ARCHIVE/xrpl-dev-portal
1
0
Fork 0
mirror of https://github.com/XRPLF/xrpl-dev-portal.git synced 2026-02-02 13:05:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: ARCHIVE:rewrite_remove_regular_key_tutorial
Branches Tags
ARCHIVE:master ARCHIVE:go/feat/FeaturedVideoSection ARCHIVE:pattern/button-group ARCHIVE:rewrite_remove_regular_key_tutorial ARCHIVE:navbar/updates ARCHIVE:xrpl-brand-update-2026 ARCHIVE:rewrite_disable_master_tutorial ARCHIVE:support-disabled-amendments ARCHIVE:rewrite_key_tutorials ARCHIVE:section/icon-card ARCHIVE:prettier ARCHIVE:tutorials-iav4 ARCHIVE:community/divider ARCHIVE:dependabot/npm_and_yarn/mdast-util-to-hast-13.2.1 ARCHIVE:revert_redocly_upgrade ARCHIVE:kennyzlei/lend-devnet-faucet ARCHIVE:dependabot/npm_and_yarn/_code-samples/build-a-browser-wallet/js/vite-5.4.21 ARCHIVE:txtype-landing ARCHIVE:timed_escrow_tutorial ARCHIVE:events-updates-2025-10-08 ARCHIVE:blog-ai-on-xrpl-for-agentic-finance ARCHIVE:payment-channel ARCHIVE:clio-full-history ARCHIVE:events-json-contentful-gh-actions ARCHIVE:contentful-integration ARCHIVE:gh-pages
ARCHIVE:dactyl-based-master-27feb2024 ARCHIVE:dactyl-based-master-13feb2024 ARCHIVE:freeze-dactyl-based-site ARCHIVE:redocly-migration-0.1 ARCHIVE:2019-design-last ARCHIVE:TLCKPT-2020-01-28 ARCHIVE:ripple-dev-portal-old-last ARCHIVE:RippleAPI-v0.17.2-1 ARCHIVE:rippled-v0.32.0-1 ARCHIVE:rippled-v0.31.2-3 ARCHIVE:rippled-v0.31.2-2 ARCHIVE:rippled-v0.31.2-1 ARCHIVE:DataAPI-v2.2.0-1 ARCHIVE:DataAPI-v2.1.0-5 ARCHIVE:DataAPI-v2.1.0-4 ARCHIVE:DataAPI-v2.1.0-3 ARCHIVE:DataAPI-v2.1.0-2 ARCHIVE:DataAPI-v2.1.0-1 ARCHIVE:v2015-01-12 ARCHIVE:v2014-10-30 ARCHIVE:v2014-10-27 ARCHIVE:v2014-10-20 ARCHIVE:v2014-10-08-2 ARCHIVE:v2014-10-08 ARCHIVE:v2014-10-03 ARCHIVE:v2014-09-25 ARCHIVE:v2014-09-24 ARCHIVE:v2014-09-23-2 ARCHIVE:v2014-09-23 ARCHIVE:v2014-09-18 ARCHIVE:v2014-09-12 ARCHIVE:v1.002
..
compare: ARCHIVE:rewrite_disable_master_tutorial
Branches Tags
ARCHIVE:go/feat/FeaturedVideoSection ARCHIVE:pattern/button-group ARCHIVE:rewrite_remove_regular_key_tutorial ARCHIVE:master ARCHIVE:navbar/updates ARCHIVE:xrpl-brand-update-2026 ARCHIVE:rewrite_disable_master_tutorial ARCHIVE:support-disabled-amendments ARCHIVE:rewrite_key_tutorials ARCHIVE:section/icon-card ARCHIVE:prettier ARCHIVE:tutorials-iav4 ARCHIVE:community/divider ARCHIVE:dependabot/npm_and_yarn/mdast-util-to-hast-13.2.1 ARCHIVE:revert_redocly_upgrade ARCHIVE:kennyzlei/lend-devnet-faucet ARCHIVE:dependabot/npm_and_yarn/_code-samples/build-a-browser-wallet/js/vite-5.4.21 ARCHIVE:txtype-landing ARCHIVE:timed_escrow_tutorial ARCHIVE:events-updates-2025-10-08 ARCHIVE:blog-ai-on-xrpl-for-agentic-finance ARCHIVE:payment-channel ARCHIVE:clio-full-history ARCHIVE:events-json-contentful-gh-actions ARCHIVE:contentful-integration ARCHIVE:gh-pages
ARCHIVE:dactyl-based-master-27feb2024 ARCHIVE:dactyl-based-master-13feb2024 ARCHIVE:freeze-dactyl-based-site ARCHIVE:redocly-migration-0.1 ARCHIVE:2019-design-last ARCHIVE:TLCKPT-2020-01-28 ARCHIVE:ripple-dev-portal-old-last ARCHIVE:RippleAPI-v0.17.2-1 ARCHIVE:rippled-v0.32.0-1 ARCHIVE:rippled-v0.31.2-3 ARCHIVE:rippled-v0.31.2-2 ARCHIVE:rippled-v0.31.2-1 ARCHIVE:DataAPI-v2.2.0-1 ARCHIVE:DataAPI-v2.1.0-5 ARCHIVE:DataAPI-v2.1.0-4 ARCHIVE:DataAPI-v2.1.0-3 ARCHIVE:DataAPI-v2.1.0-2 ARCHIVE:DataAPI-v2.1.0-1 ARCHIVE:v2015-01-12 ARCHIVE:v2014-10-30 ARCHIVE:v2014-10-27 ARCHIVE:v2014-10-20 ARCHIVE:v2014-10-08-2 ARCHIVE:v2014-10-08 ARCHIVE:v2014-10-03 ARCHIVE:v2014-09-25 ARCHIVE:v2014-09-24 ARCHIVE:v2014-09-23-2 ARCHIVE:v2014-09-23 ARCHIVE:v2014-09-18 ARCHIVE:v2014-09-12 ARCHIVE:v1.002

1 Commits
rewrite_re ... rewrite_di

Author SHA1 Message Date
mDuo13
bba0712ca0 Rewrite "Disable Master Key Pair" tutorial 2026-01-28 18:34:57 -08:00
10 changed files with 592 additions and 753 deletions
Expand all files Collapse all files

3
_code-samples/disable-master-key/README.md Normal file
View File

@@ -0,0 +1,3 @@
# Disable Master Key Pair
Disable the master key pair that is connected to an account by default. WARNING: This can blackhole the account, making it so no one can use it or access its funds anymore.

84
_code-samples/disable-master-key/js/disable-master-key.js Normal file
View File

@@ -0,0 +1,84 @@
import xrpl from 'xrpl'
const client = new xrpl.Client('wss://s.altnet.rippletest.net:51233')
await client.connect()
console.log('Funding new wallet from faucet...')
const { wallet } = await client.fundWallet()
console.log(`Funded. Master key pair:
Address: ${wallet.address}
Seed: ${wallet.seed}
`)
// Generate a regular key and assign it to the account -------------------------
// Skip this step if you are using a pre-existing account that already has a
// regular key or multi-signing list configured.
// To black-hole an account, set the RegularKey to a well-known blackhole
// address such as rrrrrrrrrrrrrrrrrrrrrhoLvTp instead.
const algorithm = 'ed25519'
const regularKeyPair = xrpl.Wallet.generate(algorithm)
console.log(`Generated regular key pair:
Address: ${regularKeyPair.address}
Seed: ${regularKeyPair.seed}
Algorithm: ${algorithm}
`)
const regularKeyTx = {
TransactionType: 'SetRegularKey',
Account: wallet.address,
RegularKey: regularKeyPair.address
}
xrpl.validate(regularKeyTx)
console.log('Assigning regular key to the account...')
const response = await client.submitAndWait(regularKeyTx, { wallet, autofill: true })
const setRegularKeyResultCode = response.result.meta.TransactionResult
if (setRegularKeyResultCode === 'tesSUCCESS') {
console.log('Regular Key set successfully.')
} else {
console.error(`SetRegularKey failed with code ${setRegularKeyResultCode}.`)
client.disconnect()
process.exit(1)
}
// Disable master key pair -----------------------------------------------------
const disableMasterKeyTx = {
TransactionType: 'AccountSet',
Account: wallet.address,
SetFlag: xrpl.AccountSetAsfFlags.asfDisableMaster
}
xrpl.validate(disableMasterKeyTx)
console.log('Disabling master key pair...')
const response2 = await client.submitAndWait(disableMasterKeyTx, {
wallet, // only the master key pair can disable itself
autofill: true
})
const disableMasterResultCode = response2.result.meta.TransactionResult
if (disableMasterResultCode === 'tesSUCCESS') {
console.log('Master key disabled successfully.')
} else {
console.error(`AccountSet failed with code ${disableMasterResultCode}.`)
client.disconnect()
process.exit(1)
}
// Confirm account flags -------------------------------------------------------
const accountInfoResp = await client.request({
command: 'account_info',
account: wallet.address,
ledger_index: 'validated'
})
if (accountInfoResp.error) {
console.error('Error looking up account:', accountInfoResp.error)
client.disconnect()
process.exit(1)
}
console.log(`Flags for account ${wallet.address}:`)
console.log(JSON.stringify(accountInfoResp.result.account_flags, null, 2))
if (accountInfoResp.result.account_flags.disableMasterKey) {
console.log('✅ Master key pair is disabled')
} else {
console.log('❌ Master key pair is ENABLED')
}
client.disconnect()

