I have a cold environment and I have moved files back and forth for the signing and other things needed with usb, it has no internet connection.
My question is if the cold environment is just a copy of your cardano-cli file, cant a hacker on your block producer just compile everything they need there from scratch?
If you had to say 1 file that is the most important to protect which one is it? (not saying I’m not protecting them all, just want to understand the importance)
The most important is payment.skey
It gives u access to the wallet funds
also cold keys should be removed from the server
all my cold keys are on my cold server, on a encrypted linux install, that is also encrypted in virtual box, with no internet/ssh access that is blocked.
“My question is if the cold environment is just a copy of your cardano-cli file, cant a hacker on your block producer just compile everything they need there from scratch?” Or I am guessing the payment.skey is a 1 time thing right?
The one file that you want to protect is the mnemonic to your HW wallet. Then with your Ledger you can generate payment/stake verification keys and won’t have to handle any *.skey on the cmd line anymore. To access your ADA, the attacker must be able to press the buttons on your device.
Having said that, the pool verification key cannot be handled by HW wallet (I think). So an attacker that could get hold of those keys could still deregister your pool and run away with the 500 ADA pool deposit.
For HW wallet integration, have a look at this.
Thanks for the information, is the pool verification key = stake.vkey?
I dont have a hardware wallet but I will look into one.
These are the pool keys
cardano/keys/pool/cold.counter
cardano/keys/pool/cold.skey
cardano/keys/pool/cold.vkey
cardano/keys/pool/kes.skey
cardano/keys/pool/kes.vkey
cardano/keys/pool/node.cert
cardano/keys/pool/vrf.skey
cardano/keys/pool/vrf.vkey
stake.vkey is the stake verification key from one of the owners
@Anti.biz, yes, please get one. I’ve seen so many posts from people who lost their coin because they naively gave their mnemonic to some piece of software or were hacked otherwise.
Whats there to steal the pool pledge? I’m still figuring out how to send my pledge, my server is configured for a certain amount of pledge that I am waiting to get on friday.
How does a hardware wallet work? I don’t actually get how it works with the pool. Since the payment.skey isnt a 24 word seed.
What is exactly is a ledger or trezor storing?
Ledger is storing your private key that can be used to sign/witness Tx.
Instead of
cardano-cli transaction witness ...
you would do
cardano-hw-cli transaction witness ...
this will then display messages on your device, which you’ll have to ack.
Similar with Daedalus, Yoroi, and ADALite - you don’t have those wallets generate your private key (encoded in the 24-words). Instead you connect your Ledger to those wallets. Without that connection those wallets cannot do anything even in the unlikely case that they got hacked somehow.
In short, every piece of information that wants to do stuff on the blockchain needs to get send to the device first where you can then review the information and approve/deny it. These steps would otherwise be handled by the above mentioned wallets internally, because you have given full control to them.
Does Trezor do the same as Ledger or only Ledger?
I can’t comment on Trezor, I never had one. It probably is a good device too 
Ok well his is an interesting twist,
So I had a similar setup to you,
I had my Airgapped machine and VM hard drives encrypted and safe, Never the less i missed an update for 3 months on my NAS which stored the VM hard drive for the airgapped machine,
Now i have full access to the BP as the harddrive is stored on my ESXi server it self.
Although not updating my NAS, well we can all guess what happened there, how? i will never know, but ransomware hit the NAS and i lost access to my VMHD for the airgapped machine.
Now i have looked in case I was lazy and kept a payment key on my BP, I did not.
Is there any known ways to generate a new one from the BP? or is the BP pledge as good as gone.
I noticed, i still have most of the files mentioned above, just not the Cold.* files or Payment.skey.