Creating A Custom EOS Permission
A tutorial to create and assign an EOS keypair that can only be used to vote for Block Producers, using the bloks.io EOS explorer
Creating Custom Permissions With Bloks.io
Thank you EOS Cafe Block for continuing to add new and useful features to the Bloks.io explorer and toolkit.
The permissions system is one of the most powerful and understated features of the EOS blockchain. Essentially, you can generate and assign public/private keys to specific actions. This key pair will then only be able to execute the action assigned to it.
In this tutorial, we will show you how to set up custom permissions on your EOS account. There are multiple methods for signing using your permissions. Two of the most popular signing methods are Scatter or a hardware wallet such as a Ledger. Here we will go over the Scatter signing method starting with generating a brand new key pair to use along with a new Scatter identity. In this example, we will show you how to create a new permission that is only authorized to cast block producer votes on the network.
STEP ONE: Generating EOS keys safely offline with EOSkey.io
To create new EOS public and private key pairs visit EOSkey.io created by EOS Cafe. Download their local application to your device, hit the “generate & validate keys” tab on the left side of the application, and generate a new key pair.
NOTE: You can turn your WIFI OFF before hitting the “generate keys” button while you take your time carefully hand-writing your private keys for cold storage.
Copy and paste your new public key in the pair to a temporary file for easy pasting later and label it corresponding to the action for the new permission. Here we will label it “VoteAuth.”
Hand-write down the new private key in the pair, label it “VoteAuth private key,” and keep it safe in cold storage.
With your wifi still turned off type your private key into the validation tool after hand-writing it down to make sure you can accurately reproduce your private key. Paste the public key into the public key field. Click “validate” button. You should see the words “valid key pair” pop up if everything was entered correctly. If it shows “invalid key pair” then something was entered incorrectly or your handwritten copy of your private key was written down inaccurately.
After confirming the key pair is valid, close the application and turn your WIFI back on.
NOTE: All EOS private keys start with the number 5 and contain 51 characters in total. All public keys start with the letters “EOS” and contain 53 characters in total.
Never leave your private keys on a device capable of being connected to WIFI.
STEP TWO: Using Bloks.io Permissions Manager
Visit Bloks.io/permissions-manager and login to the Scatter identity for the account you wish to create the new permission on.
Select “add new permission” green button.
- Use only lower case letters and no spaces to create your permission name. Here we will use “voteauth” for example
- Set the parent as “active” permission
- Click the “add key” blue button to reveal the field to enter your newly generated public key from step 1;A.
- Lastly, click the “save permission” green button.
This will prompt Scatter to pop up for signing. If everything was entered correctly you should see a green successful message appear.
- After adding the new permission with permissions manager click “Link/Unlink Auth” on the left side of the page.
- Fill in the same permission name used in step 2;C (voteauth)
- Type in “eosio” for the contract name and type in your chosen contract action.
- Click “link auth” button when finished and allow the transaction with Scatter desktop when prompted.
If everything was entered properly you should see another green success message pop up after signing with Scatter.
NOTE: For a complete list of eosio contract actions visit EOSIO bloks page and click “contract.”
STEP THREE: Import New Identity Into Scatter.
- Open Scatter and click “add keys”
- Import an existing key
- Import the new private key from step one as text
- Label the new identity entry.
We will use our EOS account name followed by the permission name for easy identification.
Back out to the Scatter home screen and you should now see your new identity with the words “1 linked account” under it.
Return to Bloks.io. This time log in with your new “voteauth” Scatter identity. Submit a vote and allow the transaction with Scatter. If everything was done correctly the vote should submit to the network successfully.
If you attempt to submit any other action other than a “voteproducer” action while logged in with this Scatter identity the transaction should fail.
You can also verify the new permission was added to your account by clicking “permissions” under your account view on the Bloks explorer.
You have now successfully added a voting-only permission on your account. You can follow the exact same process using any other actions in the eosio contract.