Generate private keys
Overview
Each validator node requires private keys for signing blocks and consensus messages sent to the other validators in the network.
The required private keys include a BLS key and an ECDSA key. The keys are named after digital signature schemes: Elliptic Curve Digital Signature Algorithm (ECDSA) and Boneh–Lynn–Shacham (BLS), respectively.
- The BLS key is used for producing finality votes. Validators who produce finality votes receive a reward.
- The ECDSA key is used for signing blocks.
Generate a BLS key
You can generate a BLS key pair using the Ronin CLI or your node's Docker image.
Generate using the CLI
-
Build Ronin from the source code:
$ git clone https://github.com/axieinfinity/ronin
$ cd ronin
$ make ronin -
Add
./build/bin/ronin
to the$PATH
environment variable. You can do this by adding the following line to your$HOME/.profile
or/etc/profile
(for a system-wide installation):export PATH=$PATH:/path/to/ronin
If run from the
ronin
directory, then the command is as follows:export PATH=$PATH:./build/bin/ronin
Note: Make sure to close and reopen the terminal after adding the path.
-
Generate a BLS key pair:
$ mkdir bls_keystore
$ echo "input_your_password" > bls_password
$ ronin account generatebls --secretThe output is the following:
Successfully generated BLS key
Public key: {your_public_key}
Secret key: {your_private_key}An
all-accounts.keystore.json
file containing the encrypted BLS key is created inside thebls_keystore
directory.To reveal the public key, run this command:
$ ronin account listbls
The output is the following:
BLS public key #0: {your_public_key}
To reveal both the public key and private key, run this command:
$ ronin account listbls --secret
The output is the following:
BLS public key #0: {your_public_key}
BLS secret key #0: {your_private_key}
Generate using Docker image
In the .env
file of your node's Docker image, configure the following:
- Leave
BLS_PRIVATE_KEY
empty but enter the password inBLS_PASSWORD
. - Set
BLS_AUTO_GENERATE
totrue
, and then rundocker-compose up -d
. - Run
docker-compose logs node
, which returnsUsing BLS account your-public-key
.
If you want to view the BLS private key, do the following:
- Set
BLS_SHOW_PRIVATE_KEY=true
, rundocker-compose up -d
- Run
docker-compose logs node
, which returnsBLS secret key #0: {your_private_key}
. Note: This command just shows the private key without running the node. - Set
BLS_SHOW_PRIVATE_KEY
tofalse
, and then rundocker-compose up -d
to start the node.
Generate an ECDSA key
You can generate an ECDSA key pair using the Ronin CLI or the Ronin Wallet app or extension.
Generate using the CLI
Prerequisites
Go (version 1.20 or later). Follow the installation instructions on the official website.
Steps
-
Compile the
ethkey
tool from the Ronin source code by running the following commands:$ git clone https://github.com/axieinfinity/ronin
$ cd ronin
$ go get ./...
$ go build ./cmd/ethkey/
$ ls -l ethkeyThe output is similar to the following:
-rwxr-xr-x 1 user staff 16306850 Mar 23 18:13 ethkey
-
Generate the key pair and set a password:
$ ./ethkey generate your_private_key_name
-
Reveal the key pair:
$ ./ethkey inspect --private your_private_key_name
Generate using Ronin Wallet
ECDSA keys can also be generated using Ronin Wallet, both the browser extension and the mobile app. Follow the steps in the flow diagrams provided in the following sections.