Skip to content

Instantly share code, notes, and snippets.

@ilap

ilap/fnf_exc3.md

Last active May 22, 2020 06:15
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ilap/c18c72e173e4e1787f5b5597d01b5c19 to your computer and use it in GitHub Desktop.
Save ilap/c18c72e173e4e1787f5b5597d01b5c19 to your computer and use it in GitHub Desktop.
Download ZIP
Shelley FnF Exercise 3
Raw
fnf_exc3.md

Shelley Stakepool Pioneers Exercise Sheet 3

#!/bin/bash

# FnF Exercise 3
# 1. KES Mechanism (for rotating operational cert)
# - Generate the cold (offline) key pair that is used to evolve the operational certs (using new hot KES keys periodicaly).
# - Generate the hot KES (offline/online) key pair for generating the cert.
# - Generate the operational cert (offline) based on the evolved KES and VRF key.
#
# 2. Generate VRF key pair for leader selection
#
# 3. Run stake pool that is using the
#   - KES (hot/online) signing key
#   - Operational certificate (created offline /w cold and hot KES key)
#   - VRF (block) signing key

# 1.1 (OFFLINE) Create cold key pair
##########################################
cd /opt/cardano/fnf/
mkdir ~/cold-keys
pushd ~/cold-keys

cardano-cli shelley node key-gen \
    --verification-key-file cold.vkey \
    --signing-key-file cold.skey \
    --operational-certificate-issue-counter coldcounter

popd

# 1.2 (OFFLINE) Generate the hot KES keypair 
cardano-cli shelley node key-gen-KES --verification-key-file priv/kes.vkey --signing-key-file priv/kes.skey

# 1.3 (OFFLINE) Generate the ops cert based on the cold key and the periodic new hot KES keys
# New periodic cert is based on the rotating hot KES key and a static cold-key.
# kes-period tells how long the ops cert therefrore the hot KES keys are valid
#
cardano-cli shelley node issue-op-cert \
    --cold-signing-key-file ~/cold-keys/cold.skey \
    --operational-certificate-issue-counter ~/cold-keys/coldcounter \
    --hot-kes-verification-key-file priv/kes.vkey \
    --kes-period 0 \
    --out-file priv/op.cert

# 1.4 When you need a new cert then  generate some new KES hot keypair and create a cert from the 
# cold and the new hot KES key.
# $  chmod u-rwx ~/cold-keys
# $  cardano-cli shelley node issue-op-cert ...
# $  chmod a-rwx ~/cold-keys

# 2. Generate VRF key pair for leader selection
#########################################################
cardano-cli shelley node key-gen-VRF --verification-key-file priv/vrf.vkey --signing-key-file priv/vrf.skey


# 3. Run node /w these new keys generated
#########################################################
# Copy over the hot KES key, the ops cert (VRF) to the pool's server.
cardano-node run \
  --config                          files/config.json \
  --topology                        files/topology.json \
  --database-path                   db \
  --socket-path                     sockets/nodes.socket \
  --shelley-kes-key                 priv/kes.skey \
  --shelley-vrf-key                 priv/vrf.skey \
  --shelley-operational-certificate priv/op.cert \
  --port                            6000
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment