Set Up Secure Signing

To submit transactions to the XAG Ledger, you need a way to digitally sign them without compromising the security of your secret keys. (If others gain access to your secret keys, they have as much control over your accounts as you do, and can steal or destroy all your money.) This page summarizes how to set up such an environment so you can sign transactions securely.

Tip: If you are not submitting transactions to the network, you can safely use a trustworthy public server, such as the ones run by Ripple, to monitor for incoming transactions or just to read other network activity. All transactions, balances, and data in the XAG Ledger are public.

There are several configurations with varying levels of security that may be acceptable for your situation. Choose one of the following that best fits your needs:

Insecure Configurations

Diagram of insecure configurations

Any configuration in which outside sources may gain access to your secret key is dangerous, and is likely to result in a malicious user stealing all your XAG (and anything else your XAG Ledger address has). Examples of such configurations include ones where you use the sign method of someone else's rippled server over the internet, or you transmit your secret key in plain text over the internet to your own server.

You should maintain the secrecy of your secret keys at all times, which includes things like not emailing them to yourself, not typing them visibly in public, and saving them encrypted—never in plain text—when you are not using them. The balance between security and convenience depends in part on the value of your addresses' holdings, so you may want to use multiple addresses with different security configurations for different purposes.

If you use a client library not published by Ripple, make sure it uses proper, secure implementations of the signing algorithm(s) it implements. (For example, if it uses the default ECDSA algorithm, it should also use deterministic nonces as described in RFC6979 .) All of Ripple's published libraries listed above follow industry best practices.

For best security, be sure to keep your client library updated to the latest stable version.

Example Local Signing with RippleAPI

The following code sample shows how to sign transaction instructions locally with RippleAPI for JavaScript:

'use strict'
const RippleAPI = require('ripple-lib').RippleAPI

// Load address & secret from environment variables:
const from_address = process.env['MY_ADDRESS']
const secret = process.env['MY_SECRET']

// Can sign offline if the txJSON has all required fields
const api = new RippleAPI()

const txJSON = JSON.stringify({
  "Account": from_address,
  "TransactionType":"Payment",
  "Destination":"rf1BiGeXwwQoi8Z2ueFYTEXSwuJYfV2Jpn",
  "Amount":"13000000",
  "Flags":2147483648,
  "LastLedgerSequence":7835923,
  "Fee":"13",
  "Sequence":2
})

const signed = api.sign(txJSON, secret)

console.log("tx_blob is:", signed.signedTransaction)
console.log("tx hash is:", signed.id)

For greater security, you can load your secret keys from a management tool such as Vault .

Use a Secure VPN with a Remote rippled Server

Diagram of connecting securely to a remote rippled over VPN

This configuration uses a rippled server hosted remotely, such as in a colocation facility or a distant datacenter, but connects to it securely using an encrypted VPN.