Generate your stake pool keys

Search…

WARNING:
Basic core node firewall configuration:
Make sure you can only login with SSH Keys, not password.
Make sure you cannot login as root
Make sure to setup SSH connections in a port different than the default 22
Make sure to configure the firewall to only allow connections from your relay nodes by setting up their ip addresses.
Basic relay node firewall configuration:
Make sure you can only login with SSH Keys, not password.
Make sure you cannot login as root
Make sure to setup SSH connections in a port different than the default 22.
Make sure you only have the strictly necessary ports opened.
​See Firewall Additional Material
Creating stake pool keys
WARNING: For Mainnet, you may want to use your local machine for this process. Make sure you are not online until you have put your cold keys in a secure storage and deleted the files from your local machine.
The core node needs:
Cold Key pair,
VRF Key pair,
KES Key pair,
Operational Certificate
Create a directory to store your keys:
mkdir pool-keys
cd pool-keys
Generate Cold Keys and a Cold_counter:
cardano-cli node key-gen \
--cold-verification-key-file cold.vkey \
--cold-signing-key-file cold.skey \
--operational-certificate-issue-counter-file cold.counter
Generate VRF Key pair
cardano-cli node key-gen-VRF \
--verification-key-file vrf.vkey \
--signing-key-file vrf.skey
Generate the KES Key pair
cardano-cli node key-gen-KES \
--verification-key-file kes.vkey \
--signing-key-file kes.skey
Generate the Operational Certificate
We need to know the slots per KES period, we get it from the genesis file:
cat testnet-shelley-genesis.json | grep KESPeriod
> "slotsPerKESPeriod": 3600,
So one period lasts 3600 slots.
Then we need the current tip of the blockchain:
We can use your relay node to query the tip:
cardano-cli query tip --testnet-magic 1097911063
​
{
    "blockNo": 27470,
    "headerHash": "bd954e753c1131a6cb7ab3a737ca7f78e2477bea93db54511cedefe8899ebed0",
    "slotNo": 656260
}
Look for Tip unSlotNo value. In this example we are on slot 656260. So we have KES period is 182:
expr 656260 / 3600
> 182
NOTE: slotNo and Kes-period will be different when you run this commands. So make sure to calculate them yourself.
To generate the certificate:
cardano-cli node issue-op-cert \
--kes-verification-key-file kes.vkey \
--cold-signing-key-file cold.skey \
--operational-certificate-issue-counter cold.counter \
--kes-period 182 \
--out-file node.cert
Move the cold keys to secure storage
The best place for your cold keys is a SECURE USB or other SECURE EXTERNAL DEVICE, not a computer with internet access.
Copy the cold keys from your server to your local machine and from there to COLD storage.
For example:
scp -i " file.pem" [email protected]:~/poolkeys/cold* /local/directory
​
> Transferred: sent 3220, received 6012 bytes, in 1.2 seconds
Bytes per second: sent 2606.6, received 4866.8
debug1: Exit status 0
Later on we will learn how to register our pool in the blockchain.
QUESTIONS AND FEEDBACK
If you have any questions and suggestions while taking the lessons please feel free to ask in the forum and we will respond as soon as possible.

Pledge

Start your core node

Last modified 1yr ago

Copy link

On this page

Creating stake pool keys

Generate Cold Keys and a Cold_counter:

Generate VRF Key pair

Generate the KES Key pair

Generate the Operational Certificate

Move the cold keys to secure storage

Copy the cold keys from your server to your local machine and from there to COLD storage.