Ethereum Blockchain
Configure your Ethereum blockchain HSM wallet to generate and secure the Ethereum account ECDSA/BIP32 public/private key pairs on a Luna Cloud HSM Service and access those key pairs for signing transactions on the blockchain. The Luna Cloud HSM Service reduces the cryptographic load on the host server CPU.
We recommend you use the Luna Cloud HSM service for this integration.
This integration guide uses the following third party applications:
- Go-Ethereum
This integration is supported on the following operating systems:
- RHEL
- Ubuntu
About Ethereum Blockchain Network
Ethereum is an open-source, public, blockchain-based distributed computing platform and operating system featuring smart contract (scripting) functionality. Ether is a fundamental crypto currency for operation of Ethereum, which thereby provides a public distributed ledger for transactions. It is used to pay for gas, a unit of computation used in transactions and other state transitions. Ether can be transferred between accounts and used to compensate participant mining nodes for computations performed.
Go Ethereum is the official golang implementation of Ethereum protocol. Geth is the main Ethereum CLI client. It is the entry point into the Ethereum network (main, test or private net), capable of running as a full node (default), archive node (retaining all historical state) or a light node (retrieving data live). It can be used by other processes as a gateway into the Ethereum network via JSON RPC endpoints exposed on top of HTTP, Web Socket and/or IPC transports.
Refer to the Go-Ethereum Product Documentation for more information.
Prerequisites
Before you proceed with the integration, ensure that you have completed the following:
Provision Luna Cloud HSM Service
The Luna Cloud HSM service configuration material is included in the relevant section of this integration guide.
Ensure that you have access to a DPoD application owner account before beginning the integration.
Install Ethereum Blockchain
Complete the following procedures to install and configure Go-Ethereum for your Linux operating system.
To install the prerequisite libraries
Execute the following command to install the necessary libraries for the Ethereum Blockchain installation.
Linux
sudo yum install git python-pip libtool-ltdl-devel
Ubuntu
sudo apt-get install git python-pip libltdl-dev
To set up Golang
- Install
Golang
using the following resources: -
Ensure that the
go
executable is available in the PATH.export PATH=/usr/local/go/bin:$PATH
To install and set up Docker and Docker-compose
- Install
docker
using the Docker Installation steps - Install
docker-compose
.sudo pip install docker-compose==<version>
To configure Go-Ethereum
-
Clone the Go-Ethereum git repository on the client.
git clone https://github.com/gemalto/go-Ethereum
-
Change the cwd to the cloned repo.
cd go-Ethereum
-
Build the
geth
library.make geth
-
Build a
docker
image for thegeth
node.cd example make build
Integration
To configure an Ethereum Blockchain account to secure its keys inside of a Luna Cloud HSM Service.
Creating your Luna Cloud HSM Services for Ethereum Blockchain
Create the Luna Cloud HSM Service that will be used by Ethereum Blockchain for your integration.
Refer to the section Adding a Luna Cloud HSM Service for detailed instructions on adding a Luna Cloud HSM Service.
Create the following Luna Cloud HSM Services in DPoD.
- geth1
- geth2
Create a Luna Cloud HSM Service Client for each service and download the client zips.
Create the directories /etc/geth/lunaconf1
and /etc/geth/lunaconf2
.
mkdir -p /etc/geth/lunaconf1
mkdir -p /etc/geth/lunaconf2
Unzip the client zip for geth1
in the directory /etc/geth/lunaconf1
and unzip the client zip for geth2
in the directory /etc/geth/lunaconf2
.
Follow the instructions at Configuring a Service Client and install a Linux service client. Initialize the Luna Cloud HSM Service Client and the Security Officer, Crypto Officer, and Crypto User roles.
Verify that both of the partitions are visible in lunacm
.
Integrating Ethereum Blockchain with a Luna Cloud HSM Service
This section provides instructions on configuring Go-Ethereum with a Luna Cloud HSM Service using ECDSA keys.
Create two geth
config files in the go-Ethereum/example
directory.
