CoinCashew
CoinsWallets
Search…
CoinCashew
English
Home
Guide: Where to Get Started
Coins
Wallets
Exchanges
Learn | via Workshops & Courses
Donations | via CoinTr.ee
About Us
Wallets
Mobile Wallets
Desktop Wallets
Hardware Wallets
Browser Wallets
Guide: Crypto Wallet Tips 101 - Do's and Don'ts
Review: Metal Bitcoin Seed Storage by jlopp
Exchanges
Exchange Directory
Guide: Dollar-cost averaging into crypto
Guide: Where to get Crypto
Guide: Earning Crypto via CashBack
DeFi
Overview: DeFi
Guides: How to DeFi
Guide: Intro to DEFI Yield Farming
Guide: How to bank your business without a Bank by Bankless
External Reading Material
Coins
Bitcoin: BTC
Ethereum: ETH
Bitcoin Cash: BCH
Litecoin: LTC
Polkadot | DOT
Cardano: ADA
Guide: How to Set Up a Cardano Stake Pool
PART I - INSTALLATION
PART II - CONFIGURATION
PART III - OPERATION
Starting the Nodes
Accessing Built-in Help
Generating Keys for the Block-producing Node
Setting Up Payment and Stake Keys
Registering Your Stake Address
Registering Your Stake Pool
Verifying Stake Pool Operation
Configuring Network Topology
Setting Up Dashboards
Configuring Slot Leader Calculations
Securing Your Stake Pool Using a Hardware Wallet
PART IV - ADMINISTRATION & MAINTENANCE
PART V - TIPS
Appendix A - Best Practices Checklist
Appendix B - Receiving Stake Pool Delegations
Telegram Chat Channel
See Also
Credits
Guide: How to buy ADA
Guide: Build Haskell Pool by Cardano Community
A Non-technical Guide for Running a Stakepool
Guide: How to stake ADA
Guide: Install Daedalus mainnet wallet
Binance Coin: BNB
EOS
Tezos: XTZ
Chainlink: LINK
Monero: XMR
TRON: TRX
Stellar: XLM
NEO
Cosmos: ATOM
Maker: MKR
VeChain: VET
Ontology: ONT
Basic Attention Token: BAT
HEX
Dogecoin: DOGE
Digibyte: DGB
0x: ZRX
Kyber Network: KNC
THETA
ICON: ICX
Enjin Coin: ENJ
Crypto.com: MCO
Aave: LEND
Algorand: ALGO
Decred: DCR
Komodo: KMD
REN
ZCOIN: XZC
WAVES
GRIN
BEAM
LivePeer: LPT
Edgeware: EDG
Synthetix: SNX
FunFair: FUN
Metal: MTL
Telos: TLOS
Powered By GitBook
Generating Keys for the Block-producing Node
The block-producer node requires you to create 3 keys as defined in the Shelley ledger specs:
  • stake pool cold key (node.cert)
  • stake pool hot key (kes.skey)
  • stake pool VRF key (vrf.skey)
First, make a KES key pair.
block producer node
cd $NODE_HOME
cardano-cli node key-gen-KES \
--verification-key-file kes.vkey \
--signing-key-file kes.skey
KES (key evolving signature) keys are created to secure your stake pool against hackers who might compromise your keys.
On mainnet, you will need to regenerate the KES key every 90 days.
​
🔥
 Cold keys must be generated and stored on your air-gapped offline machine. The cold keys are the files stored in $HOME/cold-keys.
Make a directory to store your cold keys
Air-gapped offline machine
mkdir $HOME/cold-keys
pushd $HOME/cold-keys
Make a set of cold keys and create the cold counter file.
air-gapped offline machine
cardano-cli node key-gen \
--cold-verification-key-file node.vkey \
--cold-signing-key-file $HOME/cold-keys/node.skey \
--operational-certificate-issue-counter node.counter
Be sure to back up your all your keys to another secure storage device. Make multiple copies.
Determine the number of slots per KES period from the genesis file.
block producer node
pushd +1
slotsPerKESPeriod=$(cat $NODE_HOME/shelley-genesis.json | jq -r '.slotsPerKESPeriod')
echo slotsPerKESPeriod: ${slotsPerKESPeriod}
Before continuing, your node must be fully synchronized to the blockchain. Otherwise, you won't calculate the latest KES period. Your node is synchronized when the epoch and slot# is equal to that found on a block explorer such as https://pooltool.io/​
block producer node
slotNo=$(cardano-cli query tip --mainnet | jq -r '.slot')
echo slotNo: ${slotNo}
Find the kesPeriod by dividing the slot tip number by the slotsPerKESPeriod.
block producer node
kesPeriod=$((${slotNo} / ${slotsPerKESPeriod}))
echo kesPeriod: ${kesPeriod}
startKesPeriod=${kesPeriod}
echo startKesPeriod: ${startKesPeriod}
With this calculation, you can generate a operational certificate for your pool.
Copy kes.vkey to your cold environment.
Change the <startKesPeriod> value accordingly.
Your stake pool requires an operational certificate to verify that the pool has the authority to run. For more details on operational certificates, see the topic Issuing a New Operational Certificate.
air-gapped offline machine
cardano-cli node issue-op-cert \
--kes-verification-key-file kes.vkey \
--cold-signing-key-file $HOME/cold-keys/node.skey \
--operational-certificate-issue-counter $HOME/cold-keys/node.counter \
--kes-period <startKesPeriod> \
--out-file node.cert
Copy node.cert to your hot environment.
Make a VRF key pair.
block producer node
cardano-cli node key-gen-VRF \
--verification-key-file vrf.vkey \
--signing-key-file vrf.skey
Update vrf key permissions to read-only. You must also copy vrf.vkey to your cold environment.
chmod 400 vrf.skey
Stop your stake pool by running the following:
block producer node
sudo systemctl stop cardano-node
Update your startup script with the new KES, VRF and Operation Certificate.
block producer node
cat > $NODE_HOME/startBlockProducingNode.sh << EOF
DIRECTORY=$NODE_HOME
PORT=6000
HOSTADDR=0.0.0.0
TOPOLOGY=\${DIRECTORY}/topology.json
DB_PATH=\${DIRECTORY}/db
SOCKET_PATH=\${DIRECTORY}/db/socket
CONFIG=\${DIRECTORY}/config.json
KES=\${DIRECTORY}/kes.skey
VRF=\${DIRECTORY}/vrf.skey
CERT=\${DIRECTORY}/node.cert
/usr/local/bin/cardano-node run +RTS -N -A16m -qg -qb -RTS --topology \${TOPOLOGY} --database-path \${DB_PATH} --socket-path \${SOCKET_PATH} --host-addr \${HOSTADDR} --port \${PORT} --config \${CONFIG} --shelley-kes-key \${KES} --shelley-vrf-key \${VRF} --shelley-operational-certificate \${CERT}
EOF
To operate a stake pool, you need the KES, VRF key and Operational Certificate. Cold keys generate new operational certificates periodically.
Now start your block producer node.
block producer node
sudo systemctl start cardano-node
​
# Monitor with gLiveView
./gLiveView.sh
Previous
Accessing Built-in Help
Next
Setting Up Payment and Stake Keys
Last modified 1mo ago
Copy link
Edit on GitHub