0

I'm making a flow of creating a transaction offline, and publish it using external node (etherscan.io).

So the flow will go from here:

  1. I will use this code to generate a signed raw tx
var { Transaction } = require('@ethereumjs/tx'); var web3utils = require("web3-utils"); const txParams = { from: '0x0000000000000000000000000000000000000000', to: '0x0000000000000000000000000000000000000000', nonce: web3utils.toHex(0), gasPrice: web3utils.toHex(1000000000), gasLimit: web3utils.toHex(50000), value: web3utils.toHex( web3utils.toWei("0.1", "ether"), ), } const tx = Transaction.fromTxData(txParams) const privateKey = Buffer.from( 'e331b6d69882b4cb4........67688d3dcffdd2270c0fd109', 'hex', ) const signedTx = tx.sign(privateKey) const serializedTx = signedTx.serialize(); const rawTx = serializedTx.toString("hex"); console.log(rawTx); //f86b808432c35......67904d240
  1. I will copy and paste the rawTx (f86b808432c35......67904d240) to https://etherscan.io/pushTx

Is it possible to get my private key from the rawTX by decoding it somehow? or is it safe to make the rawTx public?

Thank you

Improve this question

1 Answer 1

Reset to default
1

It is save to publish the signed transaction. It is not possible to get your private key from the signed transaction. You send it to the blockchain and everybody can and must see the signed transaction.

The term rawTx is misleading here - in your code it is the serialised and encoded signed transaction. So, this is o.k.

Just two additional remarks:

1) Increment the nonce value

In your code you have the line:

nonce: web3utils.toHex(0),

Ensure that you use the transaction count of the from account as nonce value. This is the mechanism to avoid replay attacks. A singed transaction with the same nonce will not be accepted by the blockchain.

2) Protect your private key

Never write the private key in your source code. Always protect it by strong encryption and load it during runtime (or better use a hardware wallet).

Improve this answer
5
  • Thank you for your answer. Yes, I understand that I have to increment the nonce, but replay attack is new to me.. I cannot count my transaction as I will be doing this in offline machine. So I'm planning to count it manually from the last transaction. Is it ok? How about the Gas price and gas limit, are those an OK number to prevent paying fee too high? Commented Mar 5, 2021 at 15:42
  • Somehow it is difficult to trust hardware wallet fully. So this is the reason why I am writing this code and flow to do it on my offline computer. Commented Mar 5, 2021 at 15:43
  • You are never secure with a private key on your online/offline machine. Just in the case of a hard encryption you are a bit more on the save side (remember that key loggers also work offline). Use Ledger or Tresor to manage your PKs and sign transactions. This is true for main network (on test networks the damage should be small). Everything which is stored on silicon is not save! Commented Mar 5, 2021 at 15:59
  • Yes, I understand. that is why I am so paranoid about this. But offline wallet with fresh install of OS is more secure than ledger right? Because with ledger you still need to connect it with an online computer with USB. I cannot feel secure about that. Commented Mar 5, 2021 at 17:26
  • PS: I do encrypt the PK and keystores. I also generated several addresses with different applications such as geth, ethereumjs, web3. For bitcoin I have many wallets too generated by different apps such as bitcoin core, and electrum. Commented Mar 5, 2021 at 17:28

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.