EOS Account and Permission

We will explore the relationship between account, wallet and key pairs that are used in EOS.IO.

We can see their behavior by running the ‘cleos’ command.

For our reference, we used the account and permission document in the official EOS.IO wiki.

Wallet

Wallet is where key pairs are stored. Wallets can have state of lock and unlock, and needs to have passwords entered to be unlocked. Wallets are managed by ‘keosd’ commands and the values can be verified through ‘cleos’ commands.

Account

This is an identifier that users in blockchain can read. It is used when a transaction is executed and released. And an account needs permission that corresponds to ‘owner’ and ‘active’.

Similar to Ethereum, the account for EOS can be consisted of an user account that owns tokens and a contract account.

Permission

Every account should need permission that corresponds to ‘owner’ and ‘active (user)’.

• owner: Permission that indicates the ownership of an account. The highest authority.
• active: Permission for transferring token and for voting on block producers. The second highest permission after owner.

Owner key of an account should be safely stored for later changing its characteristics. When releasing or running contracts, it can be done through an active key.

Wallet Commands

Creating Wallet

• Run ‘cleos wallet create’
• Default wallet is ‘default’
• Information of a generated wallet would be stored in ‘~/eosio-wallet’
• When it is created, ‘master password’ would be marked. This password should be safely stored.

Commands for creating a default wallet:

$ cleos wallet create
Creating wallet: default
Save password to use in the future to unlock this wallet.
Without password imported keys will not be retrievable.
"PW5JCiKLtsJjeoS7xG8vE452ixLBLwsi1rv5mjKNJ1cN5uvrf1JLw"

Commands for another named wallet (-n name):

$ cleos wallet create -n periwinkle
Creating wallet: periwinkle
Save password to use in the future to unlock this wallet.
Without password imported keys will not be retrievable.
"PW5J88idpePpBnymRaBMaULeekVo8oHhuur2oSn4PPW9Sa14kBquN"

Verifying Wallet Lists

• The list can be verified with ‘cleos wallet list’.

$ cleos wallet list
Wallets:
[
    "default *",
    "periwinkle *"
]

If (*) is marked on the two wallets, it means that the wallets are unlocked.

Wallet lock & unlock

Lock command:

$ cleos wallet lock -n periwinkle
Locked: periwinkle

Commands for verifying the list:

$ cleos wallet list
Wallets:
[
    "default *",
    "periwinkle"
]

Unlock command:

• When unlocking it, the master password should be entered.

$ cleos wallet unlock -n periwinkle

- As an option for password, the master password can be entered. But, as to its security, it is vulnerable to being exposed.

$ cleos wallet unlock -n periwinkle --password PW5J88idpePpBnymRaBMaULeekVo8oHhuur2oSn4PPW9Sa14kBquN
Unlocked: periwinkle

Key Pair Commands

• Key should be created and it should be imported into wallet.
• Several different keys can be registered in a wallet.

Creating key pair

$ cleos create key
Private key: 5JKprrPtW4xoqKSbXgdWUobWThjGMHoW13PGBNrmBhyioj26Bnr
Public key: EOS8T18b3xLfWqVoTHbH57QXwMUTKYvtytbyWsit6AjCdYxQeEarx
$ cleos create key
Private key: 5KUxWKzxjvT9xBvEJcaUS9sPMRQoJ2bZhx4xhDZUMwV1GMKJrdZ
Public key: EOS8Duao8YYNVgnyYv4BxDu75tCZk8tbAraUkiPBy9SwvRUZ7VxBx

Importing key pair into wallet

Importing keys generated into a wallet:

$ cleos wallet import <private key> -n <wallet name>
$ cleos wallet import 5JKprrPtW4xoqKSbXgdWUobWThjGMHoW13PGBNrmBhyioj26Bnr
imported private key for: EOS8T18b3xLfWqVoTHbH57QXwMUTKYvtytbyWsit6AjCdYxQeEarx
$ cleos wallet import 5KUxWKzxjvT9xBvEJcaUS9sPMRQoJ2bZhx4xhDZUMwV1GMKJrdZ -n periwinkle
imported private key for: EOS8Duao8YYNVgnyYv4BxDu75tCZk8tbAraUkiPBy9SwvRUZ7VxBx

Confirmation of the list of keys

$ cleos wallet keys
[
"EOS6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV",
"EOS8Duao8YYNVgnyYv4BxDu75tCZk8tbAraUkiPBy9SwvRUZ7VxBx",
"EOS8T18b3xLfWqVoTHbH57QXwMUTKYvtytbyWsit6AjCdYxQeEarx"
]

The 2 keys registered above were included.

‘EOS6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV’ was automatically included as a key that would be used for the ‘eosio’ account. Otherwise, the import can be done through the command below.

$ cleos wallet import 5KQwrPbwdL6PhXujxW37FSSQZ1JiwsST4cqQzDeyXtP79zkvFD3

Account Commands

Creating Account

It can be done with the command below:

$ cleos create account ${authorizing_account} ${new_account} ${owner_key} ${active_key}

• authorizing_account: account name for account creation and fee payments. It is also a special account for booting with ‘eosio’ account.
• new_account: name for the newly created account.
• owner_key: public key that is allocated into the account’s owner permission.
• active_key: public key that is allocated into the account’s active permission.

$ cleos create account eosio account1 EOS8T18b3xLfWqVoTHbH57QXwMUTKYvtytbyWsit6AjCdYxQeEarx EOS8Duao8YYNVgnyYv4BxDu75tCZk8tbAraUkiPBy9SwvRUZ7VxBx
executed transaction: 96d01abfce7c9b165b0a260d75b8eb31c30d87aee2c8997a1d5ed5c486ea1909  200 bytes  311 us
#         eosio <= eosio::newaccount            {"creator":"eosio","name":"account1","owner":{"threshold":1,"keys":[{"key":"EOS8T18b3xLfWqVoTHbH57QX...
warning: transaction executed locally, but may not be confirmed by the network yet

Verify Account Information

Find the account information that has been created:

$ cleos get account account1
permissions:
owner     1:    1 EOS8T18b3xLfWqVoTHbH57QXwMUTKYvtytbyWsit6AjCdYxQeEarx
active     1:    1 EOS8Duao8YYNVgnyYv4BxDu75tCZk8tbAraUkiPBy9SwvRUZ7VxBx
memory:
quota:       unlimited  used:      2.66 Kb
net bandwidth:
used:               unlimited
available:          unlimited
limit:              unlimited
cpu bandwidth:
used:               unlimited
available:          unlimited
limit:              unlimited

Verify account that belongs to public key:

$ cleos get accounts EOS8T18b3xLfWqVoTHbH57QXwMUTKYvtytbyWsit6AjCdYxQeEarx
{
"account_names": [
"account1"
]
}