Payment keys are used to send and receive payments and stake keys are used to manage stake delegations.
There are two ways to create your payment and stake key pair. Pick the one that best suits your needs.
🔥Critical Operational Security Advice:payment and stake keys must be generated and used to build transactions in an cold environment. In other words, your air-gapped offline machine. Copy cardano-cli binary over to your offline machine and run the CLI method or mnemonic method. The only steps performed online in a hot environment are those steps that require live data. Namely the follow type of steps:
querying the current slot tip
querying the balance of an address
submitting a transaction
Create a new payment key pair: payment.skey & payment.vkey
###### On air-gapped offline machine,###cd $NODE_HOMEcardano-cliaddresskey-gen \--verification-key-filepayment.vkey \--signing-key-filepayment.skey
Create a new stake address key pair: stake.skey & stake.vkey
###### On air-gapped offline machine,###cardano-clistake-addresskey-gen \--verification-key-filestake.vkey \--signing-key-filestake.skey
Create your stake address from the stake address verification key and store it in stake.addr
###### On air-gapped offline machine,###cardano-clistake-addressbuild \--stake-verification-key-filestake.vkey \--out-filestake.addr \--mainnet
Build a payment address for the payment key payment.vkey which will delegate to the stake address, stake.vkey
###### On air-gapped offline machine,###cardano-cliaddressbuild \--payment-verification-key-filepayment.vkey \--stake-verification-key-filestake.vkey \--out-filepayment.addr \--mainnet
Benefits: Track and control pool rewards from any wallet (Daedalus, Yoroi or any other wallet) that support stakings.
Create a 15-word or 24-word length shelley compatible mnemonic with Daedalus or Yoroi on a offline machine preferred.
Using your online block producer node, download cardano-wallet
###### On block producer node,###cd $NODE_HOMEwget https://github.com/input-output-hk/cardano-wallet/releases/download/v2022-08-16/cardano-wallet-v2022-08-16-linux64.tar.gz
Transfer the cardano-wallet to your air-gapped offline machine via USB key or other removable media.
Extract the wallet files and cleanup.
###### On air-gapped offline machine,###tar-xvfcardano-wallet-v2022-08-16-linux64.tar.gzrmcardano-wallet-v2022-08-16-linux64.tar.gzcdcardano-wallet-v2022-08-16-linux64
CreateextractPoolStakingKeys.sh script.
###### On air-gapped offline machine,###cat>extractPoolStakingKeys.sh<<HERE#!/bin/bash CADDR=\${CADDR:=\$( which cardano-address )}[[ -z "\$CADDR" ]] && ( echo "cardano-address cannot be found, exiting..." >&2 ; exit 127 )CCLI=\${CCLI:=\$( which cardano-cli )}[[ -z "\$CCLI" ]] && ( echo "cardano-cli cannot be found, exiting..." >&2 ; exit 127 )OUT_DIR="\$1"[[ -e "\$OUT_DIR" ]] && { echo "The \"\$OUT_DIR\" is already exist delete and run again." >&2 exit 127} || mkdir -p "\$OUT_DIR" && pushd "\$OUT_DIR" >/dev/nullshiftMNEMONIC="\$*"# Generate the master key from mnemonics and derive the stake account keys # as extended private and public keys (xpub, xprv)echo "\$MNEMONIC" |\"\$CADDR" key from-recovery-phrase Shelley > root.prvcat root.prv |\"\$CADDR" key child 1852H/1815H/0H/2/0 > stake.xprvcat root.prv |\"\$CADDR" key child 1852H/1815H/0H/0/0 > payment.xprvTESTNET=0MAINNET=1NETWORK=\$MAINNETcat payment.xprv |\"\$CADDR" key public --with-chain-code | tee payment.xpub |\"\$CADDR" address payment --network-tag \$NETWORK |\"\$CADDR" address delegation \$(cat stake.xprv | "\$CADDR" key public --with-chain-code | tee stake.xpub) |\tee base.addr_candidate |\"\$CADDR" address inspectecho "Generated from 1852H/1815H/0H/{0,2}/0"cat base.addr_candidateecho# XPrv/XPub conversion to normal private and public key, keep in mind the # keypars are not a valid Ed25519 signing keypairs.TESTNET_MAGIC="--testnet-magic 1097911063"MAINNET_MAGIC="--mainnet"MAGIC="\$MAINNET_MAGIC"SESKEY=\$( cat stake.xprv | bech32 | cut -b -128 )\$( cat stake.xpub | bech32)PESKEY=\$( cat payment.xprv | bech32 | cut -b -128 )\$( cat payment.xpub | bech32)cat << EOF > stake.skey{ "type": "StakeExtendedSigningKeyShelley_ed25519_bip32", "description": "", "cborHex": "5880\$SESKEY"}EOFcat << EOF > payment.skey{ "type": "PaymentExtendedSigningKeyShelley_ed25519_bip32", "description": "Payment Signing Key", "cborHex": "5880\$PESKEY"}EOF"\$CCLI" key verification-key --signing-key-file stake.skey --verification-key-file stake.evkey"\$CCLI" key verification-key --signing-key-file payment.skey --verification-key-file payment.evkey"\$CCLI" key non-extended-key --extended-verification-key-file payment.evkey --verification-key-file payment.vkey"\$CCLI" key non-extended-key --extended-verification-key-file stake.evkey --verification-key-file stake.vkey"\$CCLI" stake-address build --stake-verification-key-file stake.vkey \$MAGIC > stake.addr"\$CCLI" address build --payment-verification-key-file payment.vkey \$MAGIC > payment.addr"\$CCLI" address build \ --payment-verification-key-file payment.vkey \ --stake-verification-key-file stake.vkey \ \$MAGIC > base.addrecho "Important the base.addr and the base.addr_candidate must be the same"diff base.addr base.addr_candidatepopd >/dev/nullHERE
Add permissions and export PATH to use the binaries.
###### On air-gapped offline machine,###chmod+xextractPoolStakingKeys.shexport PATH=$PATH:$(pwd)
Extract your keys. Update the command with your mnemonic phrase.
###### On air-gapped offline machine,###./extractPoolStakingKeys.shextractedPoolKeys/<15|24-wordlengthmnemonic>
Important: The base.addr and the base.addr_candidate must be the same. Review the screen output.
Your new staking keys are in the folder extractedPoolKeys/
Now move payment/stake key pair over to your $NODE_HOME for use with your stake pool.
###### On air-gapped offline machine,###cdextractedPoolKeys/cpstake.vkeystake.skeystake.addrpayment.vkeypayment.skeybase.addr $NODE_HOMEcd $NODE_HOME#Rename to base.addr file to payment.addrmvbase.addrpayment.addr
payment.addr, or also known as base.addr from this extraction script, will be the cardano address which holds your pool's pledge.
Clear the bash history in order to protect your mnemonic phrase and remove the cardano-wallet files.
###### On air-gapped offline machine,###history-c&&history-w
Finally close all your terminal windows and open new ones with zero history.
Awesome. Now you can track your pool rewards in your wallet.
Next step is to fund your payment address.
Copy payment.addr to your hot environment.
Payment address can be funded from your Daedalus / Yoroi wallet.
Run the following to find your payment address.
catpayment.addr
After funding your account, check your payment address balance.
Before continuing, your nodes must be fully synchronized to the blockchain. Otherwise, you won't see your funds.
🔥Critical Backup Advice: Make redundant copies of your payment and staking keys on offline USB keys or other offline data backups. Have a recovery plan in case of corrupted or lost keys.