So, on the Core-BP node will only contain: /priv/wallet/pool_name/
kes.start
op.cert
vrf.skey
What about the wallet? I plan on signing all transactions from the cold environment, so I would need to keep “payment.skey” and “stake.skey” OFF of the live Core-BP node, right?
If this is the case then the live Core-BP node will contain the following: /priv/wallet/wallet_name/:
base.addr
payment.addr
reward.addr
stake.vkey
payment.vkey
Let me know if I have this right.
(I apologize for the amateur question…I’m just triple-confirming before going live.)
Question: I just realized within CNTools, you can Encrypt/Decrypt the payment.skey &stake.skey files…is this the way to go without needing to create transactions from an air-gapped machine?
I’m just looking for clarity…how is everyone signing transactions?
Assuming I’ve adapted the security measures:
disabling root
incorporating google authenticator wherever possible
For fail2ban I configured jail.local and edited it… now it’s working fine (ban all attempts after 3 fails)
With wallet/pool encrypt/decrypt option you will increase your security (will encrypt some files from wallet and pool folder (you will see with .gpg extension). Then you must to decrypt them in order to make transactions or pool modifications). And offcourse remove your cold keys from the server!
The backup and Restore functionality of CNTools allows you to delete keys after backing up, so that you dont manually go around accidentally moving file you dont need to.
(PS: CNTools also offers offline transaction creation mode for air gapped machines - refer to docs for workflow if interested)
So I made the miastake of choosing delete private keys while backing up thinking it was removing them from the backup not the actual disk… Have I lost access to my wallet? I cant find the private keys anywhere. I thought I was backing things up.
Deleting keys will only be actioned after you have done a backup, not before. If they’re deleted, it means you’ve already backed up the keys (hence, it was deleted as per recommended practice). You can restore the back up if you want to access your keys again.
This specifically says choosing delete private keys while backing up, which is also what menu reads in CNTools. For some reason he thought the keys are being deleted from backup, while the flow is , backup the files and delete from live server (so that keys are not present on a server exposed to internet). The behaviour from CNTools was as documented, what’s possibly missed is that he needs to restore the backup to restore keys again
Thanks all. I restored backup and keys are there… the messaging around that is confusing. The documentation says backup w / o keys… so I got a bit confused. I have restored the backup and got my keys back. Whew thanks for your help. Now I understand what’s going on.
