Raw Signing – Best Practices

Introduction

Raw Signing presents inherent security risks, as it involves signing transactions without contextual validation. However, with great power comes great responsibility. This document outlines best practices to ensure the secure and effective use of the raw signing feature. Consequently, Raw Signing is considered a specialized feature, not included by default in your workspace, and is only accessible upon request for specific use cases. If you're interested in this feature and want to see if your use case is eligible for it, please contact your TAM.

Understanding the Risks

Before using the raw signing feature, it is crucial to understand the associated risks. The Hardware Security Module (HSM) will sign transactions without the ability to understand their content, which means there is no contextual validation of the transaction's intent or potential impact. Additionally, there is no approval from operators with Personal Security Devices (PSD), which typically serve as a layer of security.

Best Practices for Secure Usage

  • Thorough Validation Before Submission : Ensure that all transactions are thoroughly validated and vetted by your in-house systems before submission for signing. This includes verifying transaction structure, destination addresses, and values.
  • Limit Access : Restrict access to the raw signing feature to a minimal number of trusted API Operators. Regularly review and audit who has access to ensure that only authorized personnel can initiate raw signing requests.
  • Secure Your Infrastructure : Maintain a secure infrastructure for crafting and handling digests. Implement robust security measures to protect against unauthorized access and potential vulnerabilities within your systems.
  • Audit and Monitoring : Regularly audit raw signing activities and monitor for any unusual patterns or unauthorized attempts. Utilize the "Operations tab" to track the history of raw signing requests and their statuses.
  • Educate Your Team : Ensure that all team members involved in the raw signing process are educated about the feature's capabilities, limitations, and associated risks. They should be well-versed in the procedures and best practices outlined in this document.
  • Change Management : Establish a formal change management process for any updates or modifications to the raw signing setup. Document all changes and ensure they are reviewed and approved by the necessary administrators.

The API Raw Signing feature is intended to provide API Operators with the flexibility to manage transactions on unsupported protocols efficiently. By following these best practices, you can mitigate risks and ensure that the feature is used securely and effectively. Always prioritize security to protect your operations and maintain the integrity of your transactions.

Copyright © Ledger Enterprise Platform 2022. All right reserved.