From 821f7cc8ee9f3af213ca68871510e6f546ff8cca Mon Sep 17 00:00:00 2001 From: Jack Chan Date: Sun, 14 Jun 2020 19:25:11 -0700 Subject: [PATCH 1/2] Update node-op-cert.md Removing inconsistencies and updating names of certs using long running naming conventions --- node-setup/node-op-cert.md | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/node-setup/node-op-cert.md b/node-setup/node-op-cert.md index 169085e..72010df 100644 --- a/node-setup/node-op-cert.md +++ b/node-setup/node-op-cert.md @@ -17,11 +17,11 @@ In this tutorial we will see how to generate those keys and the certificate and To create such a key pair (on our offline computer), we type cardano-cli shelley node key-gen \ - --cold-verification-key-file node.vkey \ - --cold-signing-key-file node.skey \ - --operational-certificate-issue-counter node.counter + --cold-verification-key-file cold.vkey \ + --cold-signing-key-file cold.skey \ + --operational-certificate-issue-counter issue-counter.cert - This will create three files (which we named `node.vkey`, `node.skey` and `node.counter` here, but you can choose those names freely), + This will create three files (which we named `cold.vkey`, `cold.skey` and `issue-counter.cert` here, but you can choose those names freely), one for the (public) verification key, one for the (private) signing key and one for the "operational certificate counter". The counter will keep track of the number of certificates you have issued, so that each certificate can get the correct "serial number". @@ -46,10 +46,10 @@ In this tutorial we will see how to generate those keys and the certificate and We create a fresh KES key pair as follows: cardano-cli shelley node key-gen-KES \ - --verification-key-file kes001.vkey \ - --signing-key-file kes001.skey + --verification-key-file kes.vkey \ + --signing-key-file kes.skey - This will save the verification key to `kes001.vkey` and the signing key to `kes001.skey`. + This will save the verification key to `kes.vkey` and the signing key to `kes.skey`. You can of course choose different names for those files if you like. 4. Now we can create an operational node certificate: @@ -73,13 +73,13 @@ With this information we can generate our opertional certificate: cardano-cli shelley node issue-op-cert \ --kes-verification-key-file kes.vkey \ --cold-signing-key-file cold.skey \ - --operational-certificate-issue-counter coldcounter \ + --operational-certificate-issue-counter issue-counter.cert \ --kes-period 120 \ - --out-file node001.cert + --out-file shelley-op.cert - This will create a certificate and save it to file `node001.cert`. - It will update the "serial number" saved in the previously generated `node.counter`, + This will create a certificate and save it to file `shelley-op.cert`. + It will update the "serial number" saved in the previously generated `issue-counter.cert`, and it will link our secure "cold" key to the operational "hot" KES key. 5. After all this work, we can move the KES- and VRF- keys and the certificate to the computer running our node and start the node as follows: @@ -90,9 +90,9 @@ With this information we can generate our opertional certificate: --socket-path ... \ --port ... --config ... \ - --shelley-kes-key kes001.skey \ + --shelley-kes-key kes.skey \ --shelley-vrf-key vrf.skey \ - --shelley-operational-certificate node001.cert + --shelley-operational-certificate shelley-op.cert The first parameters are all as [before](ekg.md), only the last three are new: We pass the VRF- and KES-signing keys and the certificate to the node. From 78856deea9d1e353f5761e3e1bf0ca92437cb38c Mon Sep 17 00:00:00 2001 From: Jack Chan Date: Mon, 15 Jun 2020 22:39:48 -0700 Subject: [PATCH 2/2] Update node-op-cert.md --- node-setup/node-op-cert.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/node-setup/node-op-cert.md b/node-setup/node-op-cert.md index 72010df..4b5c705 100644 --- a/node-setup/node-op-cert.md +++ b/node-setup/node-op-cert.md @@ -17,11 +17,11 @@ In this tutorial we will see how to generate those keys and the certificate and To create such a key pair (on our offline computer), we type cardano-cli shelley node key-gen \ - --cold-verification-key-file cold.vkey \ - --cold-signing-key-file cold.skey \ + --cold-verification-key-file node.vkey \ + --cold-signing-key-file node.skey \ --operational-certificate-issue-counter issue-counter.cert - This will create three files (which we named `cold.vkey`, `cold.skey` and `issue-counter.cert` here, but you can choose those names freely), + This will create three files (which we named `node.vkey`, `node.skey` and `issue-counter.cert` here, but you can choose those names freely), one for the (public) verification key, one for the (private) signing key and one for the "operational certificate counter". The counter will keep track of the number of certificates you have issued, so that each certificate can get the correct "serial number". @@ -72,7 +72,7 @@ With this information we can generate our opertional certificate: cardano-cli shelley node issue-op-cert \ --kes-verification-key-file kes.vkey \ - --cold-signing-key-file cold.skey \ + --cold-signing-key-file node.skey \ --operational-certificate-issue-counter issue-counter.cert \ --kes-period 120 \ --out-file shelley-op.cert