2
_code-samples/remove-regular-key/js/package.json → _code-samples/disable-master-key/js/package.json
View File

@@ -1,5 +1,5 @@
{
"name": "remove-regular-key",
"name": "disable-master-key",
"version": "1.0.0",
"license": "MIT",
"dependencies": {

82
_code-samples/disable-master-key/py/disable-master-key.py Normal file
View File

@@ -0,0 +1,82 @@
import json
from xrpl.clients import JsonRpcClient
from xrpl.wallet import generate_faucet_wallet, Wallet
from xrpl.models.transactions import SetRegularKey, AccountSet, AccountSetAsfFlag
from xrpl.models.requests import AccountInfo
from xrpl.transaction import submit_and_wait
client = JsonRpcClient("https://s.altnet.rippletest.net:51234")
print("Funding new wallet from faucet...")
wallet = generate_faucet_wallet(client)
print(f"""Funded. Master key pair:
Address: {wallet.address}
Seed: {wallet.seed}
""")
# Generate a regular key and assign it to the account --------------------------
# Skip this step if you are using a pre-existing account that already has a
# regular key or multi-signing list configured.
# To black-hole an account, set the RegularKey to a well-known blackhole
# address such as rrrrrrrrrrrrrrrrrrrrrhoLvTp instead.
algorithm = "ed25519"
regular_key_pair = Wallet.create(algorithm)
print(f"""Generated regular key pair:
Address: {regular_key_pair.address}
Seed: {regular_key_pair.seed}
Algorithm: {algorithm}
""")
regular_key_tx = SetRegularKey(
account=wallet.address, regular_key=regular_key_pair.address
)
print("Assigning regular key to the account...")
try:
response = submit_and_wait(regular_key_tx, client, wallet)
except err:
print("Submitting SetRegularKey transaction failed with error", err)
exit(1)
set_regular_key_result_code = response.result["meta"]["TransactionResult"]
if set_regular_key_result_code == "tesSUCCESS":
print("Regular Key set successfully.")
else:
print(f"SetRegularKey failed with code {set_regular_key_result_code}.")
exit(1)
# Disable master key pair ------------------------------------------------------
disable_master_key_tx = AccountSet(
account=wallet.address, set_flag=AccountSetAsfFlag.ASF_DISABLE_MASTER
)
print("Disabling master key pair...")
response2 = submit_and_wait(
disable_master_key_tx, client, wallet
) # only the master key pair can disable itself
disable_master_result_code = response2.result["meta"]["TransactionResult"]
if disable_master_result_code == "tesSUCCESS":
print("Master key disabled successfully.")
else:
print(f"AccountSet failed with code {disable_master_result_code}.")
exit(1)
# Confirm account flags --------------------------------------------------------
account_info_request = AccountInfo(account=wallet.address, ledger_index="validated")
try:
account_info_resp = client.request(account_info_request)
except Exception as e:
print(f"Error requesting account_info: {e}")
exit(1)
if not account_info_resp.is_successful():
print(f"Error looking up account: {account_info_resp.result}")
exit(1)
account_flags = account_info_resp.result["account_flags"]
print(f"Flags for account {wallet.address}:")
print(json.dumps(account_flags, indent=2))
if account_flags["disableMasterKey"]:
print("✅ Master key pair is disabled")
else:
print("❌ Master key pair is ENABLED")

0
_code-samples/remove-regular-key/py/requirements.txt → _code-samples/disable-master-key/py/requirements.txt
View File

3
_code-samples/remove-regular-key/README.md
View File

@@ -1,3 +0,0 @@
# Remove Regular Key Pair
Remove the regular key pair assigned to an account.

109
_code-samples/remove-regular-key/js/remove-regular-key.js
View File

@@ -1,109 +0,0 @@
import xrpl from 'xrpl'
const client = new xrpl.Client('wss://s.altnet.rippletest.net:51233')
await client.connect()
console.log('Funding new wallet from faucet...')
const { wallet } = await client.fundWallet()
console.log(`Funded. Master key pair:
Address: ${wallet.address}
Seed: ${wallet.seed}
`)
// Generate a regular key and assign it to the account -------------------------
// Skip this step if you are using a pre-existing account that already has a
// regular key configured.
const algorithm = 'ed25519'
const regularKeyPair = xrpl.Wallet.generate(algorithm)
console.log(`Generated regular key pair:
Address: ${regularKeyPair.address}
Seed: ${regularKeyPair.seed}
Algorithm: ${algorithm}
`)
const regularKeyTx = {
TransactionType: 'SetRegularKey',
Account: wallet.address,
RegularKey: regularKeyPair.address
}
xrpl.validate(regularKeyTx)
console.log('Assigning regular key to the account...')
const response = await client.submitAndWait(regularKeyTx, { wallet, autofill: true })
const setRegularKeyResultCode = response.result.meta.TransactionResult
if (setRegularKeyResultCode === 'tesSUCCESS') {
console.log('Regular Key set successfully.')
} else {
console.error(`SetRegularKey failed with code ${setRegularKeyResultCode}.`)
client.disconnect()
process.exit(1)
}
// Check regular key associated with account -----------------------------------
const accountInfoResp = await client.request({
command: 'account_info',
account: wallet.address,
ledger_index: 'validated'
})
if (accountInfoResp.error) {
console.error('Error looking up account:', accountInfoResp.error)
client.disconnect()
process.exit(1)
}
console.log(`Account info for ${wallet.address}:`)
console.log(JSON.stringify(accountInfoResp.result.account_data, null, 2))
if (accountInfoResp.result.account_data.RegularKey) {
console.log('Current regular key:',
accountInfoResp.result.account_data.RegularKey
)
} else {
console.log('❌ No regular key set.')
client.disconnect()
process.exit(1)
}
// Remove regular key from account ---------------------------------------------
const removeRegularKeyTx = {
TransactionType: 'SetRegularKey',
Account: wallet.address
// Omit RegularKey field to remove existing regular key from account
}
xrpl.validate(removeRegularKeyTx)
console.log('Removing regular key from account...')
const removeResp = await client.submitAndWait(removeRegularKeyTx, {
wallet: regularKeyPair, // When removing, you can use the regular key or master key
autofill: true
})
const removeRegularKeyResultCode = removeResp.result.meta.TransactionResult
if (removeRegularKeyResultCode === 'tesSUCCESS') {
console.log('Regular Key successfully removed.')
} else {
console.error('SetRegularKey (removing) failed with code',
removeRegularKeyResultCode
)
client.disconnect()
process.exit(1)
}
// Confirm that the account has no regular key ---------------------------------
const accountInfoResp2 = await client.request({
command: 'account_info',
account: wallet.address,
ledger_index: 'validated'
})
if (accountInfoResp2.error) {
console.error('Error looking up account:', accountInfoResp2.error)
client.disconnect()
process.exit(1)
}
console.log(`Account info for ${wallet.address}:`)
console.log(JSON.stringify(accountInfoResp2.result.account_data, null, 2))
if (accountInfoResp2.result.account_data.RegularKey) {
console.log('❌ Regular key address is:',
accountInfoResp2.result.account_data.RegularKey
)
} else {
console.log('✅ No regular key set.')
}
client.disconnect()

95
_code-samples/remove-regular-key/py/remove-regular-key.py
View File

@@ -1,95 +0,0 @@
import json
from xrpl.clients import JsonRpcClient
from xrpl.wallet import generate_faucet_wallet, Wallet
from xrpl.models.transactions import SetRegularKey
from xrpl.models.requests import AccountInfo
from xrpl.transaction import submit_and_wait
client = JsonRpcClient("https://s.altnet.rippletest.net:51234")
print("Funding new wallet from faucet...")
wallet = generate_faucet_wallet(client)
print(f"""Funded. Master key pair:
Address: {wallet.address}
Seed: {wallet.seed}
""")
# Generate a regular key and assign it to the account -------------------------
# Skip this step if you are using a pre-existing account that already has a
# regular key configured.
algorithm = "ed25519"
regular_key_pair = Wallet.create(algorithm)
print(f"""Generated regular key pair:
Address: {regular_key_pair.address}
Seed: {regular_key_pair.seed}
Algorithm: {algorithm}
""")
regular_key_tx = SetRegularKey(
account=wallet.address, regular_key=regular_key_pair.address
)
print("Assigning regular key to the account...")
try:
response = submit_and_wait(regular_key_tx, client, wallet)
except err:
print("Submitting SetRegularKey transaction failed with error", err)
exit(1)
set_regular_key_result_code = response.result["meta"]["TransactionResult"]
if set_regular_key_result_code == "tesSUCCESS":
print("Regular Key set successfully.")
else:
print(f"SetRegularKey failed with code {set_regular_key_result_code}.")
exit(1)
# Check regular key associated with account -----------------------------------
account_info_resp = client.request(
AccountInfo(account=wallet.address, ledger_index="validated")
)
if not account_info_resp.is_successful():
print(f"Error looking up account:", account_info_resp.result)
exit(1)
account_data = account_info_resp.result["account_data"]
print(f"Account info for {wallet.address}:")
print(json.dumps(account_data, indent=2))
if "RegularKey" in account_data.keys():
print("Current regular key:", account_data["RegularKey"])
else:
print("❌ No regular key set.")
exit(1)
# Remove regular key from account ---------------------------------------------
remove_regular_key_tx = SetRegularKey(
account=wallet.address
# Omit regular_key field to remove existing regular key from account
)
print("Removing regular key from account...")
# When removing, you can sign with the regular key or master key
remove_resp = submit_and_wait(remove_regular_key_tx, client, regular_key_pair)
remove_regular_key_result_code = remove_resp.result["meta"]["TransactionResult"]
if remove_regular_key_result_code == "tesSUCCESS":
print("Regular Key successfully removed.")
else:
print("SetRegularKey (removing) failed with code", remove_regular_key_result_code)
exit(1)
# Confirm that the account has no regular key ---------------------------------
account_info_resp2 = client.request(
AccountInfo(account=wallet.address, ledger_index="validated")
)
if not account_info_resp2.is_successful():
print("Error looking up account:", account_info_resp2.result)
exit(1)
account_data2 = account_info_resp2.result["account_data"]
print(f"Account info for {wallet.address}:")
print(json.dumps(account_data2, indent=2))
if "RegularKey" in account_data2.keys():
print("❌ Regular key address is:", account_data2["RegularKey"])
else:
print("✅ No regular key set.")

385
docs/tutorials/best-practices/key-management/change-or-remove-a-regular-key-pair.md
View File

@@ -1,149 +1,382 @@
---
html: change-or-remove-a-regular-key-pair.html
parent: manage-account-settings.html
seo:
description: Remove a regular key pair already authorized by your account.
description: Remove or update a regular key pair already authorized by your account.
labels:
- Security
- Accounts
---
# Remove a Regular Key Pair
# Change or Remove a Regular Key Pair
This tutorial shows how to remove a [regular key pair](../../../concepts/accounts/cryptographic-keys.md) from an [account](../../../concepts/accounts/index.md). You can do this if you suspect your regular key pair is compromised.
The XRP Ledger allows an account to authorize a secondary key pair, called a _[regular key pair](../../../concepts/accounts/cryptographic-keys.md)_, to sign future transactions. If your [account](../../../concepts/accounts/index.md)'s regular key pair is compromised, or if you want to periodically change the regular key pair as a security measure, use a [SetRegularKey transaction][] to remove or change the regular key pair for your account.
{% admonition type="success" name="Tip: Change Regular Key Pair" %}
To replace an existing regular key pair with a new regular key pair, follow the exact same process as [assigning a regular key pair](assign-a-regular-key-pair.md) for the first time.
{% /admonition %}
For more information about master and regular key pairs, see [Cryptographic Keys](../../../concepts/accounts/cryptographic-keys.md).
## Goals
By following this tutorial, you should learn how to:
## Changing a Regular Key Pair
- Look up the regular key pair associated with an account, if any.
- Remove the regular key pair from an account.
The steps to change your existing regular key pair are almost the same as the steps to [assign a regular key](assign-a-regular-key-pair.md) for the first time. You generate the key pair and assign it to your account as a regular key pair, overwriting the existing regular key pair. However, the main difference is that when changing the existing regular key pair, you can use the existing regular private key to replace itself; but when assigning a regular key pair to an account for the first time, you have to use the account's master private key to do it.
## Prerequisites
For more information about master and regular key pairs, see [Cryptographic Keys](../../../concepts/accounts/cryptographic-keys.md).
To complete this tutorial, you should:
- Have a basic understanding of the XRP Ledger.
- Have an [XRP Ledger client library](../../../references/client-libraries.md), such as **xrpl.js**, installed.
- Have a basic understanding of [Cryptographic Keys](../../../concepts/accounts/cryptographic-keys.md).
## Removing a Regular Key Pair
## Source Code
If you want to remove a compromised regular key pair from your account, you don't need to generate a key pair first. Use a [SetRegularKey transaction][], omitting the `RegularKey` field. Note that the transaction fails if you don't have another way of signing for your account currently enabled (either the master key pair or a [signer list](../../../concepts/accounts/multi-signing.md)).
You can find the complete source code for this tutorial's examples in the {% repo-link path="_code-samples/remove-regular-key/" %}code samples section of this website's repository{% /repo-link %}.
## Steps
When removing a regular key pair to your account, the `SetRegularKey` transaction requires signing by your account's master private key (secret) or existing regular key pair. Sending your master or regular private key anywhere is dangerous, so we keep transaction signing separate from transaction submission to the network.
### 1. Install dependencies
### Sign Your Transaction
{% partial file="/docs/_snippets/tutorial-sign-step.md" /%}
Populate the request fields with the following values:
| Request Field | Value |
|:--------------|:-------------------------------------------------------------|
| `Account` | The address of your account. |
| `secret` | `master_key`, `master_seed`, or `master_seed_hex` (master or regular private key) for your account. |
#### Request Format
An example of the request format:
{% tabs %}
{% tab label="JavaScript" %}
From the code sample folder, use `npm` to install dependencies:
```sh
npm i
{% tab label="WebSocket" %}
```json
{
"command": "sign",
"tx_json": {
"TransactionType": "SetRegularKey",
"Account": "r9xQZdFGwbwTB3g9ncKByWZ3du6Skm7gQ8"
},
"secret": "snoPBrXtMeMyMHUVTgbuqAfg1SUTb"
}
```
{% /tab %}
{% tab label="Python" %}
From the code sample folder, set up a virtual environment and use `pip` to install dependencies:
```sh
python -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
{% tab label="JSON-RPC" %}
```json
{
"method": "sign",
"params": [
{
"secret" : "snoPBrXtMeMyMHUVTgbuqAfg1SUTb",
"tx_json" : {
"TransactionType" : "SetRegularKey",
"Account" : "r9xQZdFGwbwTB3g9ncKByWZ3du6Skm7gQ8"
}
}
]
}
```
{% /tab %}
{% tab label="Commandline" %}
```sh
#Syntax: sign secret tx_json
rippled sign snoPBrXtMeMyMHUVTgbuqAfg1SUTb '{"TransactionType": "SetRegularKey", "Account": "rUAi7pipxGpYfPNg3LtPcf2ApiS8aw9A93"}'
```
{% /tab %}
{% /tabs %}
### 2. Connect and get account(s)
To get started, import the client library and instantiate an API client. For this tutorial, you need one account, which the sample code funds using the Testnet faucet; you could also use an existing account.
#### Response Format
An example of a successful response:
{% tabs %}
{% tab label="JavaScript" %}
{% code-snippet file="/_code-samples/remove-regular-key/js/remove-regular-key.js" language="js" before="// Generate a regular key" /%}
{% tab label="WebSocket" %}
```json
{
"result": {
"tx_blob": "1200052280000000240000000268400000000000000A73210330E7FC9D56BB25D6893BA3F317AE5BCF33B3291BD63DB32654A313222F7FD02074473045022100CAB9A6F84026D57B05760D5E2395FB7BE86BF39F10DC6E2E69DC91238EE0970B022058EC36A8EF9EE65F5D0D8CAC4E88C8C19FEF39E40F53D4CCECBB59701D6D1E838114623B8DA4A0BFB3B61AB423391A182DC693DC159E",
"tx_json": {
"Account": "r9xQZdFGwbwTB3g9ncKByWZ3du6Skm7gQ8",
"Fee": "10",
"Flags": 2147483648,
"Sequence": 2,
"SigningPubKey": "0330E7FC9D56BB25D6893BA3F317AE5BCF33B3291BD63DB32654A313222F7FD020",
"TransactionType": "SetRegularKey",
"TxnSignature": "3045022100CAB9A6F84026D57B05760D5E2395FB7BE86BF39F10DC6E2E69DC91238EE0970B022058EC36A8EF9EE65F5D0D8CAC4E88C8C19FEF39E40F53D4CCECBB59701D6D1E83",
"hash": "59BCAB8E5B9D4597D6A7BFF22F6C555D0F41420599A2E126035B6AF19261AD97"
}
},
"status": "success",
"type": "response"
}
```
{% /tab %}
{% tab label="Python" %}
{% code-snippet file="/_code-samples/remove-regular-key/py/remove-regular-key.py" language="py" before="# Generate a regular key" /%}
{% tab label="JSON-RPC" %}
```json
{
"result": {
"status": "success",
"tx_blob": "1200052280000000240000000268400000000000000A73210330E7FC9D56BB25D6893BA3F317AE5BCF33B3291BD63DB32654A313222F7FD02074473045022100CAB9A6F84026D57B05760D5E2395FB7BE86BF39F10DC6E2E69DC91238EE0970B022058EC36A8EF9EE65F5D0D8CAC4E88C8C19FEF39E40F53D4CCECBB59701D6D1E838114623B8DA4A0BFB3B61AB423391A182DC693DC159E",
"tx_json": {
"Account": "r9xQZdFGwbwTB3g9ncKByWZ3du6Skm7gQ8",
"Fee": "10",
"Flags": 2147483648,
"Sequence": 2,
"SigningPubKey": "0330E7FC9D56BB25D6893BA3F317AE5BCF33B3291BD63DB32654A313222F7FD020",
"TransactionType": "SetRegularKey",
"TxnSignature": "3045022100CAB9A6F84026D57B05760D5E2395FB7BE86BF39F10DC6E2E69DC91238EE0970B022058EC36A8EF9EE65F5D0D8CAC4E88C8C19FEF39E40F53D4CCECBB59701D6D1E83",
"hash": "59BCAB8E5B9D4597D6A7BFF22F6C555D0F41420599A2E126035B6AF19261AD97"
}
}
}
```
{% /tab %}
{% tab label="Commandline" %}
```json
{
"result" : {
"status" : "success",
"tx_blob" : "1200052280000000240000000268400000000000000A73210330E7FC9D56BB25D6893BA3F317AE5BCF33B3291BD63DB32654A313222F7FD02074473045022100CAB9A6F84026D57B05760D5E2395FB7BE86BF39F10DC6E2E69DC91238EE0970B022058EC36A8EF9EE65F5D0D8CAC4E88C8C19FEF39E40F53D4CCECBB59701D6D1E838114623B8DA4A0BFB3B61AB423391A182DC693DC159E",
"tx_json" : {
"Account" : "r9xQZdFGwbwTB3g9ncKByWZ3du6Skm7gQ8",
"Fee" : "10",
"Flags" : 2147483648,
"Sequence" : 2,
"SigningPubKey" : "0330E7FC9D56BB25D6893BA3F317AE5BCF33B3291BD63DB32654A313222F7FD020",
"TransactionType" : "SetRegularKey",
"TxnSignature" : "3045022100CAB9A6F84026D57B05760D5E2395FB7BE86BF39F10DC6E2E69DC91238EE0970B022058EC36A8EF9EE65F5D0D8CAC4E88C8C19FEF39E40F53D4CCECBB59701D6D1E83",
"hash" : "59BCAB8E5B9D4597D6A7BFF22F6C555D0F41420599A2E126035B6AF19261AD97"
}
}
}
```
{% /tab %}
{% /tabs %}
Before you can remove the regular key pair from an account, the account has to have a regular key pair assigned in the first place. Since the sample code uses a fresh account from the faucet, it needs to generate and assign a regular key pair. **Skip this part if you are using an existing account that already has a regular key pair assigned.**
The `sign` command response contains a `tx_blob` value, as shown above. The offline signing response contains a `signedTransaction` value. Both are signed binary representations (blobs) of the transaction.
Next, use the `submit` command to send the transaction blob (`tx_blob` or `signedTransaction`) to the network.
### Submit Your Transaction
Take the `signedTransaction` value from the offline signing response or the `tx_blob` value from the `sign` command response and submit it as the `tx_blob` value using the [submit method][].
#### Request Format
An example of the request format:
{% tabs %}
{% tab label="JavaScript" %}
{% code-snippet file="/_code-samples/remove-regular-key/js/remove-regular-key.js" language="js" from="// Generate a regular key" before="// Check regular key" /%}
{% tab label="WebSocket" %}
```json
{
"command": "submit",
"tx_blob": "1200052280000000240000000268400000000000000A73210330E7FC9D56BB25D6893BA3F317AE5BCF33B3291BD63DB32654A313222F7FD02074473045022100CAB9A6F84026D57B05760D5E2395FB7BE86BF39F10DC6E2E69DC91238EE0970B022058EC36A8EF9EE65F5D0D8CAC4E88C8C19FEF39E40F53D4CCECBB59701D6D1E838114623B8DA4A0BFB3B61AB423391A182DC693DC159E"
}
```
{% /tab %}
{% tab label="Python" %}
{% code-snippet file="/_code-samples/remove-regular-key/py/remove-regular-key.py" language="py" from="# Generate a regular key" before="# Check regular key" /%}
{% tab label="JSON-RPC" %}
```json
{
"method":"submit",
"params":[
{
"tx_blob":"1200052280000000240000000268400000000000000A73210330E7FC9D56BB25D6893BA3F317AE5BCF33B3291BD63DB32654A313222F7FD02074473045022100CAB9A6F84026D57B05760D5E2395FB7BE86BF39F10DC6E2E69DC91238EE0970B022058EC36A8EF9EE65F5D0D8CAC4E88C8C19FEF39E40F53D4CCECBB59701D6D1E838114623B8DA4A0BFB3B61AB423391A182DC693DC159E"
}
]
}
```
{% /tab %}
{% tab label="Commandline" %}
```sh
#Syntax: submit tx_blob
rippled submit 1200052280000000240000000268400000000000000A73210330E7FC9D56BB25D6893BA3F317AE5BCF33B3291BD63DB32654A313222F7FD02074473045022100CAB9A6F84026D57B05760D5E2395FB7BE86BF39F10DC6E2E69DC91238EE0970B022058EC36A8EF9EE65F5D0D8CAC4E88C8C19FEF39E40F53D4CCECBB59701D6D1E838114623B8DA4A0BFB3B61AB423391A182DC693DC159E
```
{% /tab %}
{% /tabs %}
### 3. Check regular key pair associated with account
Before you disable the regular key, you may want to confirm that the account has a regular key assigned and check which key it is. To do this, use the [account_info method][] and look at for a `RegularKey` field in the account data. If the field is present, it contains the [address](../../../concepts/accounts/addresses.md) of the regular key pair; if the field is absent, the account does not currently have a regular key pair authorized.
#### Response Format
This step is optional; you can remove the regular key pair without knowing which key it is.
An example of a successful response:
{% tabs %}
{% tab label="JavaScript" %}
{% code-snippet file="/_code-samples/remove-regular-key/js/remove-regular-key.js" language="js" from="// Check regular key" before="// Remove regular key" /%}
{% tab label="WebSocket" %}
```json
{
"result": {
"engine_result": "tesSUCCESS",
"engine_result_code": 0,
"engine_result_message": "The transaction was applied. Only final in a validated ledger.",
"tx_blob": "1200052280000000240000000268400000000000000A73210330E7FC9D56BB25D6893BA3F317AE5BCF33B3291BD63DB32654A313222F7FD02074473045022100CAB9A6F84026D57B05760D5E2395FB7BE86BF39F10DC6E2E69DC91238EE0970B022058EC36A8EF9EE65F5D0D8CAC4E88C8C19FEF39E40F53D4CCECBB59701D6D1E838114623B8DA4A0BFB3B61AB423391A182DC693DC159E",
"tx_json": {
"Account": "r9xQZdFGwbwTB3g9ncKByWZ3du6Skm7gQ8",
"Fee": "10",
"Flags": 2147483648,
"Sequence": 2,
"SigningPubKey": "0330E7FC9D56BB25D6893BA3F317AE5BCF33B3291BD63DB32654A313222F7FD020",
"TransactionType": "SetRegularKey",
"TxnSignature": "3045022100CAB9A6F84026D57B05760D5E2395FB7BE86BF39F10DC6E2E69DC91238EE0970B022058EC36A8EF9EE65F5D0D8CAC4E88C8C19FEF39E40F53D4CCECBB59701D6D1E83",
"hash": "59BCAB8E5B9D4597D6A7BFF22F6C555D0F41420599A2E126035B6AF19261AD97"
}
},
"status": "success",
"type": "response"
}
```
{% /tab %}
{% tab label="Python" %}
{% code-snippet file="/_code-samples/remove-regular-key/py/remove-regular-key.py" language="py" from="# Check regular key" before="# Remove regular key" /%}
{% tab label="JSON-RPC" %}
```json
{
"result": {
"engine_result": "tesSUCCESS",
"engine_result_code": 0,
"engine_result_message": "The transaction was applied. Only final in a validated ledger.",
"status": "success",
"tx_blob": "1200052280000000240000000268400000000000000A73210330E7FC9D56BB25D6893BA3F317AE5BCF33B3291BD63DB32654A313222F7FD02074473045022100CAB9A6F84026D57B05760D5E2395FB7BE86BF39F10DC6E2E69DC91238EE0970B022058EC36A8EF9EE65F5D0D8CAC4E88C8C19FEF39E40F53D4CCECBB59701D6D1E838114623B8DA4A0BFB3B61AB423391A182DC693DC159E",
