Public / Private key pairs

Ok, I have to ask a really silly question.

After SPO-videos and guides people always talk about securing the cold-keys. (Plural)
I have these stored offline, however are these keys a typical public/private keypair, such that the s(igning) key is the only one that really needs to be offline, or are they both “private” in that sense?

This would make creating a new pool-registration cert easier, as the cold.vkey could be stored on a node that has the ability to use cardano-cli. The TX could be transferred to an airgapped computer to be signed by the respective skey(s).

Any clarification would be appreciated :smiley:


I don’t really understand that value-add gain under this premise, as you would still need to transfer your pool cert to your airgapped machine to sign the transaction - seems a bit counterintuitive

I just gather my utxo data, move it to the cold machine, build and sign, and move the tx.signed files back to the hot node for submission

The value added is me not having to move 4 lines of code :sweat_smile:
My scripts prepare the transaction in its entirety with cardano_cli, and only the signing takes place offline. I was under the assumption that some of those calls needed the CARDANO_NODE_SOCKET_PATH= set, but if they don’t they too can be done offline/cold :slightly_smiling_face: