Is it possible to create a Multisig address from 2 wallet addresses in 1 node

+1 vote


Of course the need and use of multisig addresses are paramount, however I am somewhat perplex why it seem like a multisig address cannot be "usefully" be created using two (2) wallet addresses from a single node. Here is the reason for my (seemingly outrageous) statement...

Creating and using a mutisig from two (2) wallet addresses and two (2) different nodes works perfectly as each wallet's pubkey is stored separatly in their respective nodes, resulting in a transaction sent from the multisig requires obtaining the signatures from both walllets before the transaction is "complete" and can be broadcast to the blockchain. The process flow for a 2-of-N multisig can be viewed as: create  -> incomplete ->  sign -> complete -> send.

However, if a multisig address is created from two (2) wallets on the same node, creating a transaction using this multisig...surprisingly (at a first glance)...the transaction is immediately considered "complete" In comparison, the process flow is: create -> complete -> send.

I fully understand why technically this is correct (both wallet's pubkey are held in the node). However, this "behaviour" or outcome seems to render the use of multisig "not useful" i.e. it seems contrary to the intended (and expected) use of multisig.

As a cautionary note: be very careful if you use importprivkey and import a multisig's signatory wallet into the same node of another signatory wallet...a case of the "unintended consequences" will bemoan you.

I am relative new to this exciting world of I missing something? I await your response.




asked Oct 15, 2017 by WRM

1 Answer

0 votes

Well, the signrawtransaction API signs everything it can in a transaction, so if both private keys for a multisig input are in the node's wallets, it will sign that input with both.

If you want to explicitly control which private keys are used for signing a transaction, use the 'private key' parameter of signrawtransaction, passing in private keys obtained using dumpprivkey.

But I might add that in terms of security, there is no point in a multisig whose private keys are all stored in the same place.

answered Oct 16, 2017 by MultiChain
Thanks for the 'heads up' on the ability to explicitly control which private keys are used for signing a transaction.

In the last sentence of your response, you stated "...there is no point in a multisig whose private keys are all stored in the same place".

Is it not a valid scenario to have one node setup to assign addresses to one department of a company, such as 'Finance' and create a 2-of-3 multisig address where all three (3) signatory addresses are from the 'Finance' node.
Then any transaction created by the multisig address will of course require to be signed by two (2) signatures.

What is the recommended implementation to cater for this requirement?
The problem is that if the node is stored both private keys then anyone who can access one can also access the other. So it would be fake security.

If you want genuine division of control you need to either hold the private keys in different nodes, or else hold them outside of the node - see:
Thanks...your advice is understood and appreciated.