Rotating the genesis delegates

KEY=<N>
ADDR=<to pay fees>
ADDR_SKEY=<path to addr key>
FEE=172937 #see
TTL=1459580
CURRENT_KES_PERIOD=10

backup old keys

for f in keys/delegate-keys/delegate$KEY.{skey,vkey,counter}; do
  mv "$f" "$f.old"
done

Generate new delegate key

cardano-cli shelley genesis key-gen-delegate \
  --signing-key-file keys/delegate-keys/delegate$KEY.skey \
  --verification-key-file keys/delegate-keys/delegate$KEY.vkey \
  --operational-certificate-issue-counter-file keys/delegate-keys/delegate$KEY.counter

Register new delegate key

Create delegation certificate

cardano-cli shelley governance create-genesis-key-delegation-certificate \
  --genesis-delegate-verification-key-file keys/delegate-keys/delegate$KEY.vkey \
  --genesis-verification-key-file keys/genesis-keys/genesis$KEY.vkey \
  --vrf-verification-key-file keys/delegate-keys/delegate$KEY.vrf.vkey \
  --out-file delegate$KEY-key-rotate.cert

Build transaction

ADDR_AMMOUNT=$(cardano-cli shelley query utxo --address $ADDR --mainnet | awk '{if(NR==3) print $3}')
UTXO=$(cardano-cli shelley query utxo --address $ADDR --mainnet | awk '{if(NR==3) print $1 "#" $2}')

cardano-cli shelley transaction build-raw --ttl $TTL --fee $FEE \
  --certificate-file delegate$KEY-key-rotate.cert \
  --tx-in $UTXO --tx-out $ADDR+$(($ADDR_AMMOUNT-$FEE))
  --out-file delegate$KEY-key-rotate.tx

Sign transaction

cardano-cli shelley transaction sign \
  --tx-body-file delegate$KEY-key-rotate.tx \
  --signing-key-file keys/genesis-keys/genesis$KEY.skey \
  --signing-key-file $ADDR_SKEY \
  --out-file delegate$KEY-key-rotate.tx

Submit transaction

cardano-cli shelley transaction submit --mainnet --tx-file delegate$KEY-key-rotate.tx.signed

The new keys will be effective after the stabilityWindow (3k/f slots) elapsed.

Redeploy delegate node with new delegation credential

Disable usage of BFT mode delegate keys (if they were in use):

mv keys/delegation-cert.00$KEY.json keys/delegation-cert.00$KEY.json.bak
mv keys/delegation-cert.00$KEY.json keys/delegation-cert.00$KEY.json.bak

Generate new KES key and op certificate for the delegate node:

cardano-cli shelley node key-gen-KES \
  --verification-key-file keys/node-keys/node-kes$KEY.vkey \
  --signing-key-file keys/node-keys/node-kes$KEY.skey

cardano-cli shelley node issue-op-cert \
  --hot-kes-verification-key-file keys/node-keys/node-kes$KEY.vkey \
  --cold-signing-key-file keys/delegate-keys/delegate$KEY.skey \
  --operational-certificate-issue-counter keys/delegate-keys/delegate$KEY.counter \
  --kes-period $CURRENT_KES_PERIOD \
  --out-file keys/node-keys/node$KEY.opcert

# (or use new-KES-keys-at-period $CURRENT_KES_PERIOD)

Redeploy node with new keys after (3k/f slots) elapsed.

eg.

nixops deploy bft-a-1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Rotating the genesis delegates

backup old keys

Generate new delegate key

Register new delegate key

Create delegation certificate

Build transaction

Sign transaction

Submit transaction

Redeploy delegate node with new delegation credential

Disable usage of BFT mode delegate keys (if they were in use):

Generate new KES key and op certificate for the delegate node:

Redeploy node with new keys after (3k/f slots) elapsed.

Clone this wiki locally