"tx_json": {
"Account": "r9xQZdFGwbwTB3g9ncKByWZ3du6Skm7gQ8",
"Fee": "10",
"Flags": 2147483648,
"Sequence": 2,
"SigningPubKey": "0330E7FC9D56BB25D6893BA3F317AE5BCF33B3291BD63DB32654A313222F7FD020",
"TransactionType": "SetRegularKey",
"TxnSignature": "3045022100CAB9A6F84026D57B05760D5E2395FB7BE86BF39F10DC6E2E69DC91238EE0970B022058EC36A8EF9EE65F5D0D8CAC4E88C8C19FEF39E40F53D4CCECBB59701D6D1E83",
"hash": "59BCAB8E5B9D4597D6A7BFF22F6C555D0F41420599A2E126035B6AF19261AD97"
}
}
}
```
{% /tab %}
{% tab label="Commandline" %}
```json
{
"result" : {
"engine_result" : "tesSUCCESS",
"engine_result_code" : 0,
"engine_result_message" : "The transaction was applied. Only final in a validated ledger.",
"status" : "success",
"tx_blob" : "1200052280000000240000000268400000000000000A73210330E7FC9D56BB25D6893BA3F317AE5BCF33B3291BD63DB32654A313222F7FD02074473045022100CAB9A6F84026D57B05760D5E2395FB7BE86BF39F10DC6E2E69DC91238EE0970B022058EC36A8EF9EE65F5D0D8CAC4E88C8C19FEF39E40F53D4CCECBB59701D6D1E838114623B8DA4A0BFB3B61AB423391A182DC693DC159E",
"tx_json" : {
"Account" : "r9xQZdFGwbwTB3g9ncKByWZ3du6Skm7gQ8",
"Fee" : "10",
"Flags" : 2147483648,
"Sequence" : 2,
"SigningPubKey" : "0330E7FC9D56BB25D6893BA3F317AE5BCF33B3291BD63DB32654A313222F7FD020",
"TransactionType" : "SetRegularKey",
"TxnSignature" : "3045022100CAB9A6F84026D57B05760D5E2395FB7BE86BF39F10DC6E2E69DC91238EE0970B022058EC36A8EF9EE65F5D0D8CAC4E88C8C19FEF39E40F53D4CCECBB59701D6D1E83",
"hash" : "59BCAB8E5B9D4597D6A7BFF22F6C555D0F41420599A2E126035B6AF19261AD97"
}
}
}
```
{% /tab %}
{% /tabs %}
### 4. Remove regular key pair
The way to verify that regular key pair removal succeeded is to confirm that you can't send a transaction using the removed regular private key.
To remove the regular key pair, send a [SetRegularKey transaction][] without a `RegularKey` field. You can sign this transaction with the regular key pair itself, with the master key pair, or with a multi-signing list.
Here's an example error response for an [AccountSet transaction][] signed using the regular private key removed by the `SetRegularKey` transaction above.
### Response Format
An example of a successful response:
{% tabs %}
{% tab label="JavaScript" %}
{% code-snippet file="/_code-samples/remove-regular-key/js/remove-regular-key.js" language="js" from="// Remove regular key" before="// Confirm that the account has no regular key" /%}
{% tab label="WebSocket" %}
```json
{
"error": "badSecret",
"error_code": 41,
"error_message": "Secret does not match account.",
"request": {
"command": "submit",
"secret": "snoPBrXtMeMyMHUVTgbuqAfg1SUTb",
"tx_json": {
"Account": "r9xQZdFGwbwTB3g9ncKByWZ3du6Skm7gQ8",
"TransactionType": "AccountSet"
}
},
"status": "error",
"type": "response"
}
```
{% /tab %}
{% tab label="Python" %}
{% code-snippet file="/_code-samples/remove-regular-key/py/remove-regular-key.py" language="py" from="# Remove regular key" before="# Confirm that the account has no regular key" /%}
{% tab label="JSON-RPC" %}
```json
{
"result": {
"error": "badSecret",
"error_code": 41,
"error_message": "Secret does not match account.",
"request": {
"command": "submit",
"secret": "snoPBrXtMeMyMHUVTgbuqAfg1SUTb",
"tx_json": {
"Account": "r9xQZdFGwbwTB3g9ncKByWZ3du6Skm7gQ8",
"TransactionType": "AccountSet"
}
},
"status": "error"
}
}
```
{% /tab %}
{% tab label="Commandline" %}
```json
{
"result" : {
"error" : "badSecret",
"error_code" : 41,
"error_message" : "Secret does not match account.",
"request" : {
"command" : "submit",
"secret" : "snoPBrXtMeMyMHUVTgbuqAfg1SUTb",
"tx_json" : {
"Account" : "r9xQZdFGwbwTB3g9ncKByWZ3du6Skm7gQ8",
"TransactionType" : "AccountSet"
}
},
"status" : "error"
}
}
```
{% /tab %}
{% /tabs %}
If the transaction fails with the result code `tecNO_ALTERNATIVE_KEY`, you cannot remove the regular key because the account does not have any other method of authorizing transactions: this means the master key pair is disabled and the account does not have a multi-signing list. Before you can remove the regular key pair, you must either re-enable the master key pair or set up a multi-signing list.
In some cases, you can even use the `SetRegularKey` transaction to send a [key reset transaction](../../../concepts/transactions/transaction-cost.md#key-reset-transaction) without paying the [transaction cost](../../../concepts/transactions/transaction-cost.md). The XRP Ledger's [transaction queue](../../../concepts/transactions/transaction-queue.md) prioritizes key reset transactions above other transactions even though the nominal transaction cost of a key reset transaction is zero.
### 5. Confirm that the account has no regular key authorized
After removing the regular key pair, you can confirm that the account has no regular key pair using the [account_info method][] in the same way as in step 3. If the account data does not have a `RegularKey` field, then no regular key pair is authorized.
{% tabs %}
{% tab label="JavaScript" %}
{% code-snippet file="/_code-samples/remove-regular-key/js/remove-regular-key.js" language="js" from="// Confirm that the account has no regular key" /%}
{% /tab %}
{% tab label="Python" %}
{% code-snippet file="/_code-samples/remove-regular-key/py/remove-regular-key.py" language="py" from="# Confirm that the account has no regular key" /%}
{% /tab %}
{% /tabs %}
Another way to verify that you succeeded at removing the regular key pair is to attempt to send a transaction signed using the removed key pair. Submitting the transaction should fail with the `badSecret` error and an error message such as `Secret does not match account`.
## See Also
- **Concepts:**
- [Cryptographic Keys](../../../concepts/accounts/cryptographic-keys.md)
- [Multi-Signing](../../../concepts/accounts/multi-signing.md)
- [Transaction Cost](../../../concepts/transactions/transaction-cost.md)
- [Key Reset Transaction](../../../concepts/transactions/transaction-cost.md#key-reset-transaction): a special case where you can send a SetRegularKey transaction with a transaction cost of 0.
- **Tutorials:**
- [Change or Remove a Regular Key Pair](change-or-remove-a-regular-key-pair.md)
- [Set Up Multi-Signing](set-up-multi-signing.md)
- [Disable Master Key Pair](disable-master-key-pair.md)
- [List XRP as an Exchange](../../../use-cases/defi/list-xrp-as-an-exchange.md)
- **References:**
- [wallet_propose method][]
- [sign method][]
- [SetRegularKey transaction][]
- [account_info method][]
- [AccountRoot entry][]
- [AccountRoot object](../../../references/protocol/ledger-data/ledger-entry-types/accountroot.md) where the regular key is stored in the field `RegularKey`
{% raw-partial file="/docs/_snippets/common-links.md" /%}

