This tutorial shows how to remove a regular key pair from an account. You can do this if you suspect your regular key pair is compromised.
To replace an existing regular key pair with a new regular key pair, follow the exact same process as assigning a regular key pair for the first time.
By following this tutorial, you should learn how to:
- Look up the regular key pair associated with an account, if any.
- Remove the regular key pair from an account.
To complete this tutorial, you should:
- Have a basic understanding of the XRP Ledger.
- Have an XRP Ledger client library, such as xrpl.js, installed.
- Have a basic understanding of Cryptographic Keys.
You can find the complete source code for this tutorial's examples in the code samples section of this website's repository.
From the code sample folder, use npm to install dependencies:
npm iTo get started, import the client library and instantiate an API client. For this tutorial, you need one account, which the sample code funds using the Testnet faucet; you could also use an existing account.
import xrpl from 'xrpl'
const client = new xrpl.Client('wss://s.altnet.rippletest.net:51233')
await client.connect()
console.log('Funding new wallet from faucet...')
const { wallet } = await client.fundWallet()
console.log(`Funded. Master key pair:
Address: ${wallet.address}
Seed: ${wallet.seed}
`)Before you can remove the regular key pair from an account, the account has to have a regular key pair assigned in the first place. Since the sample code uses a fresh account from the faucet, it needs to generate and assign a regular key pair. Skip this part if you are using an existing account that already has a regular key pair assigned.
// Generate a regular key and assign it to the account -------------------------
// Skip this step if you are using a pre-existing account that already has a
// regular key configured.
const algorithm = 'ed25519'
const regularKeyPair = xrpl.Wallet.generate(algorithm)
console.log(`Generated regular key pair:
Address: ${regularKeyPair.address}
Seed: ${regularKeyPair.seed}
Algorithm: ${algorithm}
`)
const regularKeyTx = {
TransactionType: 'SetRegularKey',
Account: wallet.address,
RegularKey: regularKeyPair.address
}
xrpl.validate(regularKeyTx)
console.log('Assigning regular key to the account...')
const response = await client.submitAndWait(regularKeyTx, { wallet, autofill: true })
const setRegularKeyResultCode = response.result.meta.TransactionResult
if (setRegularKeyResultCode === 'tesSUCCESS') {
console.log('Regular Key set successfully.')
} else {
console.error(`SetRegularKey failed with code ${setRegularKeyResultCode}.`)
client.disconnect()
process.exit(1)
}Before you disable the regular key, you may want to confirm that the account has a regular key assigned and check which key it is. To do this, use the account_info method and look at for a RegularKey field in the account data. If the field is present, it contains the address of the regular key pair; if the field is absent, the account does not currently have a regular key pair authorized.
This step is optional; you can remove the regular key pair without knowing which key it is.
// Check regular key associated with account -----------------------------------
const accountInfoResp = await client.request({
command: 'account_info',
account: wallet.address,
ledger_index: 'validated'
})
if (accountInfoResp.error) {
console.error('Error looking up account:', accountInfoResp.error)
client.disconnect()
process.exit(1)
}
console.log(`Account info for ${wallet.address}:`)
console.log(JSON.stringify(accountInfoResp.result.account_data, null, 2))
if (accountInfoResp.result.account_data.RegularKey) {
console.log('Current regular key:',
accountInfoResp.result.account_data.RegularKey
)
} else {
console.log('No regular key set.')
client.disconnect()
process.exit(1)
}To remove the regular key pair, send a SetRegularKey transaction without a RegularKey field. You can sign this transaction with the regular key pair itself, with the master key pair, or with a multi-signing list.
// Remove regular key from account ---------------------------------------------
const removeRegularKeyTx = {
TransactionType: 'SetRegularKey',
Account: wallet.address
// Omit RegularKey field to remove existing regular key from account
}
xrpl.validate(removeRegularKeyTx)
console.log('Removing regular key from account...')
const removeResp = await client.submitAndWait(removeRegularKeyTx, {
wallet: regularKeyPair, // When removing, you can use the regular key or master key
autofill: true
})
const removeRegularKeyResultCode = removeResp.result.meta.TransactionResult
if (removeRegularKeyResultCode === 'tesSUCCESS') {
console.log('Regular Key successfully removed.')
} else {
console.error('SetRegularKey (removing) failed with code',
removeRegularKeyResultCode
)
client.disconnect()
process.exit(1)
}If the transaction fails with the result code tecNO_ALTERNATIVE_KEY, you cannot remove the regular key because the account does not have any other method of authorizing transactions: this means the master key pair is disabled and the account does not have a multi-signing list. Before you can remove the regular key pair, you must either re-enable the master key pair or set up a multi-signing list.
After removing the regular key pair, you can confirm that the account has no regular key pair using the account_info method in the same way as in step 3. If the account data does not have a RegularKey field, then no regular key pair is authorized.
// Confirm that the account has no regular key ---------------------------------
const accountInfoResp2 = await client.request({
command: 'account_info',
account: wallet.address,
ledger_index: 'validated'
})
if (accountInfoResp2.error) {
console.error('Error looking up account:', accountInfoResp2.error)
client.disconnect()
process.exit(1)
}
console.log(`Account info for ${wallet.address}:`)
console.log(JSON.stringify(accountInfoResp2.result.account_data, null, 2))
if (accountInfoResp2.result.account_data.RegularKey) {
console.log('Regular key address is:',
accountInfoResp2.result.account_data.RegularKey
)
} else {
console.log('No regular key set.')
}
client.disconnect()Another way to verify that you succeeded at removing the regular key pair is to attempt to send a transaction signed using the removed key pair. Submitting the transaction should fail with the badSecret error and an error message such as Secret does not match account.
- Concepts:
- Cryptographic Keys
- Multi-Signing
- Transaction Cost
- Key Reset Transaction: a special case where you can send a SetRegularKey transaction with a transaction cost of 0.
- Tutorials:
- References: