Appendix
TSS Node configuration methods
Currently, cobo-tss-node offers two configuration methods:
- Command lines
- Example: ./tss-node.sh start —ws-url=ws://ws.example.com/ws
- Config files
Recommended Priority: Configuration Files > Command Lines
Config file modifications
- Navigate to the configs directory.
- Copy and paste the file cobo-tss-node-config.yaml.template.
- Rename the copied file to cobo-tss-node-config.yaml. The directory structure will appear as follows:
- Edit the cobo-tss-node-config.yaml file by following these steps:
- Open the file in a text editor.
- Locate the config item that needs modification (e.g., “env”).
- Remove any remarks associated with the config item.
- Update the content of the configuration item. For instance, change “env” to “production”.
Please be aware that configuration for the TSS Node is not mandatory. All items listed below are optional.
| Configuration Item | Command Line | Description |
|---|---|---|
| env | dev / prod | Operating environment. |
| db/path | db | Database file that should not be modified. |
| callback/cb_server/service_address | cb-address | A list of callback server addresses. |
| callback/cb_server/pubkey_path | cb-pubkey | A list of callback server RSA public keys corresponding to the callback server addresses. |
| callback/token_expire_minutes | cb-token-expire | Timeout period for callback server’s JWT. Default value is 2. Unit is minutes. |
| callback/retry_times | cb-retry-times | Number of retries for callback server requests. Default value is 2. |
| callback/sleep_seconds | cb-sleep-seconds | Time interval between each retry if the callback server fails. Default value is 15. Unit is seconds. |
| callback/request_timeout | cb-request-timeout | Timeout period for HTTP request. Default value is 10. Unit is seconds. |
| callback/monitor_interval | cb-monitor-interval | Callback monitoring interval time (e.g. 10s). Default value is empty, indicating it is not enabled. |
| websocket/url | ws-url | No configuration is required. The WebSocket server will be connected based on the environment. If a URL is configured, it will be connected by default. |
| log/std/enable | log-std-enable | Whether to output the log. |
| log/file/enable | log-file-enable | Whether to save the log. |
| log/file/filename | log-file-name | Log file name. |
| log/file/maxsize | log-file-maxsize | Maximum size of the log file. |
| log/file/max_backups | log-file-max-backups | Number of backups for each log file. |
TSS Node command lines
- Init: initialize the TSS Node.
You can initialize the TSS Node and create a database file. The execution will fail if the database file already exists. For more information, please refer to TSS Node initialization.
- Info: view the information.
You can review the information associated with the TSS Node, including TSS Node ID and callback server’s RSA public key.
The output example is as follows.
- Info group: view the group information
You can use the info group command to query the following group information:
| Item | Value | Description |
|---|---|---|
| Group ID | vnJShriEOIzBLaOUxUDs | Unique identifier of each group. |
| Created Time | 2023-01-11 14:36:42.179778596 +0000 UTC | Creation time of the group. |
| Root Extended Public Key | xpub661MyMwAq……Mcet8 | Root extended public key corresponds to the private key shares under the current group. |
| ChainCode | 0x098a……9dd9 | ChainCode corresponds to the root extended public key, in hexadecimal format. |
| Share ID | 121637……483926 | Share ID of an MPC key share, in decimal format. |
| Share Public Key | 0x0231adf……d2773 | Public key corresponds to the private key share: Default value: compressed public key, in hexadecimal format. |
| Type | 1 | Type: 1 represents ECDSA, and 2 represents EdDSA. |
| Curve | secp256k1 | Supported signature algorithm. |
| Threshold | 2 | Minimum number of private key shares required for each transaction signing. |
| Local Node ID | coboA1B2C3D4 | Node ID of the locally stored TSS Node. |
| Other Node IDs | [coboA1B2C3D4, coboA2B3C4D5] | Node ID of the TSS Node managed by the other party. |
| Participants: | 3 | Total number of private key shares, Node IDs, and key share IDs. |
- Start: start up the TSS Node
The cobo-tss-node will start running. For more information, please refer to TSS Node startup.
- Version: query TSS Node version
- Status: check the running status
The output example is as follows.
Execution workflow:
-
Verify the successful installation of Docker Engine and ensure the client has the necessary permissions.
-
Check the status of the SGX driver (applicable to an SGX-ready version).
-
Confirm the existence of the built container image.
-
Inspect containers for any errors.
-
Monitor the currently running TSS Node container and display the latest five logs.
-
Log: view container logs
- Stop: stop the TSS Node
TSS Node risk controls
The TSS Node features an integrated risk control mechanism designed to evaluate key generation (KeyGen), key signing (KeySign), or key recovery (KeyReshare) requests before initiating a callback. The system applies predefined risk control policies to these requests, approving only those that align with the specified policies. Requests failing to meet the criteria will be rejected.
For optimal alignment with your business requirements, the configuration of TSS Node risk control policies can be tailored. This customization is facilitated through the configs/cobo-tss-node-config.yaml file. To define specific configuration parameters, navigate to embedded_risk_control_rules and refer to the following example:
Please be aware that you need to replace the placeholders <EXTENDED_ROOT_PUBKEY>, <Cobo TSS Node ID>, <ThirdParty TSS Node ID>, and <Customer TSS Node ID> with their actual values. Exclude the ”<>” symbols when inputting these parameters.