that the last party has signed and send the transaction. For the transfer we have to do a POW, so we need to specify a full node as provider:smidgen multisig transfer 3 VSBHQVNJNWR... alice multisig.txt --provider=http://fullnode.example.com
smidgen verifies the bundle and sends the transfer:Enter your seed: info Verifying bundle... Bundle: OK info Sending transaction... info Transaction sent, hash: OHHJOCLRMKQ9EMINOZXITIKWFZIQBEWPOQWCIOMWOFNOILVDYLERFLJOFANUSECBXFEXOJ... info Reattach with `smidgen reattach OHHJOCLRMKQ9EMINOZXITIKWFZIQBEWPOQWCIOMWOFNOILVDYLERFLJOFANUSECBXF` info Saved status to multisig.txt info New main address: DIYWAXPNINNJXWDPGGXAQTYTPREQYDONTZXGZMQTAGDCUOAEJXJXOIUFAVDUORHERZCXCCUMQGRAP...
Great! That’s it! smidgen created a new address for us.
If we want to accept new IOTA, we have to use the new address that has been generated.
We hope you enjoyed our small tour through Multisignature wallet management with smidgen.