I am at the point where I need to rotate my KES keys and it seems easiest to do with CNTOOLS > Pool > Rotate. This requires that the cold.skey is in the stake pool folder referenced by CNTOOLS. I am uneasy about copying my cold secure key to the block producing node as, after all, they are to be stored offline in cold storage. I know I can delete it once the KES keys have been updated on the BP node but I was wondering whether I could update the key in CNTOOLS in offline mode and then copy the required files to the BP node before restarting.
There should be a way to generate the new KES keys in a “live linux” OS from bootable USB offline but I know very little about being a SPO …
@Alexd1985 What would you do?
Did u tried to start cntools in offline mode?
- Offline - When CNTools is launched with
-oruntime argument, this launches CNTools with limited set of features. This mode does not require access to cardano-node . It is mainly used to create Wallet/Pool and accessTransaction >> Signto sign an offline transaction file created in Hybrid mode.
There’s always the option to the generation of the operational certificat offline, like for example coinchashew shows it. As long as you do know the current KES period you’ll only need your key files.
I have never used cntools. But if you do the rotation manually, you’ll have to copy the certificate to your node and restart it manually, of course.