Using Wallet Private Key on Besu Hyperledger Network

[freitasgouvea]

I'm working on a project using the besu hyperledger network and I found that creating an instance for the wallet with the private key doesn't work.

new ethers.Wallet( privateKey [ , provider ] )

The solution we found was to use the wallet's mnemonic to generate the instance.

ethers.Wallet.fromMnemonic( mnemonic [ , path ] ).connect(provider)

I would like to know if this is normal behavior and if there is any solution for using the wallet private key to sign transactions on the besu network.

[ricmoo]

I’ve actually never used Hyperledger and am not sure what network Besu is. :(

That seems really weird to me though, since the fromMnemonic Just computes the private key and constructs everything as normal.

Does hyper ledger maybe enforce a bit pattern in the private key or public key that the mnemonic you used jives with? For example, parity will always pick a private key whose address begins with five 0 bits to ensure an IBAN-compatible ICAP address. So, any wallet created by Parity will satisfy this, but a random private key has only a 1/32 chance.

Just a thought.

[freitasgouvea]

Nice, thanks for the feedback.

"Hyperledger Besu is an open-source Ethereum client developed under the Apache 2.0 license and written in Java. It runs on the Ethereum public network, private networks, and test networks such as Rinkeby, Ropsten, and Görli. Besu implements Proof of Work (Ethash) and Proof of Authority (IBFT 2.0 and Clique) consensus mechanisms."

I was reading about it and i discovery that "Hyperledger Besu does not support key management inside the client." They recommend Use: "EthSigner with Besu to provide access to your key store and sign transactions or Third-party tools (for example, MetaMask and web3j) for creating accounts." https://besu.hyperledger.org/en/stable/HowTo/Send-Transactions/Account-Management/

Maybe the problem is that Besu doesn’t support key management inside the client.

I will continue investigating this problem to see if I can find a solution.

Thanks

[ricmoo]

Can you also provide a private key that doesn’t work? Do no private keys work? Or just some?

[twhay]

Hi @freitasgouvea and @ricmoo - I'm a member of the Developer Relations team at ConsenSys, and I reached out to members of our PegaSys team, who maintain Hyperledger Besu to shed some light on this discussion.

It is a deliberate choice to not support key management inside the Besu client for security of the private key. The ethers methods that rely on the keystore being in Besu do not work by design. Instead, ethsigner is required (https://github.com/PegaSysEng/ethsigner), as it is a design that prioritizes security and allows for the use of external keystores like cloud key vaults and HSM's. The Geth team later added Clef (https://geth.ethereum.org/docs/clef/tutorial), an account management tool, to do the same thing. (h/t to @MadelineMurray and @vmichalik for helping me with this explanation).

I hope that is useful context. Keep up the great work on ethers.js @ricmoo !

[ricmoo]

@twhay The thing I do not understand is why a mnemonic could work, but a private key would not. They are identical at the end of the day. Sounds like maybe they need to make a BesuSigner for ethers?

But regardless, this sounds more like a Besu issue? So, I'm going to close this. But please feel free to re-open if you think further discussion here makes sense. :)

Thanks! :)

[benjamincburns]

@ricmoo if this is an issue at all, I don't believe this is a Besu issue (disclosure, I work for the team that maintains Besu). In the case when the ethers.Wallet is given a private key explicitly, I'd expect that it shouldn't touch any of the account management RPC calls implemented in the client.

If there is a problem, the cause can probably be observed by running Besu with TRACE logging enabled, as that will log all RPC traffic. I'd watch out for calls to eth_accounts on creation of ethers.Wallet, or for usage of eth_sendTransaction when it should be using eth_sendRawTransaction.

That said, @freitasgouvea it'd be a lot easier to understand what's happening here if "doesn't work" was defined a bit better, and ideally an error message/stack trace were included.

[ricmoo]

The Wallet only uses eth_sendRawTransaction.

Definitely agree with adding more to “doesn’t work”. :)

[freitasgouvea]

In this case, we are working on a test to migrate a DAPP and Smart Contract project from Ethereum Mainet to Hyperledger Besu. I will recover the logs and put here for better explanation.