Pool KES update



(on core) check current KES period by one or both these methods:

1) cardano-cli query tip --mainnet | jq .slot
-- divide by 129600 and drop the fraction
-- be careful of timing if this fraction is close to zero on either side

2) curl -s | grep currentKESPeriod

Then substitute this period for XXX in Template expression below.


This example rotates updates the key from the third KES period into the fourth KES period (if you're cautious like us & like to save the old keys, to compare them in case of trouble).

  • Be sure to look for those numbers & edit carefully by hand before running this... and make sure to substitute the current KES key for XXX below, as well as the period numbers if you're using them.
cardano-cli node key-gen-KES \
--verification-key-file low/kes.04.vkey \
--signing-key-file high/kes.04.skey

cp -p low/cold.03.counter low/cold.04.counter

cardano-cli node issue-op-cert \
--kes-verification-key-file low/kes.04.vkey \
--cold-signing-key-file high/cold.skey \
--operational-certificate-issue-counter low/cold.04.counter \
--kes-period XXX \
--out-file high/node.04.cert

(optional; to be sure counter was actually updated)
diff low/cold.03.counter low/cold.04.counter
# cbor's are IDENTICAL except for their 4th digit
# ... so don't compare by looks

# file all new keys in the low & high security archive files.

new op cert (e.g. node.04.cert)
new KES key (e.g. kes.04.skey)
... in an encrypted file with lightweight password
... i.e. a password you don't mind entering on your BP.

save this temp file to your host machine.
on reboot, upload that file to your BP, extract & install.
Last updated: