Searchโ€ฆ
Rotate KES
It is best to rename the old kes.vkey, kes.skey & node.cert files beforehand. Append the date. I tend to use mv instead of cp. This way I do not start creating copies of files.
You only need kes.skey, node.cert and vrf.skey on your Core node.
Determine KES period by querying current slot number divided by slots per KES period found in genesis file.
Core
1
cd $NODE_HOME
2
slotNo=$(cardano-cli query tip --mainnet | jq -r '.slot')
3
slotsPerKESPeriod=$(cat $NODE_FILES/mainnet-shelley-genesis.json | jq -r '.slotsPerKESPeriod')
4
kesPeriod=$((${slotNo} / ${slotsPerKESPeriod}))
5
startKesPeriod=${kesPeriod}
6
echo startKesPeriod: ${startKesPeriod}
Copied!
Generate a new KES key pair.
Core
1
cardano-cli node key-gen-KES \
2
--verification-key-file kes.vkey \
3
--signing-key-file kes.skey
Copied!
Move kes.vkey to your Cold Offline machine & issue a new node.cert.
Cold Offline
1
cd $NODE_HOME
2
chmod u+rwx $HOME/cold-keys
3
cardano-cli node issue-op-cert \
4
--kes-verification-key-file kes.vkey \
5
--cold-signing-key-file $HOME/cold-keys/node.skey \
6
--operational-certificate-issue-counter $HOME/cold-keys/node.counter \
7
--kes-period <startKesPeriod> \
8
--out-file node.cert
9
chmod a-rwx $HOME/cold-keys
Copied!
The cold.counter in your cold-keys folder keeps track of how many times you have rotated your kes pair.
Move node.cert back to Core & restart the cardano-service.
Core
1
cardano-service restart
Copied!
Last modified 2mo ago
Export as PDF
Copy link