Developer Documentation

Appearance

Organization User Setup and Transaction Signing using Lambda

After the initial AWS setup and IAM user creation, each organization (e.g., orgA and orgB) will receive their respective access keys. The organizations should then perform the following steps:

  1. Configure AWS CLI with their access keys:
bash
aws configure
  1. Generate and store a mnemonic phrase securely in AWS Secrets Manager.

Prerequisites

  • Ensure that Node.js and npm are installed on your system to generate the mnemonic. You can download and install them from the Node.js official site.

Mnemonic Generation and Storage

The process of generating and storing mnemonics should be done securely. Here's an overview of what the process entails:

  1. Generate a mnemonic phrase using a cryptographically secure method (e.g., using the bip39 library).

In the terminal, run the following command to generate the mnemonic.

bash
npm install bip39
node -e "const bip39 = require('bip39'); console.log(bip39.generateMnemonic());"

The user will get a mnemonic for their organization.

  1. Store the generated mnemonic in AWS Secrets Manager under a secret name specific to the organization.

In the terminal, run the cli:

bash
aws secretsmanager create-secret \
  --name "<org_name>/MNEMONIC" \
  --description "Mnemonic for <org_name>" \
  --secret-string "<mnemonic>" \
  --region $AWS_REGION

Note: - Replace org_name with the specific name of the organization. - Set the AWS Region as us-east-1. - Set the mnemonic that is generated in the previous step.

  1. Ensure that the AWS credentials used have the necessary permissions to create and store secrets.

Sign the Transaction with AWS IAM Authentication

To test the Transaction Signing, run the command:

bash
aws apigateway test-invoke-method --rest-api-id YOUR_API_ID --resource-id RESOURCE_ID --http-method POST --path-with-query-string "/sign" --body '{
   "action": "signMessage",
   "secretId": "SECRET_ID/",
   "message": "your-message",
   "offset": "null"
}' --output text

Replace YOUR_API_ID, RESOURCE_ID and SECRET_ID with your actual values.

Expected Response

Upon successful execution, you should receive a response similar to:

json
{
  "signedTransaction": "0x01f86c0180843b9aca0082520894742d35cc6634c0532925a3b844bc454e4438f44e87038d7ea4c6800080c001a082832006e12e9b56ee6e428aece22c8f46f0144f68e18fd22cb986e1cca755fca03528caad1b2c1f6bbcc8b1b366fb392dd16690cd19bce28988b71b0697d37f68"
}

This signed transaction can then be broadcast to the Ethereum network.

By following these steps, organizations can securely generate and manage their mnemonics, and use the Lambda function to sign Ethereum transactions without exposing their private keys.