Comment on page

4. [FRCA🍁] Security Guide: How to add your HW wallet as owner for your pool pledge.

Here we are adding a HW wallet as a second owner on your pool registration certificate so you can pledge from it.
For the latest updates, follow us on twitter!
Follow us on twitter!
Make sure you can see your HW wallet on your air-gapped offline machine.
Air-gapped offline machine
# LEDGER Cardano-App version 2.1.0+ is needed.
# If you cant see your ledger wallet then visit :
# Linux tab at the bottom.
# TREZOR Model-T:
# You must install the Trezor Bridge.
# OR see "StakePoolOperator Scripts" for clear indications on compatibility if you are unsure:
Delegate HW wallet to your pool from either Daedalus or Yoroi.
Export your HW wallet public keys.
Air-gapped offline machine
#Install cardano-hw-cli:
cardano-hw-cli address key-gen
--path 1852H/1815H/0H/2/0
--verification-key-file hw-stake.vkey
--hw-signing-file hw-stake.hwsfile
If you are changing your pool metadata json file, remember to calculate the hash of your metadata file and re-upload the updated metadata json file.
Block Producer
cardano-cli stake-pool metadata-hash --pool-metadata-file poolMetaData.json > poolMetaDataHash.txt
Find the minimum pool cost value.
Block Producer
minPoolCost=$(cat $NODE_HOME/params.json | jq -r .minPoolCost)
echo minPoolCost: ${minPoolCost}
Create stake-pool registration certificate including HW wallet as second owner and also making it default reward account.
Edit this to your own settings!
Air-gapped offline machine
cardano-cli stake-pool registration-certificate \
--cold-verification-key-file node.vkey \
--vrf-verification-key-file vrf.vkey \
--pool-pledge 150000000000 \ ------your pledge in lovelaces
--pool-cost 340000000 \ ------minimum pool cost value found before
--pool-margin 0.01 \ ------pool fee in fraction ie 0.01 for 1%
--pool-reward-account-verification-key-file hw-stake.vkey \ ------HW wallet key
--pool-owner-stake-verification-key-file stake.vkey \ ------previous CLI key
--pool-owner-stake-verification-key-file hw-stake.vkey \ ------HW wallet key
--mainnet \
--pool-relay-port 6000 \ ------your relay port
--pool-relay-ipv4 IP \ ------your relay IP
--metadata-url <url where you uploaded poolMetaData.json> \
--metadata-hash $(cat poolMetaDataHash.txt) \
--out-file pool.cert
Copy pool.cert to your Block Producer.
Find the current tip.
Block Producer
slotNo=$(cardano-cli query tip --mainnet | jq -r '.slot')
echo slotNo: ${slotNo}
Calculate payment.addr balance.
Block Producer
cardano-cli query utxo \
--address $(cat payment.addr) \
--mainnet > fullUtxo.out
tail -n +3 fullUtxo.out | sort -k3 -nr > balance.out
cat balance.out
while read -r utxo; do
in_addr=$(awk '{ print $1 }' <<< "${utxo}")
idx=$(awk '{ print $2 }' <<< "${utxo}")
utxo_balance=$(awk '{ print $3 }' <<< "${utxo}")
echo TxHash: ${in_addr}#${idx}
echo ADA: ${utxo_balance}
tx_in="${tx_in} --tx-in ${in_addr}#${idx}"
done < balance.out
txcnt=$(cat balance.out | wc -l)
echo Total ADA balance: ${total_balance}
echo Number of UTXOs: ${txcnt}
Build raw transaction.
Block Producer
cardano-cli transaction build-raw \
${tx_in} \
--tx-out $(cat payment.addr)+${total_balance} \
--invalid-hereafter $(( ${currentSlot} + 10000)) \
--fee 0 \
--certificate-file pool.cert \
--out-file tx.tmp
Calculate transaction fee.
Block Producer
fee=$(cardano-cli transaction calculate-min-fee \
--tx-body-file tx.tmp \
--tx-in-count ${txcnt} \
--tx-out-count 1 \
--mainnet \
--witness-count 4 \
--byron-witness-count 0 \
--protocol-params-file params.json | awk '{ print $1 }')
echo fee: $fee
Calculate final txOut.
Block Producer
echo txOut: ${txOut}
Build raw transaction that includes the fee.
Block Producer
cardano-cli transaction build-raw \
${tx_in} \
--tx-out $(cat payment.addr)+${txOut} \
--invalid-hereafter $(( ${currentSlot} + 10000)) \
--fee ${fee} \
--certificate-file pool.cert \
--out-file tx.raw
Copy tx.raw to your air-gapped machine for signing.
Create transaction witnesses from all used CLI signing-keys.
Air-gapped offline machine
cardano-cli transaction witness --tx-body-file tx.raw --signing-key-file node.skey --mainnet --out-file node-cold.witness
cardano-cli transaction witness --tx-body-file tx.raw --signing-key-file stake.skey --mainnet --out-file cli-stake.witness
cardano-cli transaction witness --tx-body-file tx.raw --signing-key-file payment.skey --mainnet --out-file cli-payment.witness
Create transaction witness from HW wallet signing key. (connect your HW wallet and open Cardano app)
Make sure your HW wallet is detected or it will say: "Transport not available "
Air-gapped offline machine
cardano-hw-cli transaction witness --tx-body-file tx.raw --hw-signing-file hw-stake.hwsfile --mainnet --out-file hw-stake.witness
Assemble final transaction with all the witnesses.
Air-gapped offline machine
cardano-cli transaction assemble --tx-body-file tx.raw --witness-file node-cold.witness --witness-file cli-stake.witness --witness-file cli-payment.witness --witness-file hw-stake.witness --out-file tx-pool.multisign
Copy tx-pool.multisign to your Block Producer.
Submit final transaction.
Block Producer
cardano-cli transaction submit --tx-file tx-pool.multisign --mainnet
🔥 Critical : Do not move your funds from CLI pledge wallet before HW wallet delegation is active on your pool!!(after 2 snapshots) If you move them before, your pledge will show as "pledge not met".
ONLY USE THE FIRST ADDRESS showing in Daedalus or Yoroi if you want to keep your pledge address queryable via the CLI.
For the latest updates, follow us on twitter!
Follow us on twitter!