Generating Keys for the Block-producing Node
The block-producer node requires you to create 3 keys as defined in the Shelley ledger specs:
stake pool cold key (node.cert)
stake pool hot key (kes.skey)
stake pool VRF key (vrf.skey)
First, make a KES key pair.
KES (key evolving signature) keys are created to secure your stake pool against hackers who might compromise your keys.
On mainnet, you will need to regenerate the KES key every 90 days.
🔥 Cold keys must be generated and stored on your air-gapped offline machine. The cold keys are the files stored in $HOME/cold-keys.
Make a directory to store your cold keys
Make a set of cold keys and create the cold counter file.
Be sure to back up your all your keys to another secure storage device. Make multiple copies.
Determine the number of slots per KES period from the genesis file.
Before continuing, your node must be fully synchronized to the blockchain. Otherwise, you won't calculate the latest KES period. Your node is synchronized when the epoch and slot# is equal to that found on a block explorer such as https://pooltool.io/
Find the kesPeriod by dividing the slot tip number by the slotsPerKESPeriod.
With this calculation, you can generate a operational certificate for your pool.
Copy kes.vkey to your cold environment.
Change the <startKesPeriod> value accordingly.
Your stake pool requires an operational certificate to verify that the pool has the authority to run. For more details on operational certificates, see the topic Issuing a New Operational Certificate.
Copy node.cert to your hot environment.
Make a VRF key pair.
Update vrf key permissions to read-only. You must also copy vrf.vkey to your cold environment.
Stop your stake pool by running the following:
Update your startup script with the new KES, VRF and Operation Certificate.
To operate a stake pool, you need the KES, VRF key and Operational Certificate. Cold keys generate new operational certificates periodically.
Now start your block producer node.