Generating Keys for the Block-producing Node
Last updated
Last updated
The block-producer node requires you to create 3 keys as defined in the :
stake pool cold key (node.cert)
stake pool hot key (kes.skey)
stake pool VRF key (vrf.skey)
First, make a KES key pair.
Cold keys must be generated and stored on your air-gapped offline machine. The cold keys are the files stored in $HOME/cold-keys.
Make a directory to store your cold keys
Make a set of cold keys and create the cold counter file.
Be sure to back up your all your keys to another secure storage device. Make multiple copies.
Determine the number of slots per KES period from the genesis file.
Find the kesPeriod by dividing the slot tip number by the slotsPerKESPeriod.
With this calculation, you can generate a operational certificate for your pool.
Copy kes.vkey to your cold environment.
Change the <startKesPeriod> value accordingly.
Copy node.cert to your hot environment.
Make a VRF key pair.
Update vrf key permissions to read-only. You must also copy vrf.vkey to your cold environment.
Stop your stake pool by running the following:
Update your startup script with the new KES, VRF and Operation Certificate.
Now start your block producer node.
The following figure illustrates sample output of the gLiveView dashboard when Cardano Node is operating as a block producer.
Before continuing, your node must be fully synchronized to the blockchain. Otherwise, you won't calculate the latest KES period. Your node is synchronized when the epoch and slot# is equal to that found on a block explorer such as
The cardano-cli conway query tip --mainnet
command uses the CARDANO_NODE_SOCKET_PATH
environment variable that you set in the $HOME/.bashrc
file when . cardano-cli
commands throughout the CoinCashew Guide may use the CARDANO_NODE_SOCKET_PATH
environment variable. If you do not set the CARDANO_NODE_SOCKET_PATH
environment variable, then you need to set the --socket-path
option explicitly in each command requiring the location of the Cardano node socket file.
Your stake pool requires an operational certificate to verify that the pool has the authority to run. For more details on operational certificates, see the topic .