Version deposit data for additional security

Update docs
Update Prysm docs
2026-01-11 06:58:02 -05:00 · 2020-04-17 18:53:31 +01:00 · 2020-04-16 08:43:51 +01:00 · 2020-04-16 08:03:07 +01:00 · 2020-04-16 07:55:02 +01:00
10 changed files with 676 additions and 253 deletions
--- a/README.md
+++ b/README.md
@@ -72,223 +72,9 @@ If set, the `--debug` argument will output additional information about the oper

 Commands will have an exit status of 0 on success and 1 on failure.  The specific definition of success is specified in the help for each command.

-### `wallet` commands
+# Commands

-#### `accounts`
-
-`ethdo wallet accouts` lists the accounts within a wallet.  
-
-```sh
-$ ethdo wallet accounts --wallet="Personal wallet"
-Auctions
-Operations
-Spending
-```
-
-With the `--verbose` flag this will provide the public key of the accounts.
-
-```sh
-$ ethdo wallet accounts --wallet="Personal wallet" --verbose
-Auctions: 0x812f340269c315c1d882ae7c13cdaddf862dbdbd482b1836798b2070160dd1e194088cc6f39347782028d1e56bd18674
-Operations: 0x8e2f9e8cc29658ff37ecc30e95a0807579b224586c185d128cb7a7490784c1ad9b0ab93dbe604ab075b40079931e6670
-Spending: 0x85dfc6dcee4c9da36f6473ec02fda283d6c920c641fc8e3a76113c5c227d4aeeb100efcfec977b12d20d571907d05650
-```
-#### `create`
-
-`ethdo wallet create` creates a new wallet with the given parameters.  Options for creating a wallet include:
-  - `wallet`: the name of the wallet to create (defaults to "primary")
-  - `type`: the type of wallet to create.  This can be either "nd" for a non-deterministic wallet, where private keys are generated randomly, or "hd" for a hierarchical deterministic wallet, where private keys are generated from a seed and path as per [ERC-2333](https://github.com/CarlBeek/EIPs/blob/bls_path/EIPS/eip-2334.md) (defaults to "nd")
-  - `walletpassphrase`: the passphrase for of the wallet.  This is required for hierarchical deterministic wallets, to protect the seed
-
-```sh
-$ ethdo wallet create --wallet="Personal wallet" --type="hd" --walletpassphrase="my wallet secret"
-```
-
-#### `export`
-
-`ethdo wallet export` exports the wallet and all of its accounts.  Options for exporting a wallet include:
-  - `wallet`: the name of the wallet to export (defaults to "primary")
-  - `exportpassphrase`: the passphrase with which to encrypt the wallet backup
-
-```sh
-$ ethdo wallet export --wallet="Personal wallet" --exportpassphrase="my export secret"
-0x01c7a27ad40d45b4ae5be5f...
-```
-
-The encrypted wallet export is written to the console; it can be redirected to store it in a file.
-
-```sh
-$ ethdo wallet export --wallet="Personal wallet" --exportpassphrase="my export secret" >export.dat
-```
-
-#### `import`
-
-`ethdo wallet import` imports a wallet and all of its accounts exported by `ethdo wallet export`.  Options for importing a wallet include:
-  - `importdata`: the data exported by `ethdo wallet export`
-  - `importpassphrase`: the passphrase that was provided to `ethdo wallet export` to encrypt the data
-
-```sh
-$ ethdo wallet import --importdata="0x01c7a27ad40d45b4ae5be5f..." --importpassphrase="my export secret"
-```
-
-The encrypted wallet export can be read from a file.  For example with Unix systems:
-
-```sh
-$ ethdo wallet import --importdata=`cat export.dat` --importpassphrase="my export secret"
-```
-
-#### `info`
-
-`ethdo wallet info` provides information about a given wallet.  Options include:
-  - `wallet`: the name of the wallet
-
-```sh
-$ ethdo wallet info --wallet="Personal wallet"
-Type: hierarchical deterministic
-Accounts: 3
-```
-
-#### `list`
-
-`ethdo wallet list` lists all wallets in the store.
-
-```sh
-$ ethdo wallet list
-Personal wallet
-```
-
-**N.B.** encrypted wallets will not show up in this list unless the correct passphrase for the store is supplied.
-
-#### `seed`
-
-`ethdo wallet seed` provides the seed for hierarchical deterministic wallets.  Options include:
-  - `wallet`: the name of the wallet
-  - `walletpassphrase`: the passphrase for the wallet
-
-```sh
-$ ethdo wallet seed --wallet="Personal wallet" --walletpassphrase="my wallet secret"
-decorate false mail domain gain later motion chair tank muffin smoke involve witness bean shell urge team solve share truly shadow decorate jeans hen
-```
-
-### `account` commands
-
-Account commands focus on information about local accounts, generally those used by Geth and Parity but also those from hardware devices.
-
-#### `create`
-
-`ethdo account create` creates a new account with the given parameters.  Options for creating an account include:
-  - `account`: the name of the account to create
-  - `passphrase`: the passphrase for the account
-
-Note that for hierarchical deterministic wallets you will also need to supply `--walletpassphrase` to unlock the wallet seed.
-
-```sh
-$ ethdo account create --account="Personal wallet/Operations" --walletpassphrase="my wallet secret" --passphrase="my account secret"
-```
-
-#### `info`
-
-`ethdo account info` provides information about the given account.  Options include:
-  - `account`: the name of the account on which to obtain information
-
-```sh
-$ ethdo account info --account="Personal wallet/Operations"
-Public key: 0x8e2f9e8cc29658ff37ecc30e95a0807579b224586c185d128cb7a7490784c1ad9b0ab93dbe604ab075b40079931e6670
-```
-
-### `signature` commands
-
-Signature commands focus on generation and verification of data signatures.
-
-#### `signature sign`
-
-`ethdo signature sign` signs provided data.  Options include:
-  - `data`: the data to sign, as a hex string
-  - `domain`: the domain in which to sign the data.  This is an 8-byte hex string (default 0x0000000000000000)
-  - `account`: the account to sign the data
-  - `passphrase`: the passphrase for the account
-
-```sh
-$ ethdo signature sign --data="0x08140077a94642919041503caf5cc1795b23ecf2" --account="Personal wallet/Operations" --passphrase="my account secret"
-0x89abe2e544ef3eafe397db036103b1d066ba86497f36ed4ab0264162eadc89c7744a2a08d43cec91df128660e70ecbbe11031b4c2e53682d2b91e67b886429bf8fac9bad8c7b63c5f231cc8d66b1377e06e27138b1ddc64b27c6e593e07ebb4b
-```
-
-#### `signature verify`
-
-`ethdo signature verify` verifies signed data.  Options include:
-  - `data`: the data whose signature to verify, as a hex string
-  - `signature`: the signature to verify, as a hex string
-  - `account`: the account which signed the data (if available as an account)
-  - `signer`: the public key of the account which signed the data (if not available as an account)
-
-```sh
-$ ethdo signature verify --data="0x08140077a94642919041503caf5cc1795b23ecf2" --signature="0x89abe2e544ef3eafe397db036103b1d066ba86497f36ed4ab0264162eadc89c7744a2a08d43cec91df128660e70ecbbe11031b4c2e53682d2b91e67b886429bf8fac9bad8c7b63c5f231cc8d66b1377e06e27138b1ddc64b27c6e593e07ebb4b" --account="Personal wallet/Operations"
-Verified
-$ ethdo signature verify --data="0x08140077a94642919041503caf5cc1795b23ecf2" --signature="0x89abe2e544ef3eafe397db036103b1d066ba86497f36ed4ab0264162eadc89c7744a2a08d43cec91df128660e70ecbbe11031b4c2e53682d2b91e67b886429bf8fac9bad8c7b63c5f231cc8d66b1377e06e27138b1ddc64b27c6e593e07ebb4b" --account="Personal wallet/Auctions"
-Not verified
-$ ethdo signature verify --data="0x08140077a94642919041503caf5cc1795b23ecf2" --signature="0x89abe2e544ef3eafe397db036103b1d066ba86497f36ed4ab0264162eadc89c7744a2a08d43cec91df128660e70ecbbe11031b4c2e53682d2b91e67b886429bf8fac9bad8c7b63c5f231cc8d66b1377e06e27138b1ddc64b27c6e593e07ebb4b" --signer="0x8e2f9e8cc29658ff37ecc30e95a0807579b224586c185d128cb7a7490784c1ad9b0ab93dbe604ab075b40079931e6670"
-Verified
-```
-
-The same rules apply to `ethereal signature verify` as those in `ethereal signature sign` above.
-
-### `version`
-
-`ethdo version` provides the current version of ethdo.  For example:
-
-```sh
-$ ethdo version
-1.0.0
-```
-
-### `validator` commands
-
-Validator commands focus on interaction with Ethereum 2 validators.
-
-#### `depositdata`
-
-`validator depositdata` generates the data required to deposit one or more Ethereum 2 validators.
-
-#### `exit`
-
-`validator exit` sends a transaction to the chain to tell an active validator to exit the validation queue.
-
-```sh
-$ ethdo validator exit --account=Validators/1 --passphrase="my validator secret"
-```
-
-#### `info`
-
-`validator info` provides information for a given validator.
-
-```sh
-$ ethdo validator info --account=Validators/1
-Status:            Active
-Balance:           3.203823585 Ether
-Effective balance: 3.1 Ether
-```
-
-Additional information is supplied when using `--verbose`
-
-```sh
-$ ethdo validator info --account=Validators/1 --verbose
-Epoch of data:          3398
-Index:                  26913
-Public key:             0xb3bb6b7a8d809e59544472853d219499765bf01d14de1e0549bd6fc2a86627ac9033264c84cd503b6339e3334726562f
-Status:                 Active
-Balance:                3.204026813 Ether
-Effective balance:      3.1 Ether
-Withdrawal credentials: 0x0033ef3cb10b36d0771ffe8a02bc5bfc7e64ea2f398ce77e25bb78989edbee36
-```
-
-If the validator is not an account it can be queried directly with `--pubkey`.
-
-```sh
-$ ethdo validator info --pubkey=0x842dd66cfeaeff4397fc7c94f7350d2131ca0c4ad14ff727963be9a1edb4526604970df6010c3da6474a9820fa81642b
-Status:            Active
-Balance:           3.201850307 Ether
-Effective balance: 3.1 Ether
-```
+Command information, along with sample outputs and optional arguments, is available in [the usage section](https://github.com/wealdtech/ethdo/blob/master/docs/usage.md).

 ## Maintainers

--- a/cmd/blockinfo.go
+++ b/cmd/blockinfo.go
@@ -15,6 +15,7 @@ package cmd

 import (
 	"bytes"
+	"encoding/hex"
 	"fmt"
 	"os"
 	"sort"
@@ -62,15 +63,17 @@ In quiet mode this will return 0 if the block information is present and not ski
 		// General info.
 		outputIf(verbose, fmt.Sprintf("Parent root: %#x", block.ParentRoot))
 		outputIf(verbose, fmt.Sprintf("State root: %#x", block.StateRoot))
-		if utf8.Valid(body.Graffiti) {
-			fmt.Printf("Graffiti: %s\n", string(body.Graffiti))
-		} else {
-			fmt.Printf("Graffiti: %#x\n", body.Graffiti)
+		if len(body.Graffiti) > 0 && hex.EncodeToString(body.Graffiti) != "0000000000000000000000000000000000000000000000000000000000000000" {
+			if utf8.Valid(body.Graffiti) {
+				fmt.Printf("Graffiti: %s\n", string(body.Graffiti))
+			} else {
+				fmt.Printf("Graffiti: %#x\n", body.Graffiti)
+			}
 		}

 		// Eth1 data.
 		eth1Data := body.Eth1Data
-		fmt.Printf("Ethereum 1 deposit count: %d\n", eth1Data.DepositCount)
+		outputIf(verbose, fmt.Sprintf("Ethereum 1 deposit count: %d", eth1Data.DepositCount))
 		outputIf(verbose, fmt.Sprintf("Ethereum 1 deposit root: %#x", eth1Data.DepositRoot))
 		outputIf(verbose, fmt.Sprintf("Ethereum 1 block hash: %#x", eth1Data.BlockHash))

--- a/cmd/chaininfo.go
+++ b/cmd/chaininfo.go
@@ -44,11 +44,7 @@ In quiet mode this will return 0 if the chain information can be obtained, other
 		}

 		fmt.Printf("Genesis time:\t\t%s\n", genesisTime.Format(time.UnixDate))
-		slot := timestampToSlot(genesisTime.Unix(), time.Now().Unix(), config["SecondsPerSlot"].(uint64))
-		fmt.Printf("Current slot:\t\t%d\n", slot)
-		fmt.Printf("Current epoch:\t\t%d\n", slot/config["SlotsPerEpoch"].(uint64))
 		outputIf(verbose, fmt.Sprintf("Genesis fork version:\t%0x", config["GenesisForkVersion"].([]byte)))
-		outputIf(verbose, fmt.Sprintf("Genesis timestamp:\t%v", genesisTime.Unix()))
 		outputIf(verbose, fmt.Sprintf("Seconds per slot:\t%v", config["SecondsPerSlot"].(uint64)))
 		outputIf(verbose, fmt.Sprintf("Slots per epoch:\t%v", config["SlotsPerEpoch"].(uint64)))

--- a/cmd/chainstatus.go
+++ b/cmd/chainstatus.go
@@ -50,36 +50,41 @@ In quiet mode this will return 0 if the chain status can be obtained, otherwise

 		slot := timestampToSlot(genesisTime.Unix(), time.Now().Unix(), config["SecondsPerSlot"].(uint64))
 		if chainStatusSlot {
-			fmt.Printf("Current slot:\t\t%d\n", slot)
-			fmt.Printf("Justified slot:\t\t%d", info.GetJustifiedSlot())
+			fmt.Printf("Current slot: %d\n", slot)
+			fmt.Printf("Justified slot: %d\n", info.GetJustifiedSlot())
 			if verbose {
 				distance := slot - info.GetJustifiedSlot()
-				fmt.Printf(" (%d)", distance)
+				fmt.Printf("Justified slot distance: %d\n", distance)
 			}
-			fmt.Printf("\n")
-			fmt.Printf("Finalized slot:\t\t%d", info.GetFinalizedSlot())
+			fmt.Printf("Finalized slot: %d\n", info.GetFinalizedSlot())
 			if verbose {
 				distance := slot - info.GetFinalizedSlot()
-				fmt.Printf(" (%d)", distance)
+				fmt.Printf("Finalized slot distance: %d\n", distance)
+			}
+			if verbose {
+				fmt.Printf("Prior justified slot: %d\n", info.GetFinalizedSlot())
+				distance := slot - info.GetPreviousJustifiedSlot()
+				fmt.Printf("Prior justified slot distance: %d\n", distance)
 			}
-			fmt.Printf("\n")
-			outputIf(verbose, fmt.Sprintf("Prior justified slot:\t%v (%d)", info.GetPreviousJustifiedSlot(), slot-info.GetPreviousJustifiedSlot()))
 		} else {
 			slotsPerEpoch := config["SlotsPerEpoch"].(uint64)
-			fmt.Printf("Current epoch:\t\t%d\n", slot/slotsPerEpoch)
-			fmt.Printf("Justified epoch:\t%d", info.GetJustifiedSlot()/slotsPerEpoch)
+			epoch := slot / slotsPerEpoch
+			fmt.Printf("Current epoch: %d\n", epoch)
+			fmt.Printf("Justified epoch: %d\n", info.GetJustifiedSlot()/slotsPerEpoch)
 			if verbose {
 				distance := (slot - info.GetJustifiedSlot()) / slotsPerEpoch
-				fmt.Printf(" (%d)", distance)
+				fmt.Printf("Justified epoch distance %d\n", distance)
 			}
-			fmt.Printf("\n")
-			fmt.Printf("Finalized epoch:\t%d", info.GetFinalizedSlot()/slotsPerEpoch)
+			fmt.Printf("Finalized epoch: %d\n", info.GetFinalizedSlot()/slotsPerEpoch)
 			if verbose {
 				distance := (slot - info.GetFinalizedSlot()) / slotsPerEpoch
-				fmt.Printf(" (%d)", distance)
+				fmt.Printf("Finalized epoch distance: %d\n", distance)
+			}
+			if verbose {
+				fmt.Printf("Prior justified epoch: %d\n", info.GetPreviousJustifiedEpoch())
+				distance := (slot - info.GetPreviousJustifiedEpoch()) / slotsPerEpoch
+				fmt.Printf("Prior justified epoch distance: %d\n", distance)
 			}
-			fmt.Printf("\n")
-			outputIf(verbose, fmt.Sprintf("Prior justified epoch:\t%v (%d)", info.GetPreviousJustifiedSlot()/slotsPerEpoch, (slot-info.GetPreviousJustifiedSlot())/slotsPerEpoch))
 		}

 		os.Exit(_exitSuccess)
--- a/cmd/nodeinfo.go
+++ b/cmd/nodeinfo.go
@@ -46,23 +46,19 @@ In quiet mode this will return 0 if the node information can be obtained, otherw
 		if verbose {
 			version, metadata, err := grpc.FetchVersion(eth2GRPCConn)
 			errCheck(err, "Failed to obtain version")
-			fmt.Printf("Version:\t\t%s\n", version)
+			fmt.Printf("Version: %s\n", version)
 			if metadata != "" {
-				fmt.Printf("Metadata:\t%s\n", metadata)
+				fmt.Printf("Metadata: %s\n", metadata)
 			}
 		}
 		syncing, err := grpc.FetchSyncing(eth2GRPCConn)
 		errCheck(err, "Failed to obtain syncing state")
-		fmt.Printf("Syncing:\t\t%v\n", syncing)
+		fmt.Printf("Syncing: %v\n", syncing)

-		fmt.Printf("Genesis time:\t\t%s\n", genesisTime.Format(time.UnixDate))
 		slot := timestampToSlot(genesisTime.Unix(), time.Now().Unix(), config["SecondsPerSlot"].(uint64))
-		fmt.Printf("Current slot:\t\t%d\n", slot)
-		fmt.Printf("Current epoch:\t\t%d\n", slot/config["SlotsPerEpoch"].(uint64))
-		outputIf(verbose, fmt.Sprintf("Genesis fork version:\t%0x", config["GenesisForkVersion"].([]byte)))
-		outputIf(verbose, fmt.Sprintf("Genesis timestamp:\t%v", genesisTime.Unix()))
-		outputIf(verbose, fmt.Sprintf("Seconds per slot:\t%v", config["SecondsPerSlot"].(uint64)))
-		outputIf(verbose, fmt.Sprintf("Slots per epoch:\t%v", config["SlotsPerEpoch"].(uint64)))
+		fmt.Printf("Current slot: %d\n", slot)
+		fmt.Printf("Current epoch: %d\n", slot/config["SlotsPerEpoch"].(uint64))
+		outputIf(verbose, fmt.Sprintf("Genesis timestamp: %v", genesisTime.Unix()))

 		os.Exit(_exitSuccess)
 	},
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -416,8 +416,11 @@ func initRemote() error {
 	remote = true
 	remoteAddr = viper.GetString("remote")
 	clientCert = viper.GetString("client-cert")
+	assert(clientCert != "", "--remote requires --client-cert")
 	clientKey = viper.GetString("client-key")
+	assert(clientKey != "", "--remote requires --client-key")
 	serverCACert = viper.GetString("server-ca-cert")
+	assert(serverCACert != "", "--remote requires --server-ca-cert")

 	// Load the client certificates.
 	clientPair, err := tls.LoadX509KeyPair(clientCert, clientKey)
--- a/cmd/validatordepositdata.go
+++ b/cmd/validatordepositdata.go
@@ -136,7 +136,7 @@ In quiet mode this will return 0 if the the data can be generated correctly, oth
 				txData = append(txData, signedDepositData.Signature...)
 				outputs = append(outputs, fmt.Sprintf("%#x", txData))
 			} else {
-				outputs = append(outputs, fmt.Sprintf(`{"account":"%s","pubkey":"%048x","withdrawal_credentials":"%032x","signature":"%096x","value":%d,"deposit_data_root":"%032x"}`, fmt.Sprintf("%s/%s", validatorWallet.Name(), validatorAccount.Name()), signedDepositData.PubKey, signedDepositData.WithdrawalCredentials, signedDepositData.Signature, val, depositDataRoot))
+				outputs = append(outputs, fmt.Sprintf(`{"account":"%s","pubkey":"%048x","withdrawal_credentials":"%032x","signature":"%096x","value":%d,"deposit_data_root":"%032x","version":1}`, fmt.Sprintf("%s/%s", validatorWallet.Name(), validatorAccount.Name()), signedDepositData.PubKey, signedDepositData.WithdrawalCredentials, signedDepositData.Signature, val, depositDataRoot))
 			}
 		}

--- a/cmd/version.go
+++ b/cmd/version.go
@@ -30,7 +30,7 @@ var versionCmd = &cobra.Command{

    ethdo version.`,
 	Run: func(cmd *cobra.Command, args []string) {
-		fmt.Println("1.4.0")
+		fmt.Println("1.4.2")
 		if viper.GetBool("verbose") {
 			buildInfo, ok := dbg.ReadBuildInfo()
 			if ok {
--- a/docs/prysm.md
+++ b/docs/prysm.md
@@ -0,0 +1,242 @@
+# Using ethdo with Prysm
+
+## Installing ethdo
+
+1. To install `ethdo`, issue the following command:
+
+```sh
+GO111MODULE=on go get github.com/wealdtech/ethdo@latest
+```
+
+2. Ensure `ethdo` is installed properly by issuing the command:
+
+```sh
+ethdo version
+```
+
+Ensure the output matches the most recent version listed on the repository's [release history](https://github.com/wealdtech/ethdo/releases/).
+
+## Typical validating setups
+
+This section outlines the process of setting up a configuration with two validators and a single withdrawal account using ethdo.
+
+### Generating a wallet
+
+To create a non-deterministic wallet, where keys generated from random data, issue the command:
+```sh
+ethdo wallet create --wallet=Validators
+```
+
+If you prefer to have a hierarchical deterministic wallet, where keys are generated from a seed, issue the command:
+
+```sh
+ethdo wallet create --wallet=Validators --type=hd --walletpassphrase=walletsecret`
+```
+
+This creates a wallet called "Validators" in your current directory which contains the newly generated seed data.
+
+> The `--walletpassphrase` flag and input is required to protect the seed. It is critical that you keep it private and secure.
+
+ Once the wallet is created, fetch its data to ensure it exists by issuing the following command:
+
+```sh
+ethdo wallet info --wallet=Validators
+```
+
+This command will produce output like so:
+
+```sh
+Type: non-deterministic
+Accounts: 0
+```
+
+### Generating multiple wallets
+
+To create two separate wallets with different passphrases, issue the command:
+```sh
+ethdo account create --account=Validators/1 --passphrase=validator1secret
+ethdo account create --account=Validators/2 --passphrase=validator2secret
+```
+
+ > The two validators are given different passphrases in the above example.  This is not required; all validators can have the same password if you prefer.
+
+### Creating a withdrawal wallet and account
+
+It is recommended to set up separate wallets for withdrawals and validator nodes. This allows users to have a validator wallet actively running on the node, while a second wallet key can be kept securely offline in cold storage.
+
+Creating a withdrawal wallet and account is very similar to the process above to generate validator accounts.  For example:
+
+```sh
+ethdo wallet create --wallet=Withdrawal
+ethdo account create --account=Withdrawal/Primary --passphrase=withdrawalsecret
+```
+
+This creates a wallet called "Withdrawal" and within it an account called "Primary". It is also possible to apply additional protection to the Withdrawal wallet if desired; see the `ethdo` documentation for details.
+
+### Depositing funds for a validator
+
+The validator now requires deposited funds. If you do not have any Göerli Ether, the best approach is to follow the steps at https://prylabs.net/participate to use the faucet and make a deposit -- **however**, for step 3, do not run the commands provided.  Instead, run the following command to generate the deposit data requested:
+
+```sh
+ethdo validator depositdata \
+      --validatoraccount=Validators/1 \
+      --withdrawalaccount=Withdrawal/Primary \
+      --depositvalue=32Ether \
+      --passphrase=validator1secret \
+      --raw
+```
+
+The raw data output of this command can be pasted in to the webpage above to generate the required transaction for validator 1 (and can be repeated for validator 2, or as many validators as you wish).
+
+Alternatively, if you have your own Göerli ETH, you can send deposit transactions directly to the Göerli testnet.  You can create JSON output containing the deposit data:
+
+```sh
+ethdo validator depositdata \
+      --validatoraccount=Validators/1 \
+      --withdrawalaccount=Withdrawal/Primary \
+      --depositvalue=32Ether \
+      --passphrase=validator1secret
+{"account":"Validators/1","pubkey":"a9ca9cf7fa2d0ab1d5d52d2d8f79f68c50c5296bfce81546c254df68eaac0418717b2f9fc6655cbbddb145daeb282c00","withdrawal_credentials":"0059a28dc2db987d59bdfc4ab20b9ad4c83888bcd32456a629aece07de6895aa","signature":"9335b872253fdab328678bd3636115681d52b42fe826c6acb7f1cd1327c6bba48e3231d054e4f274cc7c1c184f28263b13083e01db8c08c17b59f22277dff341f7c96e7a0407a0a31c8563bcf479d31136c833712ae3bfd93ee9ea6abdfa52d4","value":3200000000,"deposit_data_root":"14278c9345eeeb7b2d5307a36ed1c72eea5ed09a30cf7c47525e34f39f564ef5"}
+```
+
+This can be passed to [ethereal](https://github.com/wealdtech/ethereal) to send the deposit on Linux/OSX:
+
+```sh
+DEPOSITDATA=`ethdo validator depositdata \
+                   --validatoraccount=Validators/1 \
+                   --withdrawalaccount=Withdrawal/Primary \
+                   --depositvalue=32Ether \
+                   --passphrase=validator1secret`
+ethereal beacon deposit \
+      --network=goerli \
+      --data="${DEPOSITDATA}" \
+      --from=0x21A1A52aba41DB18F9F1D2625e1b19A251F3e0A9 \
+      --passphrase=eth1secret
+```
+
+or on Windows:
+
+```sh
+ethdo validator depositdata \
+      --validatoraccount=Validators/1 \
+      --withdrawalaccount=Withdrawal/Primary \
+      --depositvalue=32Ether \
+      --passphrase=validator1secret >depositdata.json
+ethereal beacon deposit \
+      --network=goerli \
+      --data=depositdata.json \
+      --from=0x21A1A52aba41DB18F9F1D2625e1b19A251F3e0A9 \
+      --passphrase=eth1secret
+erase depositdata.json
+```
+
+The `ethereal` command can either take a `passphrase`, if the `from` address is a local account (confirm with `ethereal --network=goerli account list`) or a `privatekey` if not.
+
+### Validating
+
+The next step is to start the validator using the validating keys that have been created.
+
+#### Keymanager options
+
+Although options for the wallet keymanager can be supplied directly on the command-line this is not considered best practice, as it exposes sensitive information such as passphrases, so it is better to create a file that contains this information and reference that file.
+
+To create the relevant directory run the following for Linux/OSX:
+
+```sh
+mkdir -p ${HOME}/prysm/validator
+```
+
+or for Windows:
+
+```sh
+mkdir  %APPDATA%\prysm\validator
+```
+
+
+and then use your favourite text editor to create a file in this directory called `wallet.json` with the following contents:
+
+```json
+{
+  "accounts": [
+    "Validators/1",
+    "Validators/2"
+  ],
+  "passphrases": [
+    "validator1secret",
+    "validator2secret"
+  ]
+}
+```
+
+#### Starting the validator with Bazel
+
+To start the validator you must supply the desired keymanager and the location of the keymanager options file.   Run the following command for Linux/OSX:
+
+```sh
+bazel run //validator:validator -- --keymanager=wallet --keymanageropts=${HOME}/prysm/validator/wallet.json
+```
+
+or for Windows:
+
+```sh
+bazel run //validator:validator -- --keymanager=wallet --keymanageropts=%APPDATA%\prysm\validator\wallet.json
+```
+
+#### Starting the validator with Docker
+
+Docker will not have direct access to the wallet created above, and requires the keymanager to be informed of the mapped location of the wallet.  Edit the `wallet.json` file to include a location entry, as follows:
+
+```json
+{
+  "location": "/wallets",
+  "accounts": [
+    "Validators/1",
+    "Validators/2"
+  ],
+  "passphrases": [
+    "validator1secret",
+    "validator2secret"
+  ]
+}
+```
+
+Then run the validator by issuing the following command on Linux:
+
+```sh
+ docker run -v "${HOME}/prysm/validator:/data" \
+      -v "${HOME}/.config/ethereum2/wallets:/wallets" \
+      gcr.io/prysmaticlabs/prysm/validator:latest \
+      --keymanager=wallet \
+      --keymanageropts=/data/wallet.json
+```
+
+or for OSX:
+
+```sh
+ docker run -v "${HOME}/prysm/validator:/data" \
+      -v "${HOME}/Library/Application Support/ethereum2/wallets:/wallets" \
+      gcr.io/prysmaticlabs/prysm/validator:latest \
+      --keymanager=wallet \
+      --keymanageropts=/data/wallet.json
+```
+
+or for Windows:
+
+```sh
+ docker run -v %APPDATA%\prysm\validator:/data" \
+      -v %APPDATA%\ethereum2\wallets:/wallets" \
+      gcr.io/prysmaticlabs/prysm/validator:latest \
+      --keymanager=wallet \
+      --keymanageropts=/data/wallet.json
+```
+
+#### Confirming validation
+
+When the validator is operational, you should see output similar to:
+
+```text
+[2020-02-07 10:00:59]  INFO node: Validating for public key pubKey=0x85016bd4ca67e57e1438308fdb3d98b74b81428fb09e6d16d2dcbc72f240be090d5faebb63f84d6f35a950fdbb36f910
+[2020-02-07 10:00:59]  INFO node: Validating for public key pubKey=0x8de04b4cd3f0947f4e76fa2f86fa1cfd33cc2500688f2757e406448c36f0f1255758874b46d72002ad206ed560975d39
+```
+
+where each line states a public key that is being used for validating.  Confirm that these values match your expectations.
--- a/docs/usage.md
+++ b/docs/usage.md
@@ -0,0 +1,392 @@
+# ethdo commands
+
+ethdo provides features to manage wallets and accounts, as well as interacting with Ethereum 2 nodes and remote signers.  Below are a list of all available commands.
+
+### `wallet` commands
+
+#### `accounts`
+
+`ethdo wallet accouts` lists the accounts within a wallet.  
+
+```sh
+$ ethdo wallet accounts --wallet="Personal wallet"
+Auctions
+Operations
+Spending
+```
+
+With the `--verbose` flag this will provide the public key of the accounts.
+
+```sh
+$ ethdo wallet accounts --wallet="Personal wallet" --verbose
+Auctions: 0x812f340269c315c1d882ae7c13cdaddf862dbdbd482b1836798b2070160dd1e194088cc6f39347782028d1e56bd18674
+Operations: 0x8e2f9e8cc29658ff37ecc30e95a0807579b224586c185d128cb7a7490784c1ad9b0ab93dbe604ab075b40079931e6670
+Spending: 0x85dfc6dcee4c9da36f6473ec02fda283d6c920c641fc8e3a76113c5c227d4aeeb100efcfec977b12d20d571907d05650
+```
+#### `create`
+
+`ethdo wallet create` creates a new wallet with the given parameters.  Options for creating a wallet include:
+  - `wallet`: the name of the wallet to create (defaults to "primary")
+  - `type`: the type of wallet to create.  This can be either "nd" for a non-deterministic wallet, where private keys are generated randomly, or "hd" for a hierarchical deterministic wallet, where private keys are generated from a seed and path as per [ERC-2333](https://github.com/CarlBeek/EIPs/blob/bls_path/EIPS/eip-2334.md) (defaults to "nd")
+  - `walletpassphrase`: the passphrase for of the wallet.  This is required for hierarchical deterministic wallets, to protect the seed
+
+```sh
+$ ethdo wallet create --wallet="Personal wallet" --type="hd" --walletpassphrase="my wallet secret"
+```
+
+#### `export`
+
+`ethdo wallet export` exports the wallet and all of its accounts.  Options for exporting a wallet include:
+  - `wallet`: the name of the wallet to export (defaults to "primary")
+  - `exportpassphrase`: the passphrase with which to encrypt the wallet backup
+
+```sh
+$ ethdo wallet export --wallet="Personal wallet" --exportpassphrase="my export secret"
+0x01c7a27ad40d45b4ae5be5f...
+```
+
+The encrypted wallet export is written to the console; it can be redirected to store it in a file.
+
+```sh
+$ ethdo wallet export --wallet="Personal wallet" --exportpassphrase="my export secret" >export.dat
+```
+
+#### `import`
+
+`ethdo wallet import` imports a wallet and all of its accounts exported by `ethdo wallet export`.  Options for importing a wallet include:
+  - `importdata`: the data exported by `ethdo wallet export`