../build/bin/geth --networkid 8000 dumpconfig > config1.toml
../build/bin/geth --networkid 8000 dumpconfig > config2.toml
Add the following lines to the [Node]
section in the configuration files:
In config1.toml
NoPKCS11BIP32 = true
PKCS11Lib = "/etc/geth/lunaconf1/libs/64/libCryptoki2.so"
In config2.toml
NoPKCS11BIP32 = true
PKCS11Lib = "/etc/geth/lunaconf2/libs/64/libCryptoki2.so"
Create two ethash
directories for the DAG in the go-Ethereum/example
directory.
mkdir ethash1
mkdir ethash2
Initialize the data directories.
make clean
make init
Edit the docker-compose.yaml
file in the go-Ethereum/example
directory.
a. Remove the line - /usr/local/lunaclient:/usr/local/lunaclient
from the [volumes]
section of geth1
and geth2
.
b. Under geth1:volumes
change ./config.toml:/etc/geth/config.toml
to ./config1.toml:/etc/geth/config.toml
.
c. Under geth2:volumes
change ./config.toml:/etc/geth/config.toml
to ./config2.toml:/etc/geth/config.toml
.
Create two docker containers, geth1
and geth2
.
docker-compose up
Open two separate terminals and attach one terminal to geth1
and attach the other terminal to geth2
.
Terminal 1
./console.sh 1
Terminal 2
./console.sh 2
Open the HSM wallet, in both the geth1
and geth2
terminals.
Terminal 1
personal.listWallets
personal.openWallet("hsm://geth1")
Terminal 2
personal.listWallets
personal.openWallet("hsm://geth2")
Create an account, in both the geth1
and geth2
terminals.
Terminal 1
personal.newHsmAccount("hsm://geth1")
Terminal 2
personal.newHsmAccount("hsm://geth2")
An ECDSA key pair generates on both Luna Cloud HSM Services.
Find the node address for geth2
, in the geth2
terminal.
admin.nodeInfo
The output contains the enode field.
Add geth2
as a peer, execute the following in the geth1
terminal:
admin.addPeer("<geth2-enode-address>")
Example:
admin.addPeer("enode://b5f7e23f47277e34c8d7cefe066473e0b522eecce5407f2a5f13a6c794ae9964bf0dc5805a0cd4a8d93abd390d1535c1a7bea9e914f0c63f6c57e715aaf84910@10.8.0.4:30304")
Verify that the nodes can see each other as peers.
admin.peers
Performing Ethereum Blockchain transactions with a Luna Cloud HSM Service
Once the setup is done, you can run miner.start()
to start mining you need at least one miner to mine in order for any transactions to be included on the Blockchain. Initially it will build the Directed Acyclic Graph (DAG) which may take a few minutes. It displays Generating DAG in progress.
Start the miner, from the geth1
terminal.
miner.start()
Wait for Generating DAG in progress to complete. The activity can be seen in the docker-compose up
terminal. This can take some time to complete.
Once some blocks have been mined, stop the miner.
miner.stop()
Find the geth1
account address, execute the following in the geth1
terminal.
personal.listAccounts
Get the balance of the geth1
account. The account should display some ether, whether executed from the geth1
or the geth2
terminal.
eth.getBalance("<geth1-account-address>")
Send a transaction from the geth1
account to the geth2
account. Find the geth1
account address, execute personal.listAccounts
from the geth1
terminal, and use it as the sender account address. Find the geth2
account address, execute personal.listAccounts
from the geth2
terminal, and use it as the receiver account address.
eth.sendTransaction({from:sender, to:receiver, value: amount})
You can view the pending transaction by executing eth.pendingTransactions
.
Mine some additional blocks, from the geth1
terminal.
miner.start()
Wait for some blocks to be mined in docker-compose-up
and then stop the mining.
miner.stop()
Get the balance of the geth2
account. The account should display some ether, whether executed from the geth1
or the geth2
terminal.
eth.getBalance("<geth2-account-address>")
Close the geth1
and geth2
wallets.
Terminal 1
personal.closeWallet("hsm://geth1")
Terminal 2
personal.closeWallet("hsm://geth2")
This completes the integration of Go-Ethereum Blockchain with a Luna Cloud HSM Service. The Luna Cloud HSM Service generates the ECDSA signing keys that are then used by the Ethereum accounts in their Blockchain transaction.