Yes, you will need to sign the transaction with all stake skeys
I believe each owner can sign transaction individually, but I have not attempted this. Worst case, I personally see no real danger in requesting the owner to provide their stake keys. From an adversarial perspective, the worst you could do as a malicious actor is either un-delegate their stake or re-delegate to another pool, either of which action would tank your pool pledge. You as the operator with the pool cold keys could disrupt the pool regardless, so therefore I don’t see an issue.
As long as the other owner does not share payment address keys, those funds will be safe.
Just tried it and basically signed the transaction with two stake.skeys where Bob and Alice contribute to pledge:
cardano-cli shelley transaction sign
–tx-body-file tx.raw
–signing-key-file payment.skey
–signing-key-file Alicestake.skey
–signing-key-file Bobstake.skey
–signing-key-file cold.skey
–mainnet
–out-file tx.signed
Hey Frog, how do you create multiple keys for multiple pool owners? Creating multiple keys seems simple enough but how do you associate these multiple keys to my one pool?
I am using coincashew and it provides no guidance on this topic thanks in advance.
How did you go about partially signing the registration? I am in a similar situation but wont be able to get access to the pledge’s payment signing key (So I cannot abuse the funds)
you don’t need the pledge payment signing key - any arbitrary payment address can be use to pay the transaction fees / deposits associated with submitting the transaction
Thanks for your reply frog
I hadn’t thought about another payment address , but what can be done about the stake.skey? Is it critical that this key is cold?
While it’s not best practice to throw stake keys around, the worst a malicious actor could really do is re-delegate your stake (or unregister your stake address) without your permission - meaning you would simply need to move the funds to a new address (hence new stake key) - this could harm the pool, but I don’t see many cases where you would trash your own operation by re-delegating your partners stake keys. If you were to run off and create a separate pool using them all the other party would need to do is send the funds to a new address which would effectively make the stake keys useless.
With that being said, you can sign in counterparts using witnesses assuming the other party is sophisticated enough to use the cli. I don’t have an example offhand but I’m sure I could dig something up if that’s the route you want to go.
Let me know - I will have some time tomorrow to help
Thanks for the explanation that helps alot
If you don’t mind, an example of using a witness would be great thanks. I cant seem to find many resources online explaining this process, so learning how to do so would be super helpful regardless.
Yep - but only if the relevant stake address correlates the rewards address registered for the pool. This would not be the case with a pledge (owner address) that is different than the registered rewards address.
Buy absolutely true otherwise for a regular delegated stake address (non-pool owner address)
When SPO signs the transaction to register the pool, it would use the following parameters (assuming transaction fee and deposite comes from rewards account)
Correct.
Step 4 > You need to sign with the --signing-key-file rewards-payment.skey only if it is the wallet that pays for the tx fees. Otherwise, any other funded wallet paying for the tx fees will be fine as well.
In this process I also created a diagram to illustrate the relationship among all keys, certs and processes. Hope it helps. I will probably write a blog to flesh it out.
Also another thing that is probably worth sharing
I used Daedalus wallet to create 2 accounts. One is delegated to some random pool, while the 2nd one is not.
I used extraction tool to extract stake key and payment key from those 2 accounts and used them as the 2 owners
it turns out I only need to register stake addr for the 2nd account. No need for the first account since it was already registered by Daedalus when I delegated it out for the first time.
I have a couple of more questions regarding this 2-owner setup. Hopefully someone can help out
is rewards account balance counted towards pledge? (probably no since we did not make it as one of the owner account)
is rewards account balance counted towards pool live stake?
I managed to re-delegate one of the owner account to another pool, which seems crazy to me. Is owner account allowed to be re-delegated to some other pool? If so, what is the status the original pool?