582
docs/tutorials/best-practices/key-management/disable-master-key-pair.md
View File

@@ -1,6 +1,4 @@
---
html: disable-master-key-pair.html
parent: manage-account-settings.html
seo:
description: Disable the master key that is mathematically associated with an address.
labels:
@@ -9,494 +7,140 @@ labels:
---
# Disable Master Key Pair
This page describes how to disable the [master key pair](../../../concepts/accounts/cryptographic-keys.md) that is mathematically associated with an [account](../../../concepts/accounts/index.md)'s address. You should do this if your account's master key pair may have been compromised, or if you want to make [multi-signing](../../../concepts/accounts/multi-signing.md) the _only_ way to submit transactions from your account.
This page describes how to disable the [master key pair](../../../concepts/accounts/cryptographic-keys.md) for an account. You should do this if your account's master key pair may have been compromised, or if you want to make [multi-signing](../../../concepts/accounts/multi-signing.md) the _only_ way to submit transactions from your account.
{% admonition type="danger" name="Warning" %}Disabling the master key pair removes one method of [authorizing transactions](../../../concepts/transactions/index.md#authorizing-transactions). You should be sure you can use one of the other ways of authorizing transactions, such as with a regular key or by multi-signing, before you disable the master key pair. (For example, if you [assigned a regular key pair](assign-a-regular-key-pair.md), make sure that you can successfully submit transactions with that regular key.) Due to the decentralized nature of the XRP Ledger, no one can restore access to your account if you cannot use the remaining ways of authorizing transactions.{% /admonition %}
{% admonition type="danger" name="Warning" %}Disabling the master key pair removes the default method of [authorizing transactions](../../../concepts/transactions/index.md#authorizing-transactions). Before doing this, it's best to double-check that you can successfully send transactions using your regular key pair or multi-signing list. Due to the decentralized nature of the XRP Ledger, there is no one who can restore access to your account if something goes wrong.{% /admonition %}
**To disable the master key pair, you must use the master key pair.** However, you can _re-enable_ the master key pair using any other method of authorizing transactions.
## Goals
By following this tutorial, you should learn how to:
- Disable the master key pair for an account.
- Check an account to see if its master key pair is disabled.
## Prerequisites
To disable the master key pair for an account, you must meet the following prerequisites:
To complete this tutorial, you should:
- You must have an XRP Ledger [account](../../../concepts/accounts/index.md) and you must be able to sign and submit transactions from that account using the master key pair. See also: [Set Up Secure Signing](../../../concepts/transactions/secure-signing.md). Two common ways this can work are:
- You know the account's master seed value. A seed value is commonly represented as a [base58][] value starting with "s", such as `sn3nxiW7v8KXzPzAqzyHXbSSKNuN9`.
- Or, you use a [dedicated signing device](../../../concepts/transactions/secure-signing.md#use-a-dedicated-signing-device) that stores the seed value securely, so you don't need to know it.
- Your account must have at least one method of authorizing transactions other than the master key pair. In other words, you must do one or both of the following:
- [Assign a Regular Key Pair](assign-a-regular-key-pair.md).
- [Set Up Multi-Signing](set-up-multi-signing.md).
- Have a basic understanding of the XRP Ledger.
- Have an [XRP Ledger client library](../../../references/client-libraries.md), such as **xrpl.js**, installed.
- Have a basic understanding of [Cryptographic Keys](../../../concepts/accounts/cryptographic-keys.md).
- Know how to [assign a regular key pair](assign-a-regular-key-pair.md) or [set up multi-signing](set-up-multi-signing.md) for an account.
## Source Code
You can find the complete source code for this tutorial's examples in the {% repo-link path="_code-samples/disable-master-key/" %}code samples section of this website's repository{% /repo-link %}.
## Steps
### 1. Construct Transaction JSON
Prepare an [AccountSet transaction][] from your account with the field `"SetValue": 4`. This is the value for the AccountSet flag "Disable Master" (`asfDisableMaster`). The only other required fields for this transaction are the required [common fields](../../../references/protocol/transactions/common-fields.md). For example, if you leave off the [auto-fillable fields](../../../references/protocol/transactions/common-fields.md#auto-fillable-fields), the following transaction instructions are enough:
```json
{
"TransactionType": "AccountSet",
"Account": "rf1BiGeXwwQoi8Z2ueFYTEXSwuJYfV2Jpn",
"SetFlag": 4
}
```
{% admonition type="success" name="Tip" %}It is strongly recommended to also provide the `LastLedgerSequence` field so that you can [reliably get the outcome of the transaction in a predictable amount of time](../../../concepts/transactions/reliable-transaction-submission.md).{% /admonition %}
### 2. Sign Transaction
You must use the **master key pair** to sign the transaction.
{% admonition type="danger" name="Warning" %}Do not submit your secret to a server you don't control, and do not send it over the network unencrypted. These examples assume you are using a [local `rippled` server](../../../concepts/transactions/secure-signing.md#run-rippled-locally). You should adapt these instructions if you are using another [secure signing configuration](../../../concepts/transactions/secure-signing.md).{% /admonition %}
#### Example Request
### 1. Install dependencies
{% tabs %}
{% tab label="WebSocket" %}
```json
{
"command": "sign",
"tx_json": {
"TransactionType": "AccountSet",
"Account": "rf1BiGeXwwQoi8Z2ueFYTEXSwuJYfV2Jpn",
"SetFlag": 4
},
"secret": "s████████████████████████████"
}
```
{% /tab %}
{% tab label="JSON-RPC" %}
```json
{
"method": "sign",
"params": [
{
"tx_json": {
"TransactionType": "AccountSet",
"Account": "rf1BiGeXwwQoi8Z2ueFYTEXSwuJYfV2Jpn",
"SetFlag": 4
},
"secret": "s████████████████████████████"
}
]
}
```
{% /tab %}
{% tab label="Commandline" %}
```sh
$ rippled sign s████████████████████████████ '{"TransactionType":"AccountSet",
"Account":"rf1BiGeXwwQoi8Z2ueFYTEXSwuJYfV2Jpn", "SetFlag":4}'
```
{% /tab %}
{% /tabs %}
#### Example Response
{% tabs %}
{% tab label="WebSocket" %}
```json
{
"result": {
"deprecated": "This command has been deprecated and will be removed in a future version of the server. Please migrate to a standalone signing tool.",
"tx_blob": "1200032280000000240000017C20210000000468400000000000000A732103AB40A0490F9B7ED8DF29D246BF2D6269820A0EE7742ACDD457BEA7C7D0931EDB7446304402204457A890BC06F48061F8D61042975702B57EBEF3EA2C7C484DFE38CFD42EA11102202505A7C62FF41E68FDE10271BADD75BD66D54B2F96A326BE487A2728A352442D81144B4E9C06F24296074F7BC48F92A97916C6DC5EA9",
"tx_json": {
"Account": "rf1BiGeXwwQoi8Z2ueFYTEXSwuJYfV2Jpn",
"Fee": "10",
"Flags": 2147483648,
"Sequence": 380,
"SetFlag": 4,
"SigningPubKey": "03AB40A0490F9B7ED8DF29D246BF2D6269820A0EE7742ACDD457BEA7C7D0931EDB",
"TransactionType": "AccountSet",
"TxnSignature": "304402204457A890BC06F48061F8D61042975702B57EBEF3EA2C7C484DFE38CFD42EA11102202505A7C62FF41E68FDE10271BADD75BD66D54B2F96A326BE487A2728A352442D",
"hash": "327FD263132A4D08170E1B01FE1BB2E21D0126CE58165C97A9173CA9551BCD70"
}
},
"status": "success",
"type": "response"
}
```
{% /tab %}
{% tab label="JSON-RPC" %}
```json
{
"result": {
"deprecated": "This command has been deprecated and will be removed in a future version of the server. Please migrate to a standalone signing tool.",
"status": "success",
"tx_blob": "1200032280000000240000017C20210000000468400000000000000A732103AB40A0490F9B7ED8DF29D246BF2D6269820A0EE7742ACDD457BEA7C7D0931EDB7446304402204457A890BC06F48061F8D61042975702B57EBEF3EA2C7C484DFE38CFD42EA11102202505A7C62FF41E68FDE10271BADD75BD66D54B2F96A326BE487A2728A352442D81144B4E9C06F24296074F7BC48F92A97916C6DC5EA9",
"tx_json": {
"Account": "rf1BiGeXwwQoi8Z2ueFYTEXSwuJYfV2Jpn",
"Fee": "10",
"Flags": 2147483648,
"Sequence": 380,
"SetFlag": 4,
"SigningPubKey": "03AB40A0490F9B7ED8DF29D246BF2D6269820A0EE7742ACDD457BEA7C7D0931EDB",
"TransactionType": "AccountSet",
"TxnSignature": "304402204457A890BC06F48061F8D61042975702B57EBEF3EA2C7C484DFE38CFD42EA11102202505A7C62FF41E68FDE10271BADD75BD66D54B2F96A326BE487A2728A352442D",
"hash": "327FD263132A4D08170E1B01FE1BB2E21D0126CE58165C97A9173CA9551BCD70"
}
}
}
```
{% /tab %}
{% tab label="Commandline" %}
```sh
Loading: "/etc/opt/ripple/rippled.cfg"
2020-Feb-13 00:13:24.783570867 HTTPClient:NFO Connecting to 127.0.0.1:5005
{
"result" : {
"deprecated" : "This command has been deprecated and will be removed in a future version of the server. Please migrate to a standalone signing tool.",
"status" : "success",