+  - `importpassphrase`: the passphrase that was provided to `ethdo wallet export` to encrypt the data
+
+```sh
+$ ethdo wallet import --importdata="0x01c7a27ad40d45b4ae5be5f..." --importpassphrase="my export secret"
+```
+
+The encrypted wallet export can be read from a file.  For example with Unix systems:
+
+```sh
+$ ethdo wallet import --importdata=`cat export.dat` --importpassphrase="my export secret"
+```
+
+#### `info`
+
+`ethdo wallet info` provides information about a given wallet.  Options include:
+  - `wallet`: the name of the wallet
+
+```sh
+$ ethdo wallet info --wallet="Personal wallet"
+Type: hierarchical deterministic
+Accounts: 3
+```
+
+#### `list`
+
+`ethdo wallet list` lists all wallets in the store.
+
+```sh
+$ ethdo wallet list
+Personal wallet
+```
+
+**N.B.** encrypted wallets will not show up in this list unless the correct passphrase for the store is supplied.
+
+#### `seed`
+
+`ethdo wallet seed` provides the seed for hierarchical deterministic wallets.  Options include:
+  - `wallet`: the name of the wallet
+  - `walletpassphrase`: the passphrase for the wallet
+
+```sh
+$ ethdo wallet seed --wallet="Personal wallet" --walletpassphrase="my wallet secret"
+decorate false mail domain gain later motion chair tank muffin smoke involve witness bean shell urge team solve share truly shadow decorate jeans hen
+```
+
+### `account` commands
+
+Account commands focus on information about local accounts, generally those used by Geth and Parity but also those from hardware devices.
+
+#### `create`
+
+`ethdo account create` creates a new account with the given parameters.  Options for creating an account include:
+  - `account`: the name of the account to create
+  - `passphrase`: the passphrase for the account
+
+Note that for hierarchical deterministic wallets you will also need to supply `--walletpassphrase` to unlock the wallet seed.
+
+```sh
+$ ethdo account create --account="Personal wallet/Operations" --walletpassphrase="my wallet secret" --passphrase="my account secret"
+```
+#### `import`
+
+`ethdo account import` creates a new account by importing its private key.  Options for creating the account include:
+  - `account`: the name of the account to create
+  - `passphrase`: the passphrase for the account
+  - `key`: the private key to import
+
+```sh
+$ ethdo account import --account=Validators/123 --key=6dd12d588d1c05ba40e80880ac7e894aa20babdbf16da52eae26b3f267d68032 --passphrase="my account secret"
+```
+
+#### `info`
+
+`ethdo account info` provides information about the given account.  Options include:
+  - `account`: the name of the account on which to obtain information
+
+```sh
+$ ethdo account info --account="Personal wallet/Operations"
+Public key: 0x8e2f9e8cc29658ff37ecc30e95a0807579b224586c185d128cb7a7490784c1ad9b0ab93dbe604ab075b40079931e6670
+```
+
+#### `key`
+
+`ethdo account key` provides the private key for an account.  Options include:
+  - `account`: the name of the account on which to obtain information
+  - `passphrase`: the passphrase for the account
+
+```sh
+$ ethdo account key --account=interop/00001 --passphrase=secret
+0x51d0b65185db6989ab0b560d6deed19c7ead0e24b9b6372cbecb1f26bdfad000
+```
+
+#### `lock`
+
+`ethdo account lock` manually locks an account on a remote signer.  Locked accounts cannot carry out signing requests.  Options include:
+  - `account`: the name of the account to lock
+
+Note that this command only works with remote signers; it has no effect on local accounts.
+
+```sh
+$ ethdo account lock --account=Validators/123
+```
+
+#### `unlock`
+
+`ethdo account unlock` manually unlocks an account on a remote signer.  Unlocked accounts cannot carry out signing requests.  Options include:
+  - `account`: the name of the account to unlock
+  - `passphrase`: the passphrase for the account
+
+Note that this command only works with remote signers; it has no effect on local accounts.
+
+```sh
+$ ethdo account unlock --account=Validators/123 --passphrase="my secret passphrase"
+```
+
+### `signature` commands
+
+Signature commands focus on generation and verification of data signatures.
+
+#### `signature sign`
+
+`ethdo signature sign` signs provided data.  Options include:
+  - `data`: the data to sign, as a hex string
+  - `domain`: the domain in which to sign the data.  This is a 32-byte hex string
+  - `account`: the account to sign the data
+  - `passphrase`: the passphrase for the account
+
+```sh
+$ ethdo signature sign --data="0x08140077a94642919041503caf5cc1795b23ecf2" --account="Personal wallet/Operations" --passphrase="my account secret"
+0x89abe2e544ef3eafe397db036103b1d066ba86497f36ed4ab0264162eadc89c7744a2a08d43cec91df128660e70ecbbe11031b4c2e53682d2b91e67b886429bf8fac9bad8c7b63c5f231cc8d66b1377e06e27138b1ddc64b27c6e593e07ebb4b
+```
+
+#### `signature verify`
+
+`ethdo signature verify` verifies signed data.  Options include:
+  - `data`: the data whose signature to verify, as a hex string
+  - `signature`: the signature to verify, as a hex string
+  - `account`: the account which signed the data (if available as an account)
+  - `signer`: the public key of the account which signed the data (if not available as an account)
+
+```sh
+$ ethdo signature verify --data="0x08140077a94642919041503caf5cc1795b23ecf2" --signature="0x89abe2e544ef3eafe397db036103b1d066ba86497f36ed4ab0264162eadc89c7744a2a08d43cec91df128660e70ecbbe11031b4c2e53682d2b91e67b886429bf8fac9bad8c7b63c5f231cc8d66b1377e06e27138b1ddc64b27c6e593e07ebb4b" --account="Personal wallet/Operations"
+Verified
+$ ethdo signature verify --data="0x08140077a94642919041503caf5cc1795b23ecf2" --signature="0x89abe2e544ef3eafe397db036103b1d066ba86497f36ed4ab0264162eadc89c7744a2a08d43cec91df128660e70ecbbe11031b4c2e53682d2b91e67b886429bf8fac9bad8c7b63c5f231cc8d66b1377e06e27138b1ddc64b27c6e593e07ebb4b" --account="Personal wallet/Auctions"
+Not verified
+$ ethdo signature verify --data="0x08140077a94642919041503caf5cc1795b23ecf2" --signature="0x89abe2e544ef3eafe397db036103b1d066ba86497f36ed4ab0264162eadc89c7744a2a08d43cec91df128660e70ecbbe11031b4c2e53682d2b91e67b886429bf8fac9bad8c7b63c5f231cc8d66b1377e06e27138b1ddc64b27c6e593e07ebb4b" --signer="0x8e2f9e8cc29658ff37ecc30e95a0807579b224586c185d128cb7a7490784c1ad9b0ab93dbe604ab075b40079931e6670"
+Verified
+```
+
+The same rules apply to `ethereal signature verify` as those in `ethereal signature sign` above.
+
+### `version`
+
+`ethdo version` provides the current version of ethdo.  For example:
+
+```sh
+$ ethdo version
+1.4.0
+```
+
+### `block` commands
+
+Block commands focus on providing information about Ethereum 2 blocks.
+#### `info`
+
+`ethdo block info` obtains information about a block in Ethereum 2.  Options include:
+  - `slot`: the slot at which to attempt to fetch the block
+
+```sh
+$ ethdo block info --slot=80 
+Attestations: 1
+Attester slashings: 0
+Deposits: 0
+Voluntary exits: 0
+```
+
+Additional information is supplied when using `--verbose`
+
+```sh
+$ ethdo block info --slot=80 --verbose
+Parent root: 0x9a08aab7d5bbc816a9d2c20c79895519da2045e99ac6782ab3d05323a395fe51
+State root: 0xc6a2626ba5cb37f984bdc4da4dc93a5012be5b69fdcebc50be70a1181a290265
+Ethereum 1 deposit count: 512
+Ethereum 1 deposit root: 0x05b88acdde2092e1ecf35714dca0ccf82fb7e73180643f51d3139553136d125f
+Ethereum 1 block hash: 0x2b8d87e016376d83b2c04c1e626172a3f8bef3b4a37d7f2f3f76d0c62acdf573
+Attestations: 1
+	0:
+		Committee index: 0
+		Attesters: 17
+		Aggregation bits: ✓✓✓✓✓✓✓✓ ✓✓✓✓✓✓✓✓ ✕✕✕✕✕✕✕✓
+		Slot: 79
+		Beacon block root: 0x9a08aab7d5bbc816a9d2c20c79895519da2045e99ac6782ab3d05323a395fe51
+		Source epoch: 0
+		Source root: 0x0000000000000000000000000000000000000000000000000000000000000000
+		Target epoch: 2
+		Target root: 0xb93273c516fc817e64fab53ff4093f295e5da463582e85e1ca60800e9464faf2
+Attester slashings: 0
+Deposits: 0
+Voluntary exits: 0
+```
+
+### `chain` commands
+
+Chain commands focus on providing information about Ethereum 2 chains.
+
+#### `info`
+
+`ethdo chain info` obtains information about an Ethereum 2 chain.
+
+```sh
+$ ethdo chain info
+Genesis time:		Thu Apr 16 08:02:43 BST 2020
+```
+
+Additional information is supplied when using `--verbose`
+
+```sh
+$ ethdo chain info --verbose
+Genesis time:		Thu Apr 16 08:02:43 BST 2020
+Genesis fork version:	00000000
+Seconds per slot:	12
+Slots per epoch:	32
+```
+
+#### `status`
+
+`ethdo chain status` obtains the status of an Ethereum 2 chain from the node's point of view.  Options include:
+  - `slot` show output in terms of slots rather than epochs
+
+```sh
+$ ethdo chain status
+Current epoch: 5
+Justified epoch: 4
+Finalized epoch: 3
+```
+
+Additional information is supplied when using `--verbose`
+
+```sh
+$ ethdo chain status --verbose
+Current epoch: 5
+Justified epoch: 4
+Justified epoch distance 1
+Finalized epoch: 3
+Finalized epoch distance: 2
+Prior justified epoch: 3
+Prior justified epoch distance: 4
+```
+
+### `node` commands
+
+Node commands focus on information from an Ethereum 2 node.
+
+#### `info`
+
+`ethdo node info` obtains the information about an Ethereum 2 node.
+
+```sh
+$ ethdo node info
+Syncing: false
+Current slot: 178
+Current epoch: 5
+```
+
+Additional information is supplied when using `--verbose`
+
+```sh
+$ ethdo node info --verbose
+Version: Prysm/Git commit: b0aa6e22455e4d9cb8720a259771fbbbd22dc3ec. Built at: 2020-04-16T08:02:43+01:00
+Syncing: false
+Current slot: 178
+Current epoch: 5
+Genesis timestamp: 1587020563
+```
+### `validator` commands
+
+Validator commands focus on interaction with Ethereum 2 validators.
+
+#### `depositdata`
+
+`ethdo validator depositdata` generates the data required to deposit one or more Ethereum 2 validators.
+
+#### `exit`
+
+`ethdo validator exit` sends a transaction to the chain to tell an active validator to exit the validation queue.
+
+```sh
+$ ethdo validator exit --account=Validators/1 --passphrase="my validator secret"
+```
+
+#### `info`
+
+`ethdo validator info` provides information for a given validator.
+
+```sh
+$ ethdo validator info --account=Validators/1
+Status:            Active
+Balance:           3.203823585 Ether
+Effective balance: 3.1 Ether
+```
+
+Additional information is supplied when using `--verbose`
+
+```sh
+$ ethdo validator info --account=Validators/1 --verbose
+Epoch of data:          3398
+Index:                  26913
+Public key:             0xb3bb6b7a8d809e59544472853d219499765bf01d14de1e0549bd6fc2a86627ac9033264c84cd503b6339e3334726562f
+Status:                 Active
+Balance:                3.204026813 Ether
+Effective balance:      3.1 Ether
+Withdrawal credentials: 0x0033ef3cb10b36d0771ffe8a02bc5bfc7e64ea2f398ce77e25bb78989edbee36
+```
+
+If the validator is not an account it can be queried directly with `--pubkey`.
+
+```sh
+$ ethdo validator info --pubkey=0x842dd66cfeaeff4397fc7c94f7350d2131ca0c4ad14ff727963be9a1edb4526604970df6010c3da6474a9820fa81642b
+Status:            Active
+Balance:           3.201850307 Ether
+Effective balance: 3.1 Ether
+```
+
+## Maintainers
+
+Jim McDonald: [@mcdee](https://github.com/mcdee).
+
+## Contribute
+
+Contributions welcome. Please check out [the issues](https://github.com/wealdtech/ethdo/issues).
+
+## License
+
+[Apache-2.0](LICENSE) © 2019, 2020 Weald Technology Trading Ltd
+
Author	SHA1	Message	Date
Jim McDonald	e2192f6992	Version deposit data for additional security	2020-04-17 18:53:31 +01:00
Jim McDonald	864aa24484	Update docs	2020-04-16 08:43:51 +01:00
Jim McDonald	9f8d7c3f7b	Update Prysm docs	2020-04-16 08:03:07 +01:00
Jim McDonald	4f643ad952	Add documentation for prysm	2020-04-16 07:55:02 +01:00