As of December 2021, Fireblocks has issued a new version of the API Co-Signer. The new version (1.1.5) has the following:
- Major performance improvements for Azure API Co-Signer users. You can now use Azure DCsV3-Series (i.e. DC4s v3, DC8s v3, and other versions). This includes X1500 encrypted memory, X12 regular memory, and X6 CPU cores.
- Stability and performance improvements for all users using the updated Linux Kernel 5.11 and Intel SGX SDK (version 2.15)
- Transactions are signed using MPC-CMP, the most secure protocol to hold and transfer digital assets. Learn more about the MPC-CMP rollout for Fireblocks users.
- New configurations for change events support:
- Add users
- Re-enroll device
- Change Admin Quorum threshold
- Enable one-time address
To check your current API Co-Signer version, run the following command:
head cosigner -n 3 | grep VER
Email notification from Fireblocks
You'll receive an email from Fireblocks Support with a link to the new API Co-Signer installer. If you haven't received this email and are interested in upgrading your API Co-Signer, contact Fireblocks Support.
Guidelines for updates
Note
Upgrading the API Co-Signer to the new version requires a new installation of an API Co-Signer. The cosigner update command will not work for this upgrade.
Creating a new API user and retrieving its pairing token
- Create a new API user.
- Copy and store the API user's API key and pairing token for the API Co-Signer server setup.
Note
If you don't have the option to add new API users in the Fireblocks Console, contact Fireblocks Support.
Installing a new API Co-Signer
Before installing the new API Co-Signer, keep the following points in mind:
- Instance type:
- For Azure users, we recommend using Azure DCsv3-Series servers for better performance benefits and higher transaction throughput. The recommended size is DC4s_v3.
- If you use Fireblocks API Co-Signer in other platforms, refer to the SGX-enabled server: Provisioning guide.
- Use the new API Co-Signer installer link you receive via email from Fireblocks Support.
- Install the new API Co-Signer using the API key and pairing token of the new API user you created in the steps above.
To install a new API Co-Signer, follow the steps in the API Co-Signer Setup article.
Testing the new API Co-Signer
Run a basic test initiating and signing a transaction using the new API user and the new API Co-Signer.
Migrate your existing API users to the new API Co-Signer
For each API user that will migrate to the new API Co-Signer server:
- Re-enroll the API user that needs to migrate to the new co-signer server.
- Copy and store the API key and pairing token of each API user that will migrate to the new API Co-Signer server.
- Add the API key and Pairing Token to the new and updated API Co-Signer. For detailed steps, refer to the Adding Additional API users section in the API Co-Signer Setup article.
Note
If you don't have the option to re-enroll API users from the Fireblocks Console, contact Fireblocks Support.
Suspending your previous API Co-Signer server
You can now suspend your previous API Co-Signer server.
Reverting to your previous API co-signer server
If you've retained your previous API Co-Signer server instance, you can revert back to the previous API Co-Signer by activating the server. Then revert each API user by following the steps below:
- Re-enroll each API User that will revert to the previous server.
- Copy and store the API key and pairing token of each API user that will revert to the previous server.
- Add the API key and pairing token to the previous API Co-Signer. For detailed steps, refer to the Adding Additional API users section in the API Co-Signer Setup article.
Note
If you don't have the option to re-enroll your API users from the Fireblocks console, contact Fireblocks Support.