I’m currently setting up a stake pool with several people pledging. For this purpose it requires the stake.vkey keys of every pledger. What I’m trying to achieve is to help some of my non-tech fellows not to loose access to their addresses. Of course they could safely store their associated payment.skey, but I am curious if it would be possible to somehow just store the recovery phrase to retain access. Now as it seems it isn’t feazible to extract this stake.vkey key from a daedalus wallet.
So I came up with two approaches to reach this goal, but both won’t really work out. Probably I’m missing out some basic point to grasp the full picture — I’d be very grateful for any clarification!
The first approach would be to generate the keys and addresses with cardano-cli and then somehow import them into a wallet with cardano-wallet. Then I could simply create a wallet with a recovery phrase, import the address into this wallet, and recover it through the recovery phrase at any given time. But it seems as if the cardano-wallet import functionality isn’t actually dedicated to fulfill this purpose. So the question regarding this attempt: Is it somehow possible to import addresses into wallets to “link” them with a recovery phrase?
The second approach would be to create a wallet with cardano-wallet and export the necessary keys. I understand with cardano-wallet it is possible to derive keys from the recovery phrase. So far I identified the commands cardano-wallet key from-recovery-phrase Shelley to retrieve the root key from a given recovery phrase and subsequently one can use cardano-wallet key child 1852H/1815H/0H/2/0 to get some stake key from the root key. How do I proceed to get the desired stake.vkey? And if you have some knowledge about how this deriving works or maybe got some useful link as further information I’d be happy to read about it.
I’m also happy for any partial answer as any information brings me forward finding some new paths to the solution. Currently it seems to me as if I have tried out anything possible and I’m somehow moving in a circle. Thanks a lot in advance for your help!!
Not very clear what your question is, and I seriously hope you’re not asking folks to share their stake key with you. The specs clearly spell out the requirement of trust between pledgers and operators, but even if you go down the path to just allow folks to pledge without enough trust factor involved, even then you should still NEVER be getting hold of user stake keys, but instead allow them to sign / authorize your transaction. Folks have already lost funds and broken partnerships after initial glitter going down this path, and I seriously dont intend to help any light trusted co-pledger businesses.
If your question is can recovery phrase be generated from an address? No
Is it possible to create stake.vkey from recovery phrase? Yes, once you generate root private key from recovery phrase, you can simply drilldown to the stake key (as per your example). But note that you would be generating a private key from those command for that path. Using cardano-address key public you can derive public key fpr the mentioned private key. Once you have the private / public keys it’s a matter of bech32 encoding the keys to convert into stake signing key, and use cardano-cli to derive the verification key.
First of all, thanks for your reply! I definitely see your point. But I thought one had to provide all stake.vkey files for creating the pool registration certification file? Or am I wrong there?
The people pledging to the pool are very close to me and I do not intend to harm them at all and therefore wish to take any measures necessary to protect their funds. Nevertheless, I thought the posession of stake.vkey would only allow for certifying the staking? Wouldn’t you need the private payment key for actually moving credits?
About deriving the stake.vkey that’s probably the point I don’t really get yet. How exactly can I encode (or learn about it) the keys to a stake signing key? Does cardano-wallet or some cardano tool provide the funcationality to get the right format or would it require some other script?
No, you only need transaction to be signed, you should NOT , in any condition be having control of other’s keys.
Sure public keys are fine
As mentioned earlier, you beed to use cardano-address instead. I will link the script from ilap as he was the first one to show the way back in the days , while slightly outdated , look at the example of how xprv and xpub are combined to generate CBOR for signing key, and then how CLI
is used to generate verification keys
@rdlrt, thanks for the pointers. I’m still a bit confused:
Makes perfect sense that I should never have other users’ private keys. However: is stake.vkey a public key or a private key? I had assumed that stake.skey (the stake signing key) would be the private key.
I became uncertain after you responded to GiantDole’s question:
As I heard it, you were both saying that we should never have control of stake.vkey files, and that stake.vkey is a public key and therefore fine (what you said in your screenshot). But it’s all clear now!