Lisk-sdk: Add secondPublicKey to transactions with secondPassphrase

Created on 25 Aug 2017  路  3Comments  路  Source: LiskHQ/lisk-sdk

Current behaviour:
When creating transactions with secondPassphrase, there exist two signatures:

signature, signSignature

In order to verify them, the publicKey of both passphrases are needed. But only senderPublicKey is part of the transaction object.

E.g. 

{
    type: 0,
    amount: '10',
    fee: 10000000,
    recipientId: '13356260975429434553L',
    senderPublicKey: '215b667a32a5cd51a94c9c2046c11fffb08c65748febec099451e3b164452bca',
    timestamp: 39541109,
    asset: {},
    signature: 'e7027dbe9bb8ebcc1738c560fe0a09161d781d9bfc5df4e9b4ccba2d7a1febcd25ba663938c8d22d4902d37435be149cfb0fd69e7a59daf53469abe8f6509e0c',
    signSignature: 'e88b4bd56a80de3b15220bdf0d1df0aa024a7a127ef07b8dc36a4e12d50e8eb338bc61ebe510ab15839e23f073cffda2a8c8b3d1fc1f0db5eed114230ecffe0a',
    id: '6950565552966532158'
};

Expected Behaviour:
I would propose to add the senderSecondPublicKey also as optional field to the transaction, only when signSignature is also present. So it would look like this:

{
    type: 0,
    amount: '10',
    fee: 10000000,
    recipientId: '13356260975429434553L',
    senderPublicKey: '215b667a32a5cd51a94c9c2046c11fffb08c65748febec099451e3b164452bca',
    senderSecondPublicKey: '922fbfdd596fa78269bbcadc67ec2a1cc15fc929a19c462169568d7a3df1a1aa',
    timestamp: 39541109,
    asset: {},
    signature: 'e7027dbe9bb8ebcc1738c560fe0a09161d781d9bfc5df4e9b4ccba2d7a1febcd25ba663938c8d22d4902d37435be149cfb0fd69e7a59daf53469abe8f6509e0c',
    signSignature: 'e88b4bd56a80de3b15220bdf0d1df0aa024a7a127ef07b8dc36a4e12d50e8eb338bc61ebe510ab15839e23f073cffda2a8c8b3d1fc1f0db5eed114230ecffe0a',
    id: '6950565552966532158'
};

This would enable people to verify both transaction without separately having to look up the second publicKey for the account.

invalid
Source
picture toschdev
👍1

Most helpful comment

To expand, if users want the added security of multiple passphrases, they should look at multisig instead. Secondpassphrase is a duplication of concerns and is not really secure at all, considering many users store both passphrases together.

picture Isabello on 1 Sep 2017
👍2

All 3 comments

I would propose removing second passphrase entirely, instead of this.

Isabello picture Isabello on 1 Sep 2017
2

To expand, if users want the added security of multiple passphrases, they should look at multisig instead. Secondpassphrase is a duplication of concerns and is not really secure at all, considering many users store both passphrases together.

Isabello picture Isabello on 1 Sep 2017
👍2

With #4836, this issue is no longer valid

shuse2 picture shuse2 on 19 Mar 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ManuGowda picture ManuGowda  路  3Comments
willclarktech picture willclarktech  路  4Comments
slaweet picture slaweet  路  3Comments
diego-G picture diego-G  路  3Comments
willclarktech picture willclarktech  路  4Comments