A 32GB drive is more than enough for all the cardano-cli based tools you’d need to run a stake pool, even if you’re compiling the node in the USB environment itself… that’s for the “cold” version of the Frankenwallet.
I also have a “cool” Frankenwallet (not quite “cold”) that needs Internet access to support Daedalus and its contained cardano-node, on a 128GB mem stick. At the rate the Cardano chain is growing (about 1GB per week, currently 36GB) this size should be good to support the node wallet for another year.
You should be able to follow the documentation OK if you have some experience installing Linux in a dual-booting environment with Windows: to better understand things like GRUB, UEFI, and BIOS settings.
It’s a “try at your own risk” proposition but you could always install the USB environment on your spare machine if you’re worried about messing up your main host… keeping in mind the differences between old MBR based booting and new UEFI style booting
Yes its been a while since I did bootable Linux hopefully it will be ok to get back on that bike so to speak, thanks for these details, seems a viable option. Some one else suggested I just copy cardano-cli from bin folder which may save a bit of time too.
Thanks Again looks like low stock here in the UK for Rasberry Pi quite interested to explore the Franken wallet which I gather could be used with any offline device
One obvious question how do you transfer the keys from Air gap to your Producer or Relay as in is this method only applicable if you have access to bare metal. Otherwise to send through another touch point would negate its value. Just wondering whats the done thing here ?
One thing we always do with the Frankenwallet… which could be done just as easily on a conventional air-gapped host… is encrypt the key files before transferring them out of the air gap, as described here (this page still needs to be filled out with more command-line examples):
TL;DR You can use the command line program 7z to encrypt your keys and then copy them (or save them, if using the Frankenwallet) to your host machine… there’s no risk saving the keys there if they’re encrypted with a strong enough password. Then transfer (SSH, FTP, etc.) the file to your Cardano node and decrypt the key folder with 7z at the server command line.
To get 7z with AES encryption: on Ubuntu for instance, on either client or server, install these packages:
The only one of the above that needs to be stored on the server… specifically, your block producer… is kes.skey. The kes key pair is also used to generated the node.cert file (your operational certificate) so generally they’ll be transferred to the server together about every 3 months when you need to update your KES certificate. You’ll also need to transfer your vrf.skey … so that’s 3 files in all you have to transfer from your air gap machine to the block producer.
You have to be most careful with the “private key” files ending in .skey which are used to prove ownership of your funds and pool resources. This page includes a complete list of those files & some precautions for transferring & backing them up:
There are different ways to implement an air gap, so different methods will mean different things by “storage.” For a conventional air gap machine, the memory stick is the storage for your isolated computer… while in the Frankenwallet, the OS is running on the memory stick and the host computer is its storage (see link above What’s unique about it?)
And yes, having the host computer available as an “external” drive of your memory-stick-based OS will allow you to save Tx files on the host computer drive, then upload them to your live Cardano node once your host is rebooted as normal.
yes… when you boot from a USB-based Linux OS you’ll see all the native computer’s disk filesystems, no matter what type they are (generally ext4 on Linux, NTFS / FAT / exFAT on Windows) as mountable drives in the file manager (Nautilus, Nemo, Thunar, etc… all have mountable disk partitions listed in the left column).
I don’t have every possible workflow tip in the Frankenwallet pages currently, but what I do is mount the /home partition from my Linux machine & then bookmark the place where I keep all my files (what the Frankenwallet docs call a “host folder”). On a Windows machine you might do the same thing to bookmark a subfolder of My Documents where you keep all your signed Tx files, encrypted pool file archives, etc.
My recommendation would be to have your air-gapped online while setting it up, upto the point just before generating your keys. Then disconnect it and never connect it again.
By the way I did post a few questions in the Telegram group got a few responses not the answer yet to the port 6000 issue, I can attempt to post again.
