Ledger Enterprise
Help Center
Help Center
  • Welcome to the Help Center
  • Fundamentals
    • Getting set up
      • Sign in and out
      • For Administrators
      • For Operators
  • Supported Networks
  • What's new
  • CORE
    • Workspace administration
      • Admin Rule
        • Edit the admin rule
      • Accounts
        • Create an account
        • Solana SPL token account
        • Direct Access EVM Accounts
        • Edit an account
        • Activate a view-only account
        • Generate a receiving address
      • Groups
        • Create a group
        • Edit a group
        • Delete a group
      • Whitelists
        • Create a whitelist
        • Edit a whitelist
      • Entities
        • Create an entity
        • Edit an entity
        • Delete an entity
    • Users
      • User Roles and Permissions
      • New users
      • Register on the Ledger Vault
    • Your Device
      • Initialize your Personal Security Device (PSD)
      • Update your Personal Security Device (PSD)
      • Configure the Ledger Cryptosteel
      • Device pairing: View your partition ID
    • Managing requests
      • Approve or reject a request
      • Track the status of a request
      • Recreate a rejected or failed request
    • Transactions
      • Create a transaction
      • Transaction fees & speed
      • UTXOs
      • Replace by Fee
      • Export transaction history
      • Vault Raw Signing Overview
    • Compliance capabilities
      • Proof of Reserve - Enable Message Signing on an account
      • Proof of Researve - Sign Messages
      • Address Screening and KYT
    • Using Vault Signer
      • Create a Vault Signer account
      • Connect your Signer account to the Ledger Live extension
      • Craft a transaction on Ledger Live with your Vault Signer account
    • Overview of the Ledger Enterprise API
    • Public Key Infrastructure (PKI) Implementation
    • Ledger Enterprise mobile application
      • Terms of Use
  • staking
    • Stake Cardano
      • Overview
      • Enable ADA Staking
      • Stake ADA with Figment
      • Reporting
    • Stake Cosmos
      • Overview
      • Enable ATOM Staking on your Ledger Cosmos Enterprise accounts
      • How to stake ATOM
    • Stake Ethereum
      • Overview
      • Enable ETH Staking on your Ethereum accounts
      • Stake ETH with Kiln
      • Stake ETH with Figment
      • Stake ETH with Blockdaemon
    • Stake Solana
      • Overview
      • Enable SOL Staking on your Solana accounts
      • Stake SOL with Figment
      • Solana Staking Reporting
    • Stake Polkadot
      • Overview
      • Enable DOT Staking
      • Stake DOT with Figment
    • Stake Polygon
      • Overview
      • Enable MATIC Staking
      • Stake MATIC with Figment
      • Stake MATIC with Kiln
    • Stake Tezos
      • Overview
    • Staking Providers
      • Stake with kiln
      • Stake with Figment
      • Stake with Blockdaemon
  • Web3: DeFi & NFT
    • Web3: DeFi & NFT Interactions
      • Web3 governance & configuration
        • Enable Smart Contract Interactions on EVM accounts
        • Enable Message Signatures on EVM accounts
        • Enable Contract Deployments on EVM accounts
        • Customize DApps catalog on EVM accounts
      • Vault DApps
        • DApp Provider Guide
        • Lido
        • Paraswap
        • Yearn
      • Interact with an external DApp via WalletConnect
      • Deploy a Smart Contract
      • Sign DApp messages
      • Interact with a smart contract
    • Raw Signing Best Practices
  • TRADELINK
    • Introduction
    • Best Practices
    • Run Tradelink as an Administrator
    • Operate Tradelink as a Custodian
    • Operate Tradelink as an Asset Manager
    • Operate Tradelink as an Exchange
    • Ledger Tradelink Terms of Use
  • Support
    • Troubleshooting
    • Security best practices
      • Ledger Stax Best Practices
    • Recovering your Vault Master Seed
    • Recover your Ledger Vault's master seed on a Nano S Plus
Powered by GitBook
On this page
  • Introduction
  • Understanding the Risks
  • Best Practices for Secure Usage
  • Where to find your extended public key (XPUB)
  1. Web3: DeFi & NFT

Raw Signing Best Practices

Introduction

Raw Signing presents inherent security risks, as it involves signing transactions without contextual validation. However, with great power comes great responsibility. This document outlines best practices to ensure the secure and effective use of the raw signing feature. Consequently, Raw Signing is considered a specialized feature, not included by default in your workspace, and is only accessible upon request for specific use cases. If you're interested in this feature and want to see if your use case is eligible for it, please contact your TAM.

Understanding the Risks

Before using the raw signing feature, it is crucial to understand the associated risks. The Hardware Security Module (HSM) will sign transactions without the ability to understand their content, which means there is no contextual validation of the transaction's intent or potential impact. Additionally, there is no approval from operators with Personal Security Devices (PSD), which typically serve as a layer of security.

Best Practices for Secure Usage

  • Thorough Validation Before Submission : Ensure that all transactions are thoroughly validated and vetted by your in-house systems before submission for signing. This includes verifying transaction structure, destination addresses, and values.

  • Limit Access : Restrict access to the raw signing feature to a minimal number of trusted API Operators. Regularly review and audit who has access to ensure that only authorized personnel can initiate raw signing requests.

  • Secure Your Infrastructure : Maintain a secure infrastructure for crafting and handling digests. Implement robust security measures to protect against unauthorized access and potential vulnerabilities within your systems.

  • Audit and Monitoring : Regularly audit raw signing activities and monitor for any unusual patterns or unauthorized attempts. Utilize the "Operations tab" to track the history of raw signing requests and their statuses.

  • Educate Your Team : Ensure that all team members involved in the raw signing process are educated about the feature's capabilities, limitations, and associated risks. They should be well-versed in the procedures and best practices outlined in this document.

  • Change Management : Establish a formal change management process for any updates or modifications to the raw signing setup. Document all changes and ensure they are reviewed and approved by the necessary administrators.

The API Raw Signing feature is intended to provide API Operators with the flexibility to manage transactions on unsupported protocols efficiently. By following these best practices, you can mitigate risks and ensure that the feature is used securely and effectively. Always prioritize security to protect your operations and maintain the integrity of your transactions.

Where to find your extended public key (XPUB)

Once a Raw Signing account has been created, an administrator can navigate to the account in the Vault UI, click on the Receive button the XPUB will be revealed.

PreviousInteract with a smart contractNextIntroduction

Last updated 1 month ago