"tx_blob" : "1200032280000000240000017C20210000000468400000000000000A732103AB40A0490F9B7ED8DF29D246BF2D6269820A0EE7742ACDD457BEA7C7D0931EDB7446304402204457A890BC06F48061F8D61042975702B57EBEF3EA2C7C484DFE38CFD42EA11102202505A7C62FF41E68FDE10271BADD75BD66D54B2F96A326BE487A2728A352442D81144B4E9C06F24296074F7BC48F92A97916C6DC5EA9",
"tx_json" : {
"Account" : "rf1BiGeXwwQoi8Z2ueFYTEXSwuJYfV2Jpn",
"Fee" : "10",
"Flags" : 2147483648,
"Sequence" : 380,
"SetFlag" : 4,
"SigningPubKey" : "03AB40A0490F9B7ED8DF29D246BF2D6269820A0EE7742ACDD457BEA7C7D0931EDB",
"TransactionType" : "AccountSet",
"TxnSignature" : "304402204457A890BC06F48061F8D61042975702B57EBEF3EA2C7C484DFE38CFD42EA11102202505A7C62FF41E68FDE10271BADD75BD66D54B2F96A326BE487A2728A352442D",
"hash" : "327FD263132A4D08170E1B01FE1BB2E21D0126CE58165C97A9173CA9551BCD70"
}
}
}
```
{% /tab %}
{% /tabs %}
Look for `"status": "success"` to indicate that the server successfully signed the transaction. If you get `"status": "error"` instead, check the `error` and `error_message` fields for more information. Some common possibilities include:
- `"error": "badSecret"` usually means you made a typo in the `secret` of the request.
- `"error": "masterDisabled"` means this address's master key pair is _already_ disabled.
Take note of the `tx_blob` value from the response. This is a signed transaction binary you can submit to the network.
### 3. Submit Transaction
Submit the signed transaction blob from the previous step to the XRP Ledger.
#### Example Request
{% tabs %}
{% tab label="WebSocket" %}
```json
{
"command": "submit",
"tx_blob": "1200032280000000240000017C20210000000468400000000000000A732103AB40A0490F9B7ED8DF29D246BF2D6269820A0EE7742ACDD457BEA7C7D0931EDB7446304402204457A890BC06F48061F8D61042975702B57EBEF3EA2C7C484DFE38CFD42EA11102202505A7C62FF41E68FDE10271BADD75BD66D54B2F96A326BE487A2728A352442D81144B4E9C06F24296074F7BC48F92A97916C6DC5EA9"
}
```
{% /tab %}
{% tab label="JSON-RPC" %}
```json
{
"method":"submit",
"params": [
{
"tx_blob": "1200032280000000240000017C20210000000468400000000000000A732103AB40A0490F9B7ED8DF29D246BF2D6269820A0EE7742ACDD457BEA7C7D0931EDB7446304402204457A890BC06F48061F8D61042975702B57EBEF3EA2C7C484DFE38CFD42EA11102202505A7C62FF41E68FDE10271BADD75BD66D54B2F96A326BE487A2728A352442D81144B4E9C06F24296074F7BC48F92A97916C6DC5EA9"
}
]
}
```
{% /tab %}
{% tab label="Commandline" %}
```
$ rippled submit 1200032280000000240000017C20210000000468400000000000000A732103AB40A0490F9B7ED8DF29D246BF2D6269820A0EE7742ACDD457BEA7C7D0931EDB7446304402204457A890BC06F48061F8D61042975702B57EBEF3EA2C7C484DFE38CFD42EA11102202505A7C62FF41E68FDE10271BADD75BD66D54B2F96A326BE487A2728A352442D81144B4E9C06F24296074F7BC48F92A97916C6DC5EA9
```
{% /tab %}
{% /tabs %}
#### Example Response
{% tabs %}
{% tab label="WebSocket" %}
```json
{
"result": {
"engine_result" : "tesSUCCESS",
"engine_result_code" : 0,
"engine_result_message" : "The transaction was applied. Only final in a validated ledger.",
"tx_blob" : "1200032280000000240000017C20210000000468400000000000000A732103AB40A0490F9B7ED8DF29D246BF2D6269820A0EE7742ACDD457BEA7C7D0931EDB7446304402204457A890BC06F48061F8D61042975702B57EBEF3EA2C7C484DFE38CFD42EA11102202505A7C62FF41E68FDE10271BADD75BD66D54B2F96A326BE487A2728A352442D81144B4E9C06F24296074F7BC48F92A97916C6DC5EA9",
"tx_json" : {
"Account" : "rf1BiGeXwwQoi8Z2ueFYTEXSwuJYfV2Jpn",
"Fee" : "10",
"Flags" : 2147483648,
"Sequence" : 380,
"SetFlag" : 4,
"SigningPubKey" : "03AB40A0490F9B7ED8DF29D246BF2D6269820A0EE7742ACDD457BEA7C7D0931EDB",
"TransactionType" : "AccountSet",
"TxnSignature" : "304402204457A890BC06F48061F8D61042975702B57EBEF3EA2C7C484DFE38CFD42EA11102202505A7C62FF41E68FDE10271BADD75BD66D54B2F96A326BE487A2728A352442D",
"hash" : "327FD263132A4D08170E1B01FE1BB2E21D0126CE58165C97A9173CA9551BCD70"
}
},
"status": "success",
"type": "response"
}
```
{% /tab %}
{% tab label="JSON-RPC" %}
```json
{
"result" : {
"engine_result" : "tesSUCCESS",
"engine_result_code" : 0,
"engine_result_message" : "The transaction was applied. Only final in a validated ledger.",
"status" : "success",
"tx_blob" : "1200032280000000240000017C20210000000468400000000000000A732103AB40A0490F9B7ED8DF29D246BF2D6269820A0EE7742ACDD457BEA7C7D0931EDB7446304402204457A890BC06F48061F8D61042975702B57EBEF3EA2C7C484DFE38CFD42EA11102202505A7C62FF41E68FDE10271BADD75BD66D54B2F96A326BE487A2728A352442D81144B4E9C06F24296074F7BC48F92A97916C6DC5EA9",
"tx_json" : {
"Account" : "rf1BiGeXwwQoi8Z2ueFYTEXSwuJYfV2Jpn",
"Fee" : "10",
"Flags" : 2147483648,
"Sequence" : 380,
"SetFlag" : 4,
"SigningPubKey" : "03AB40A0490F9B7ED8DF29D246BF2D6269820A0EE7742ACDD457BEA7C7D0931EDB",
"TransactionType" : "AccountSet",
"TxnSignature" : "304402204457A890BC06F48061F8D61042975702B57EBEF3EA2C7C484DFE38CFD42EA11102202505A7C62FF41E68FDE10271BADD75BD66D54B2F96A326BE487A2728A352442D",
"hash" : "327FD263132A4D08170E1B01FE1BB2E21D0126CE58165C97A9173CA9551BCD70"
}
}
}
```
{% /tab %}
{% tab label="Commandline" %}
```sh
Loading: "/etc/opt/ripple/rippled.cfg"
2020-Feb-13 00:25:49.361743460 HTTPClient:NFO Connecting to 127.0.0.1:5005
{
"result" : {
"engine_result" : "tesSUCCESS",
"engine_result_code" : 0,
"engine_result_message" : "The transaction was applied. Only final in a validated ledger.",
"status" : "success",
"tx_blob" : "1200032280000000240000017C20210000000468400000000000000A732103AB40A0490F9B7ED8DF29D246BF2D6269820A0EE7742ACDD457BEA7C7D0931EDB7446304402204457A890BC06F48061F8D61042975702B57EBEF3EA2C7C484DFE38CFD42EA11102202505A7C62FF41E68FDE10271BADD75BD66D54B2F96A326BE487A2728A352442D81144B4E9C06F24296074F7BC48F92A97916C6DC5EA9",
"tx_json" : {
"Account" : "rf1BiGeXwwQoi8Z2ueFYTEXSwuJYfV2Jpn",
"Fee" : "10",
"Flags" : 2147483648,
"Sequence" : 380,
"SetFlag" : 4,
"SigningPubKey" : "03AB40A0490F9B7ED8DF29D246BF2D6269820A0EE7742ACDD457BEA7C7D0931EDB",
"TransactionType" : "AccountSet",
"TxnSignature" : "304402204457A890BC06F48061F8D61042975702B57EBEF3EA2C7C484DFE38CFD42EA11102202505A7C62FF41E68FDE10271BADD75BD66D54B2F96A326BE487A2728A352442D",
"hash" : "327FD263132A4D08170E1B01FE1BB2E21D0126CE58165C97A9173CA9551BCD70"
}
}
}
```
{% /tab %}
{% /tabs %}
If the transaction fails with the result `tecNO_ALTERNATIVE_KEY`, your account does not have another method of authorizing transactions currently enabled. You must [assign a regular key pair](assign-a-regular-key-pair.md) or [set up multi-signing](set-up-multi-signing.md), then try again to disable the master key pair.
### 4. Wait for validation
{% raw-partial file="/docs/_snippets/wait-for-validation.md" /%}
### 5. Confirm Account Flags
Confirm that your account's master key is disabled using the [account_info method][]. Be sure to specify the following parameters:
| Field | Value |
|:---------------|:------------------------------------------------------------|
| `account` | The address of your account. |
| `ledger_index` | `"validated"` to get results from the latest validated ledger version. |
#### Example Request
{% tabs %}
{% tab label="WebSocket" %}
```json
{
"command": "account_info",
"account": "rf1BiGeXwwQoi8Z2ueFYTEXSwuJYfV2Jpn",
"ledger_index": "validated"
}
```
{% /tab %}
{% tab label="JSON-RPC" %}
```json
{
"method": "account_info",
"params": [{
"account": "rf1BiGeXwwQoi8Z2ueFYTEXSwuJYfV2Jpn",
"ledger_index": "validated"
}]
}
```
{% /tab %}
{% tab label="Commandline" %}
```sh
rippled account_info rf1BiGeXwwQoi8Z2ueFYTEXSwuJYfV2Jpn validated
```
{% /tab %}
{% /tabs %}
#### Example Response
{% tabs %}
{% tab label="WebSocket" %}
```json
{
"result": {
"account_data": {
"Account": "rf1BiGeXwwQoi8Z2ueFYTEXSwuJYfV2Jpn",
"AccountTxnID": "327FD263132A4D08170E1B01FE1BB2E21D0126CE58165C97A9173CA9551BCD70",
"Balance": "423013688",
"Domain": "6D64756F31332E636F6D",
"EmailHash": "98B4375E1D753E5B91627516F6D70977",
"Flags": 9633792,
"LedgerEntryType": "AccountRoot",
"MessageKey": "0000000000000000000000070000000300",
"OwnerCount": 9,
"PreviousTxnID": "327FD263132A4D08170E1B01FE1BB2E21D0126CE58165C97A9173CA9551BCD70",
"PreviousTxnLgrSeq": 53391321,
"RegularKey": "rD9iJmieYHn8jTtPjwwkW2Wm9sVDvPXLoJ",
"Sequence": 381,
"TransferRate": 4294967295,
"index": "13F1A95D7AAB7108D5CE7EEAF504B2894B8C674E6D68499076441C4837282BF8",
"urlgravatar": "http://www.gravatar.com/avatar/98b4375e1d753e5b91627516f6d70977"
},
"ledger_hash": "A90CEBD4AEDA24470AAC5CD307B6D26267ACE79C03669A0A0B8C41ACAEDAA6F0",
"ledger_index": 53391576,
"validated": true
},
"status": "success",
"type": "response"
}
```
{% /tab %}
{% tab label="JSON-RPC" %}
```json
{
"result": {
"account_data": {
"Account": "rf1BiGeXwwQoi8Z2ueFYTEXSwuJYfV2Jpn",
"AccountTxnID": "327FD263132A4D08170E1B01FE1BB2E21D0126CE58165C97A9173CA9551BCD70",
"Balance": "423013688",
"Domain": "6D64756F31332E636F6D",
"EmailHash": "98B4375E1D753E5B91627516F6D70977",
"Flags": 9633792,
"LedgerEntryType": "AccountRoot",
"MessageKey": "0000000000000000000000070000000300",
"OwnerCount": 9,
"PreviousTxnID": "327FD263132A4D08170E1B01FE1BB2E21D0126CE58165C97A9173CA9551BCD70",
"PreviousTxnLgrSeq": 53391321,
"RegularKey": "rD9iJmieYHn8jTtPjwwkW2Wm9sVDvPXLoJ",
"Sequence": 381,
"TransferRate": 4294967295,
"index": "13F1A95D7AAB7108D5CE7EEAF504B2894B8C674E6D68499076441C4837282BF8",
"urlgravatar": "http://www.gravatar.com/avatar/98b4375e1d753e5b91627516f6d70977"
},
"ledger_hash": "4C4AC95149B13B539369998675FE6860C52695E83658366F18872181C9F1AEBF",
"ledger_index": 53391589,
"status": "success",
"validated": true
}
}
```
{% /tab %}
{% tab label="Commandline" %}
```sh
Loading: "/etc/opt/ripple/rippled.cfg"
2020-Feb-13 00:41:38.642710734 HTTPClient:NFO Connecting to 127.0.0.1:5005
{
"result" : {
"account_data" : {
"Account" : "rf1BiGeXwwQoi8Z2ueFYTEXSwuJYfV2Jpn",
"AccountTxnID" : "327FD263132A4D08170E1B01FE1BB2E21D0126CE58165C97A9173CA9551BCD70",
"Balance" : "423013688",
"Domain" : "6D64756F31332E636F6D",
"EmailHash" : "98B4375E1D753E5B91627516F6D70977",
"Flags" : 9633792,
"LedgerEntryType" : "AccountRoot",
"MessageKey" : "0000000000000000000000070000000300",
"OwnerCount" : 9,
"PreviousTxnID" : "327FD263132A4D08170E1B01FE1BB2E21D0126CE58165C97A9173CA9551BCD70",
"PreviousTxnLgrSeq" : 53391321,
"RegularKey" : "rD9iJmieYHn8jTtPjwwkW2Wm9sVDvPXLoJ",
"Sequence" : 381,
"TransferRate" : 4294967295,
"index" : "13F1A95D7AAB7108D5CE7EEAF504B2894B8C674E6D68499076441C4837282BF8",
"urlgravatar" : "http://www.gravatar.com/avatar/98b4375e1d753e5b91627516f6d70977"
},
"ledger_hash" : "BBA4034FB5D5D89987E0987A9491E7B62B16708EECFF04CDB0367BD4D28EB1B5",
"ledger_index" : 53391568,
"status" : "success",
"validated" : true
}
}
```
{% /tab %}
{% /tabs %}
In the response's `account_data` object, compare the `Flags` field with the `lsfDisableMaster` flag value (`0x00100000` in hex, or `1048576` in decimal) using bitwise-AND (the `&` operator in most common programming languages).
Example code:
{% tabs %}
{% tab label="JavaScript" %}
```js
// Assuming the JSON-RPC response above is saved as account_info_response
const lsfDisableMaster = 0x00100000;
let acct_flags = account_info_response.result.account_data.Flags;
if ((lsfDisableMaster & acct_flags) === lsfDisableMaster) {
console.log("Master key pair is DISABLED");
} else {
console.log("Master key pair is available for use");
}
From the code sample folder, use `npm` to install dependencies:
```sh
npm i
```
{% /tab %}
{% tab label="Python" %}
```python
# Assuming the JSON-RPC response above is parsed from JSON
# and saved as the variable account_info_response
lsfDisableMaster = 0x00100000
acct_flags = account_info_response["result"]["account_data"]["Flags"]
if lsfDisableMaster & acct_flags == lsfDisableMaster:
print("Master key pair is DISABLED")
else:
print("Master key pair is available for use")
From the code sample folder, set up a virtual environment and use `pip` to install dependencies:
```sh
python -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
```
{% /tab %}
{% /tabs %}
This operation has only two possible outcomes:
### 2. Connect and get account(s)
- A nonzero result, equal to the `lsfDisableMaster` value, indicates **the master key has been successfully disabled**.
- A zero result indicates the account's master key is not disabled.
To get started, import the client library and instantiate an API client. For this tutorial, you need one account, which the sample code funds using the Testnet faucet; you could also use an existing account.
If the result does not match your expectations, check whether the transaction you sent in the previous steps has executed successfully. It should be the most recent entry in the account's transaction history ([account_tx method][]) and it should have the result code `tesSUCCESS`. If you see any other [result code](../../../references/protocol/transactions/transaction-results/index.md), the transaction was not executed successfully. Depending on the cause of the error, you may want to restart these steps from the beginning.
{% tabs %}
{% tab label="JavaScript" %}
{% code-snippet file="/_code-samples/disable-master-key/js/disable-master-key.js" language="js" before="// Generate a regular key" /%}
{% /tab %}
{% tab label="Python" %}
{% code-snippet file="/_code-samples/disable-master-key/py/disable-master-key.py" language="py" before="# Generate a regular key" /%}
{% /tab %}
{% /tabs %}
### 3. Set up another way of authorizing transactions
Before you can disable the master key pair, your account must have another way of authorizing transactions, either a regular key pair or a multi-signing list. Since the sample code uses a newly-funded account, it does not yet have either one, so it generates and assigns a regular key the same way as in the [Assign a Regular Key Pair tutorial](assign-a-regular-key-pair.md). **Skip this step if you are using an existing account that already has a regular key pair or multi-signing list set up.**
{% tabs %}
{% tab label="JavaScript" %}
{% code-snippet file="/_code-samples/disable-master-key/js/disable-master-key.js" language="js" from="// Generate a regular key" before="// Disable master key" /%}
{% /tab %}
{% tab label="Python" %}
{% code-snippet file="/_code-samples/disable-master-key/py/disable-master-key.py" language="py" from="# Generate a regular key" before="# Disable master key" /%}
{% /tab %}
{% /tabs %}
{% admonition type="success" name="Tip" %}If your goal is to make the account a [black hole](/docs/concepts/accounts/addresses#special-addresses) that cannot send transactions at all, you still need to set a regular key. Instead of generating a key pair, use a known black hole address such as **rrrrrrrrrrrrrrrrrrrrrhoLvTp**.{% /admonition %}
### 4. Disable the master key pair
To disable the master key pair, send an [AccountSet transaction][] with the `SetFlag` value set to the `asfDisableMaster` value (4). Unlike most transactions, this one MUST be signed with the **master key pair** for the account.
{% tabs %}
{% tab label="JavaScript" %}
{% code-snippet file="/_code-samples/disable-master-key/js/disable-master-key.js" language="js" from="// Disable master key" before="// Confirm account flags" /%}
{% /tab %}
{% tab label="Python" %}
{% code-snippet file="/_code-samples/disable-master-key/py/disable-master-key.py" language="py" from="# Disable master key" before="# Confirm account flags" /%}
{% /tab %}
{% /tabs %}
If the transaction fails with the result `tecNO_ALTERNATIVE_KEY`, your account does not have another method of authorizing transactions currently enabled. You must [assign a regular key pair](assign-a-regular-key-pair.md) or [set up multi-signing](set-up-multi-signing.md), then try again to disable the master key pair.
{% admonition type="success" name="Tip" %}
If you later want to re-enable the master key pair, you can send an AccountSet transaction almost like this one, except for the following changes:
- Use the `ClearFlag` field instead of the `SetFlag` field.
- Sign the transaction using a regular key pair or multi-signing list. Naturally, you can't use the master key pair because it's disabled.
{% /admonition %}
### 5. Confirm account flags
At this point the master key pair for the account should be disabled. You can confirm that this is the case using the [account_info method][] and checking the `disableMasterKey` field of `account_flags` in the result.
{% tabs %}
{% tab label="JavaScript" %}
{% code-snippet file="/_code-samples/disable-master-key/js/disable-master-key.js" language="js" from="// Confirm account flags" /%}
{% /tab %}
{% tab label="Python" %}
{% code-snippet file="/_code-samples/disable-master-key/py/disable-master-key.py" language="py" from="# Confirm account flags" /%}
{% /tab %}
{% /tabs %}
If the result does not match your expectations, check whether the transaction you sent in the previous steps has executed successfully. It should be the most recent entry in the account's transaction history and it should have the result code `tesSUCCESS`. If you see any other [result code](../../../references/protocol/transactions/transaction-results/index.md), the transaction was not executed successfully.
Another possibility that may occur is that the `account_info` response you received was slightly out of date, because it used the validated ledger from just _before_ your transaction was validated. This is especially likely when using public server clusters, where requests may go to different machines, but it can happen any time you request data from the ledger immediately after a transaction is validated. If you wait at least half a second and send the same `account_info` request again, you should get the updated results.
You can look up the account on the [Testnet Explorer](https://testnet.xrpl.org/) to see if its master key pair is disabled in the most recent ledger version.
## See Also
For more information about this and related topics, see:
- **Concepts:**
- [Cryptographic Keys](../../../concepts/accounts/cryptographic-keys.md)
- [Multi-Signing](../../../concepts/accounts/multi-signing.md)
- [Issuing and Operational Addresses](../../../concepts/accounts/account-types.md)
- **Tutorials:**
- [Assign a Regular Key Pair](assign-a-regular-key-pair.md)
- [Change or Remove a Regular Key Pair](change-or-remove-a-regular-key-pair.md)
- [Set Up Multi-Signing](set-up-multi-signing.md)
- **References:**
- [AccountSet transaction][]
- [account_info method][]
{% raw-partial file="/docs/_snippets/common-links.md" /%}