Offline Signing

Some security models require keeping signing keys, and thus the signing process, separated from transaction creation and network broadcast. Examples include:

This document describes using Solana's CLI to separately sign and submit a transaction.

Commands Supporting Offline Signing

At present, the following commands support offline signing:

Signing Transactions Offline

To sign a transaction offline, pass the following arguments on the command line 1) --sign-only, prevents the client from submitting the signed transaction to the network. Instead, the pubkey/signature pairs are printed to stdout. 2) --blockhash BASE58_HASH, allows the caller to specify the value used to fill the transaction's recent_blockhash field. This serves a number of purposes, namely:

  • Eliminates the need to connect to the network and query a recent blockhash

    via RPC

  • Enables the signers to coordinate the blockhash in a multiple-signature

    scheme

Example: Offline Signing a Payment

Command

solana@offline$ solana pay --sign-only --blockhash 5Tx8F3jgSHx21CbtjwmdaKPLM5tWmreWAnPrbqHomSJF \
recipient-keypair.json 1 SOL

Output

Blockhash: 5Tx8F3jgSHx21CbtjwmdaKPLM5tWmreWAnPrbqHomSJF
Signers (Pubkey=Signature):
FhtzLVsmcV7S5XqGD79ErgoseCLhZYmEZnz9kQg1Rp7j=4vC38p4bz7XyiXrk6HtaooUqwxTWKocf45cstASGtmrD398biNJnmTcUCVEojE7wVQvgdYbjHJqRFZPpzfCQpmUN
{"blockhash":"5Tx8F3jgSHx21CbtjwmdaKPLM5tWmreWAnPrbqHomSJF","signers":["FhtzLVsmcV7S5XqGD79ErgoseCLhZYmEZnz9kQg1Rp7j=4vC38p4bz7XyiXrk6HtaooUqwxTWKocf45cstASGtmrD398biNJnmTcUCVEojE7wVQvgdYbjHJqRFZPpzfCQpmUN"]}'

Submitting Offline Signed Transactions to the Network

To submit a transaction that has been signed offline to the network, pass the following arguments on the command line 1) --blockhash BASE58_HASH, must be the same blockhash as was used to sign 2) --signer BASE58_PUBKEY=BASE58_SIGNATURE, one for each offline signer. This includes the pubkey/signature pairs directly in the transaction rather than signing it with any local keypair(s)

Example: Submitting an Offline Signed Payment

Command

solana@online$ solana pay --blockhash 5Tx8F3jgSHx21CbtjwmdaKPLM5tWmreWAnPrbqHomSJF \
--signer FhtzLVsmcV7S5XqGD79ErgoseCLhZYmEZnz9kQg1Rp7j=4vC38p4bz7XyiXrk6HtaooUqwxTWKocf45cstASGtmrD398biNJnmTcUCVEojE7wVQvgdYbjHJqRFZPpzfCQpmUN
recipient-keypair.json 1 SOL

Output

4vC38p4bz7XyiXrk6HtaooUqwxTWKocf45cstASGtmrD398biNJnmTcUCVEojE7wVQvgdYbjHJqRFZPpzfCQpmUN

Buying More Time to Sign

Typically a Solana transaction must be signed and accepted by the network within a number of slots from the blockhash in its recent_blockhash field (~2min at the time of this writing). If your signing procedure takes longer than this, a Durable Transaction Nonce can give you the extra time you need.