github.com/pokt-network/tendermint@v0.32.11-0.20230426215212-59310158d3e9/docs/architecture/adr-008-priv-validator.md (about) 1 # ADR 008: SocketPV 2 3 Tendermint node's should support only two in-process PrivValidator 4 implementations: 5 6 - FilePV uses an unencrypted private key in a "priv_validator.json" file - no 7 configuration required (just `tendermint init`). 8 - TCPVal and IPCVal use TCP and Unix sockets respectively to send signing requests 9 to another process - the user is responsible for starting that process themselves. 10 11 Both TCPVal and IPCVal addresses can be provided via flags at the command line 12 or in the configuration file; TCPVal addresses must be of the form 13 `tcp://<ip_address>:<port>` and IPCVal addresses `unix:///path/to/file.sock` - 14 doing so will cause Tendermint to ignore any private validator files. 15 16 TCPVal will listen on the given address for incoming connections from an external 17 private validator process. It will halt any operation until at least one external 18 process successfully connected. 19 20 The external priv_validator process will dial the address to connect to 21 Tendermint, and then Tendermint will send requests on the ensuing connection to 22 sign votes and proposals. Thus the external process initiates the connection, 23 but the Tendermint process makes all requests. In a later stage we're going to 24 support multiple validators for fault tolerance. To prevent double signing they 25 need to be synced, which is deferred to an external solution (see #1185). 26 27 Conversely, IPCVal will make an outbound connection to an existing socket opened 28 by the external validator process. 29 30 In addition, Tendermint will provide implementations that can be run in that 31 external process. These include: 32 33 - FilePV will encrypt the private key, and the user must enter password to 34 decrypt key when process is started. 35 - LedgerPV uses a Ledger Nano S to handle all signing.