What is the difference between a transaction with and without signatures?

Question

When i send an transaction to peer/transactions i can send it with and without signatures. Both transaction are accepted. What is the difference.

Example; Create a new chain / dapp by using asch-js

Situation 1: using signatures (and a transactionid):

 function createDApp(options, secret, secondSecret) {
    var keys = crypto.getKeys(secret);

    var transaction = {
        secret: secret,
                type: 200,
        amount: 0,
        fee: constants.fees.dapp,
        recipientId: null,
        senderId: crypto.getAddress(keys.publicKey),
        timestamp: slots.getTime() - globalOptions.get('clientDriftSeconds'),
                args: [options.name, options.description, options.link, options.icon, options.delegates, options.unlockDelegates], 
                signatures: []
    };

    transaction.signatures.push(crypto.sign(transaction, keys));

    if (secondSecret) {
        var secondKeys = crypto.getKeys(secondSecret);
        transaction.signatures.push(crypto.secondSign(transaction, secondKeys));
    }

    transaction.id = crypto.getId(transaction);
    return transaction;
}

Situation 2: no signatures

function createDApp(options, secret, secondSecret) {
    var keys = crypto.getKeys(secret);

    var transaction = {
        secret: secret,
                type: 200,
        amount: 0,
        fee: constants.fees.dapp,
        recipientId: null,
        senderId: crypto.getAddress(keys.publicKey),
        timestamp: slots.getTime() - globalOptions.get('clientDriftSeconds'),
                args: [options.name, options.description, options.link, options.icon, options.delegates, options.unlockDelegates], 
                signatures: []
    };

    return transaction;
}

Both transaction are accepted (and create a new chain). So what is the difference and what is best practice?

Does it work if you sign the transaction and send it to `peers/transactions` without the `secret` property? If you provide the secret in the transaction the blockchain will be able to self sign the transaction. — a1300, Aug 10 '18 at 15:41
hi @mathayk, the `secret` in the `transaction` is not required, but the transactions is also accpeted without the `secret` and with an empty `sigantures[]` — Bass Jobsen, Aug 10 '18 at 19:26

a1300 · Accepted Answer · 2018-08-11T11:58:57.813

As far as I understand the api/transactions endpoint is mainly for unsigned transactions (like your 2nd example). Therefore you need to provide the secret property. Otherwise the ASCH blockchain can't sign your unsigned transaction.

In your first example you are signing the transaction by yourself, therefore you don't need to send the secret property to the peer/transactions endpoint.

From a security endpoint it is better to sign your transactions locally. So no malicious node can steal all your funds when you send your secret the a blockchain endpoint.

What is the difference between a transaction with and without signatures?

1 Answers1