Skip to main content

Change the FT4 key

In the Chromia network, the system uses the provider key by default for both controlling the financial FT4 account and operating the node. Chromia offers flexible options for users and providers who want to customize their account structure or security measures.

  • Change the FT4 auth descriptor to multisig: Set up a Chromia-native multisig configuration to distribute control across multiple signers, increasing security and flexibility. Multisig mitigates risks like the loss or compromise of a single key by requiring multiple signers for account operations. For detailed steps, refer to the Multisig guide.

  • Change the FT4 auth descriptor to an EVM key: Replace the provider key with an EVM MetaMask key, offering compatibility with Ethereum-based tools with the option of using a hardware wallet or MPC-based distributed key management solutions for enhanced security.

  • Create a separate staking FT4 account: Establish a dedicated account with its own key for staking, while the original provider FT4 account manages rewards and other operations.

The separate staking account method can be combined with either auth descriptor option for greater flexibility. For more information on FT4 auth descriptors, refer to the auth descriptors documentation.

Requirements

Before you start, make sure you have these tools ready:

  • Chromia CLI
  • Postchain Management Console (PMC)
  • MetaMask extension and account (if you're opting for the EVM key method)
note

The mainnet's economy chain brid is: 15C0CA99BEE60A3B23829968771C50E491BD00D2E3AE448580CD48A8D71E7BBA

Switch FT4 key to an EVM key

Switching your FT4 key to a MetaMask key allows you to access your FT4 account via the Chromia Vault website and sign transactions with MetaMask.

  1. Use chr and pmc to configure your provider key for the mainnet.

  2. Use chr to fetch your provider account ID from the economy chain:

    chr query -brid 15C0CA99BEE60A3B23829968771C50E491BD00D2E3AE448580CD48A8D71E7BBA get_provider_account_id provider_pubkey=<provider pubkey>

  3. Use pmc to replace the FT4 auth descriptor. The --account-id option is now optional. The account ID will be automatically fetched using the provider's public key if not provided.

    Without specifying the --account-id:

    pmc economy auth-descriptor-evm-swap --evm-address=<your ethereum address>

    If you prefer to explicitly specify the account ID:

    pmc economy auth-descriptor-evm-swap --account-id <account id from previous step> --evm-address=<your ethereum address>

  4. Test the key change by attempting a small transfer (e.g., 0.000001 CHR) from the old FT4 account to another account.

    This step is specifically designed to confirm that the old FT4 account no longer has access and to validate that the key swap was successful. The transaction should fail if the setup has been updated correctly, as the old account should no longer have the necessary permissions.

    chr tx --ft-auth -brid 15C0CA99BEE60A3B23829968771C50E491BD00D2E3AE448580CD48A8D71E7BBA ft4.transfer 'x"<from>"' 'x"<to>"' "1L"

  5. After confirming the transfer, delete the file containing the MetaMask private key if it's no longer necessary.

  6. Check if the UI on the Chromia Vault now displays the balance previously associated with the provider identity.

Set up a dedicated staking FT4 account

Creating a dedicated staking FT4 account enables you to segregate your staking operations by using a specific key, distinct from the operational key of your provider account.

  1. Create or duplicate the chr/pmc configuration file using your provider key for the mainnet, and save this configuration as provider_config.

  2. Generate a new key pair for the staking account by running:

    chr keygen -f staking_account

  3. Create a new chr/pmc configuration based on provider_config that includes the newly generated keys from staking_account, and save it as staking_account_config. This configuration will be used to access the new staking account.

  4. Create another chr/pmc configuration based on provider_config that includes both the provider and staking account keys, and save it as combined_keys_config:

    privkey = <provider-private-key>,<staking-account-private-key>
    pubkey = <provider-public-key>,<staking-account-public-key>

  5. Retrieve the provider account ID using the following command with chr on the economy chain:

    chr query -brid 15C0CA99BEE60A3B23829968771C50E491BD00D2E3AE448580CD48A8D71E7BBA get_provider_account_id provider_pubkey=<provider pubkey> -cfg provider_config

  6. Change the provider staking account and transfer all staked funds to the new account using the command:

    pmc economy set-provider-staking-account -pk <provider public key> --account-pk <staking account public key> -cfg combined_keys_config

  7. Obtain the account ID for the new staking account by running:

    chr repl -c 'x"<staking account public key>".hash()'

  8. Lastly, verify that the staking account has been updated to the new staking account ID by executing the following command:

    chr query -brid 15C0CA99BEE60A3B23829968771C50E491BD00D2E3AE448580CD48A8D71E7BBA get_provider_staking_status pubkey=<provider public key> -cfg provider_config
    note

    Ensure that the staking_account_id matches the ID obtained in the previous step.