#!/bin/bash
# FnF Exercise 3
# 1. KES Mechanism (for rotating operational cert)
# - Generate the cold (offline) key pair that is used to evolve the operational certs (using new hot KES keys periodicaly).
# - Generate the hot KES (offline/online) key pair for generating the cert.
# - Generate the operational cert (offline) based on the evolved KES and VRF key.
#
# 2. Generate VRF key pair for leader selection
#
# 3. Run stake pool that is using the
# - KES (hot/online) signing key
# - Operational certificate (created offline /w cold and hot KES key)
# - VRF (block) signing key
# 1.1 (OFFLINE) Create cold key pair
##########################################
cd /opt/cardano/fnf/
mkdir ~/cold-keys
pushd ~/cold-keys
cardano-cli shelley node key-gen \
--verification-key-file cold.vkey \
--signing-key-file cold.skey \
--operational-certificate-issue-counter coldcounter
popd
# 1.2 (OFFLINE) Generate the hot KES keypair
cardano-cli shelley node key-gen-KES --verification-key-file priv/kes.vkey --signing-key-file priv/kes.skey
# 1.3 (OFFLINE) Generate the ops cert based on the cold key and the periodic new hot KES keys
# New periodic cert is based on the rotating hot KES key and a static cold-key.
# kes-period tells how long the ops cert therefrore the hot KES keys are valid
#
cardano-cli shelley node issue-op-cert \
--cold-signing-key-file ~/cold-keys/cold.skey \
--operational-certificate-issue-counter ~/cold-keys/coldcounter \
--hot-kes-verification-key-file priv/kes.vkey \
--kes-period 0 \
--out-file priv/op.cert
# 1.4 When you need a new cert then generate some new KES hot keypair and create a cert from the
# cold and the new hot KES key.
# $ chmod u-rwx ~/cold-keys
# $ cardano-cli shelley node issue-op-cert ...
# $ chmod a-rwx ~/cold-keys
# 2. Generate VRF key pair for leader selection
#########################################################
cardano-cli shelley node key-gen-VRF --verification-key-file priv/vrf.vkey --signing-key-file priv/vrf.skey
# 3. Run node /w these new keys generated
#########################################################
# Copy over the hot KES key, the ops cert (VRF) to the pool's server.
cardano-node run \
--config files/config.json \
--topology files/topology.json \
--database-path db \
--socket-path sockets/nodes.socket \
--shelley-kes-key priv/kes.skey \
--shelley-vrf-key priv/vrf.skey \
--shelley-operational-certificate priv/op.cert \
--port 6000
Last active
May 22, 2020 06:15
-
-
Save ilap/c18c72e173e4e1787f5b5597d01b5c19 to your computer and use it in GitHub Desktop.
Shelley FnF Exercise 3
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment