Setting up an Air Gap Core Node

MorganH · 9 September 2020 14:12

Hi!

I’m setting up an air gap core node. I’d like to make sure I understood it correctly. Would appreciate any feedback I could get. Thanks!

The Cold + KES keys can be generated directly from the air gap core node.
The Air Gap Core Node would have the same Payment + Stake keys as the relay node.
The Stake Pool Registration Certificate + Delegation Certificate can be generated directly from the air gap core node.

If the above 3 points are correct, I presume the Delegation Certificate would be transferred to the hot code node to build the transaction and then the tx.raw file would be transferred back to the air gap core node to sign before transferring it back to the hot core node to submit.

Hope I understood the process correctly?

Thank you!

ADAfrog · 9 September 2020 18:22

Hi Morgan,

Remove your payment and stake keys from all hot nodes (make sure you have them backed up). The entire transaction process, with the exception of submitting the signed transaction file, can be performed offline on your cold node. Build and sign cold => move to hot to submit the tx.signed. To prepare for this, simply bring the necessary utxo query information for the payment address over to the cold machine.

You will need to transfer over kes.skey, vrf.skey and the pool opcert to run your block production node - that’s it.

Also, there should be no keys whatsoever on your relay nodes.

Psychomb · 9 September 2020 19:22

Which leads to an interesting operational conundrum : how to output from the cold machine without plugging anything (e.g. USB stick) that has seen a hot machine before ?

It pushes the paranoia a bit, but imagine an infected USB stick used to go back and forth from the cold machine. How long will it take from the secrets to leak out ?

ADAfrog · 10 September 2020 01:33

This is a great point - I would even be so paranoid as to not trust my own perception as to whether or not a USB stick has ever been hot (bugged out of the box)
I shred my local cold files as precaution after signing and before bringing a stick over to pull files, but it still is a potential attack vector.

hanswurst · 10 September 2020 05:23

It sounds strange and old fashioned: I use an external CD/DVD burner for this. If have quite some blank CD-Rs laying around and finally got some use for them .

Another way could be printing the tx.signed in large font size and scan + OCR the result on the hot machine

Just note: There is no absolute security!

MorganH · 10 September 2020 06:03

Community being awesome in on-boarding new stake operators as always!
Should be encouraging and motivating for anyone reading this… Thanks guys.

Topic		Replies	Views
Cold & Private Keys within CNTools Operate a Stake Pool	13	1339	18 May 2023
Generating and moving keys between block producer and air-gapped machine Operate a Stake Pool	2	507	21 May 2021
Generating cold keys before fully sync? Stake Pool Security	4	414	20 February 2021
Public / Private key pairs Operate a Stake Pool	2	397	18 August 2020
Stake Pool Security Stake Pool Security stake-pools , stakepool	8	1097	10 August 2020

Setting up an Air Gap Core Node

Related Topics