Using Klaytn Online Toolkit #2: RoleBased keys

đź‘‹ Klaytn Online Toolkit Series

#1 Multisig
#2 RoleBased keys

To help more people use the toolkit, the Klaytn DevRel Team has prepared the “Using Klaytn Online Toolkit” series. In this first article, we will look at RoleBased keys.

We will create an account, update private keys to assign them different roles and try submitting a transaction using one of the keys. To know more about RoleBased keys, which are Klaytn’s unique features, please refer to this post

Before Getting Started

  1. You need an account to update. In this article, we will refer to this account as Sender. You can create a new account as shown below and download it. Sender must possess KLAY in order to pay the transaction fee. After the account update transaction is processed, the Sender account will continue to be used, just with a different private key.
  2. You need private keys to assign the roles to: RoleTransaction, RoleAccountUpdate and RoleFeePayer. You can create private keys in the same way as the previous step, and download the keystore file. Make sure to note down the password for the keystores.
  3. When a transaction requires multiple keys to sign, you need to set the weights and the threshold. You can assign different weights for each role. In this tutorial, for the sake of simplicity we will just use a single key to sign.

Create account and download keystore: Link

1. Create account

From the three keyring types Single / Multiple / Role-Based, make sure Single is selected. SingleKeyring, as the name suggests, is for using one key to sign the transaction and Multiple Keyring for multiple keys. Role based keyring is for signatures based on different roles. More details can be found in Klaytn Docs. In this article, we are creating SingleKeyring, which we will be updated to a role based account.

Click Generate Key. Private Key and address will be created. The address here is derived from the private – public key pair.

2. Download keystore 

Depending on the Keystore format you want to create, select either Generate Keystore(v3), Generate Keystore(v4). You will see the text below. Click “Download” and the file will be saved in this format: “keystore-{address}-{year}-{month}-{day}.json”. 

3. Claim test KLAY

If you want to create a new account, repeat the above steps.

Update account to RoleBased: Link

This page includes three parts: Upload Sender Keystore File, Upload Keystore File for Private Keys, and Update Account. In the first part, we will upload Sender’s keystore to sign the transaction. In the second part, we will upload the private keys that will be updated to RoleBased keys. In the last part, we will set weights and threshold to send the account update transaction.

  1. Upload keystore 

In the Upload Sender Keystore File section, select the network you want to use: Mainnet or Testnet.

Upload the keystore file of the account that will be updated (Sender), enter the password, and decrypt. If the Password is entered correctly, you will see Decryption succeeds!, and if not,  Error: Key derivation failed. We successfully uploaded the Sender keystore file.

2. Upload keystores to assign roles

Now let’s move to the Upload Keystore File for Private Keys section and upload private keys to be given the roles RoleTransaction, RoleAccountUpdate and RoleFeePayer. Upload the keystore files, enter the password and Decrypt. When you are updating for the first time, you must have all three roles filled in. Otherwise, an error will occur.

After adding each keystore, you will see the files in the Decrypted Keystore List in the Update Account section. These keystores will be given the corresponding roles.

3. Update account 

4. Verify transaction

Using the Sender’s address, you can see the transaction details on KlaytnFinder or Klaytnscope.

Sending KLAY using RoleTransaction key: Link

Now that we have updated our account, let’s use the RoleTransaction key to submit a simple value transfer transaction. If the update was successful, using another key would result in an error.

This page consists of three parts: Transaction Information, Upload Keystore File, and Decrypted Keystore List.

1. Enter transaction details

2. Upload keystore file

Now we need to upload the keystore file of the private key which is required for the Sender to sign the transaction. Since we are sending a transaction, we need the keystore which has been updated to “RoleTransaction”. In case you forgot what the role is, you can conveniently check it out here.

3.  Sign transaction

When all the necessary keys have been uploaded, click on Sign Transaction. When successful, you will see the message “Transaction is signed!” along with the transaction hash.

4. Send transaction

After signing, click on Send Transaction to submit the transaction to the network. Once it’s been processed, you will see the message “Transaction is confirmed!” along with the transaction hash. Click on the hash to see the transaction details on KlaytnFinder.

5. Use another keystore

Now we will send a KLAY transfer transaction using another keystore, which has been updated to RoleAccountUpdate.

When we repeat the above process, “Send Transaction” returns an error. This means that the update has been successful.

In this article, we looked at how to use the differentiated role functionality on Klaytn. Stay tuned for our next article! If you have any questions on this article or anything regarding Klaytn, please leave them in Klaytn Developers Forum.

Useful resources  

  1. Medium blog: [Caver] How to Update Klaytn Account Keys with Caver #3 — AccountKeyRoleBased
  2. Medium blog: Klaytn Usability Improvement Series #4: Supporting Role-Based Keys on the Platform-Level
  3. Klaytn Account: 
  4. Klaytn Keyring (caver-js):
  5. Account Update Code Example: