Let's talk about keys

Pioneers, let’s make a “Keys 101” thread for the next group of pioneers. Here’s what I have:

Payment keys

– Name-prefix: (arbitrary) e.g. “addr” or “payment”
– Type: PaymentSigningKeyShelley (.skey)
– Type: PaymentVerificationKeyShelley (.vkey)
– How used: create payment (utxo) addresses; send/receive funds

KES (“hot”) keys

– Name-prefix: “kes”
– Type: TPraosStandardCrypto
– How used: Create node operational certificate, e.g. “opcert”
– How used: Sign blocks (pass kes.skey as argument when starting node as a stake-pool)

Node operator (“cold”) keys

– Name-prefix: “cold”
– Type: Node operator signing key (.skey)
– Type: Node operator verification key (.vkey)
– How used: Create delegation certificate (pass cold.vkey as argument)

VRF keys

– Name-prefix: “vrf”
– Type: SignKeyVRF SimpleVRF (.skey)
– Type: VerKeyVRF SimpleVRF (.vkey)
– How used: Sign blocks (pass vrf.skey as argument when starting node as a stake-pool)


a good initiative, and something I effectively wanted to understand better, because the given exercises and doco’s miss a bit the what & why

Fortunately @_ilap put suite some efforts into this overview, explaining keys and certificates


Yeh, but it contains errors, what I will clean up soon. I mean I have already started it but needs more time to clean it properly after I can submit a PR .

1 Like

my naming scheme is currently:

Simple "enterprise" address to receive/send funds:
name.addr, name.vkey, name.skey

Payment(Base)/Staking address combo:
name.payment.addr, name.payment.skey/vkey, name.deleg.cert
name.staking.addr, name.staking.skey/vkey, name.staking.cert

Node/Pool files:
poolname.node.skey/vkey, poolname.node.counter, poolname.pool.cert, poolname.pool.dereg-cert, poolname.pool.json
poolname.kes-xxx.skey/vkey, poolname.node-xxx.opcert (xxx increments with each KES generation = poolname.kes.counter)
poolname.kes.counter, poolname.kes-expire.json

That way it is easy to sort what keys and addresses are for what “name”. And scripts can be called with just the name.

if you wanna list all keys and addresses for a name just do a “ls name*” same if you wanna delete all files related to a name “rm name*”. or list all addresses “ls *.addr”


I followed this structure when setting up my node for exactly the easier listing reasons. however the downside is you can’t follow the exercises 1:1, which on the other hand is a good exercise itself :wink:

really like this scheme…

Here is my current understandin of keys/addresses (based on ILAPS great guide and just added comments to it)

1 Like