# 4. \[FRCA🍁] Security Guide: How to add your HW wallet as owner for your pool pledge. For the latest updates, follow us on twitter! [![Follow us on twitter!](https://raw.githubusercontent.com/Mikederel/HW-wallet-as-owner/main/Twitter.png)](https://twitter.com/frca_stakepool) Make sure you can see your HW wallet on your air-gapped offline machine. {% tabs %} {% tab title=" Air-gapped offline machine" %} ```bash lusb # LEDGER Cardano-App version 2.1.0+ is needed. # If you cant see your ledger wallet then visit : # https://support.ledger.com/hc/en-us/articles/115005165269-Fix-connection-issues # Linux tab at the bottom. # # TREZOR Model-T: # https://wiki.trezor.io/Udev_rules # You must install the Trezor Bridge. # # OR see "StakePoolOperator Scripts" for clear indications on compatibility if you are unsure: # https://github.com/gitmachtl/scripts/tree/master/cardano/mainnet#how-to-prepare-your-system-before-using-a-hardware-wallet ``` {% endtab %} {% endtabs %} Delegate HW wallet to your pool from either Daedalus or Yoroi. Export your HW wallet public keys. {% tabs %} {% tab title="Air-gapped offline machine" %} ```bash #Install cardano-hw-cli: https://github.com/vacuumlabs/cardano-hw-cli cardano-hw-cli address key-gen --path 1852H/1815H/0H/2/0 --verification-key-file hw-stake.vkey --hw-signing-file hw-stake.hwsfile ``` {% endtab %} {% endtabs %} If you are changing your pool metadata json file, remember to calculate the hash of your metadata file and re-upload the updated metadata json file. {% tabs %} {% tab title="Block Producer" %} ```bash cardano-cli stake-pool metadata-hash --pool-metadata-file poolMetaData.json > poolMetaDataHash.txt ``` {% endtab %} {% endtabs %} Find the minimum pool cost value. {% tabs %} {% tab title="Block Producer" %} ```bash minPoolCost=$(cat $NODE_HOME/params.json | jq -r .minPoolCost) echo minPoolCost: ${minPoolCost} ``` {% endtab %} {% endtabs %} Create stake-pool registration certificate including HW wallet as second owner and also making it default reward account. {% hint style="info" %} Edit this to your own settings! {% endhint %} {% tabs %} {% tab title="Air-gapped offline machine" %} ``` cardano-cli stake-pool registration-certificate \ --cold-verification-key-file node.vkey \ --vrf-verification-key-file vrf.vkey \ --pool-pledge 150000000000 \ ------your pledge in lovelaces --pool-cost 340000000 \ ------minimum pool cost value found before --pool-margin 0.01 \ ------pool fee in fraction ie 0.01 for 1% --pool-reward-account-verification-key-file hw-stake.vkey \ ------HW wallet key --pool-owner-stake-verification-key-file stake.vkey \ ------previous CLI key --pool-owner-stake-verification-key-file hw-stake.vkey \ ------HW wallet key --mainnet \ --pool-relay-port 6000 \ ------your relay port --pool-relay-ipv4 IP \ ------your relay IP --metadata-url \ --metadata-hash $(cat poolMetaDataHash.txt) \ --out-file pool.cert ``` {% endtab %} {% endtabs %} Copy pool.cert to your Block Producer. Find the current tip. {% tabs %} {% tab title="Block Producer" %} ``` slotNo=$(cardano-cli query tip --mainnet | jq -r '.slot') echo slotNo: ${slotNo} ``` {% endtab %} {% endtabs %} Calculate payment.addr balance. {% tabs %} {% tab title="Block Producer" %} ``` cardano-cli query utxo \ --address $(cat payment.addr) \ --mainnet > fullUtxo.out tail -n +3 fullUtxo.out | sort -k3 -nr > balance.out cat balance.out tx_in="" total_balance=0 while read -r utxo; do in_addr=$(awk '{ print $1 }' <<< "${utxo}") idx=$(awk '{ print $2 }' <<< "${utxo}") utxo_balance=$(awk '{ print $3 }' <<< "${utxo}") total_balance=$((${total_balance}+${utxo_balance})) echo TxHash: ${in_addr}#${idx} echo ADA: ${utxo_balance} tx_in="${tx_in} --tx-in ${in_addr}#${idx}" done < balance.out txcnt=$(cat balance.out | wc -l) echo Total ADA balance: ${total_balance} echo Number of UTXOs: ${txcnt} ``` {% endtab %} {% endtabs %} Build raw transaction. {% tabs %} {% tab title="Block Producer" %} ``` cardano-cli transaction build-raw \ ${tx_in} \ --tx-out $(cat payment.addr)+${total_balance} \ --invalid-hereafter $(( ${currentSlot} + 10000)) \ --fee 0 \ --certificate-file pool.cert \ --out-file tx.tmp ``` {% endtab %} {% endtabs %} Calculate transaction fee. {% tabs %} {% tab title="Block Producer" %} ``` fee=$(cardano-cli transaction calculate-min-fee \ --tx-body-file tx.tmp \ --tx-in-count ${txcnt} \ --tx-out-count 1 \ --mainnet \ --witness-count 4 \ --byron-witness-count 0 \ --protocol-params-file params.json | awk '{ print $1 }') echo fee: $fee ``` {% endtab %} {% endtabs %} Calculate final txOut. {% tabs %} {% tab title="Block Producer" %} ``` txOut=$((${total_balance}-${fee})) echo txOut: ${txOut} ``` {% endtab %} {% endtabs %} Build raw transaction that includes the fee. {% tabs %} {% tab title="Block Producer" %} ``` cardano-cli transaction build-raw \ ${tx_in} \ --tx-out $(cat payment.addr)+${txOut} \ --invalid-hereafter $(( ${currentSlot} + 10000)) \ --fee ${fee} \ --certificate-file pool.cert \ --out-file tx.raw ``` {% endtab %} {% endtabs %} Copy tx.raw to your air-gapped machine for signing. Create transaction witnesses from all used CLI signing-keys. {% tabs %} {% tab title="Air-gapped offline machine" %} ``` cardano-cli transaction witness --tx-body-file tx.raw --signing-key-file node.skey --mainnet --out-file node-cold.witness cardano-cli transaction witness --tx-body-file tx.raw --signing-key-file stake.skey --mainnet --out-file cli-stake.witness cardano-cli transaction witness --tx-body-file tx.raw --signing-key-file payment.skey --mainnet --out-file cli-payment.witness ``` {% endtab %} {% endtabs %} Create transaction witness from HW wallet signing key. (connect your HW wallet and open Cardano app) {% hint style="info" %} Make sure your HW wallet is detected or it will say: `"`Transport not available `"` {% endhint %} {% tabs %} {% tab title="Air-gapped offline machine" %} ``` cardano-hw-cli transaction witness --tx-body-file tx.raw --hw-signing-file hw-stake.hwsfile --mainnet --out-file hw-stake.witness ``` {% endtab %} {% endtabs %} Assemble final transaction with all the witnesses. {% tabs %} {% tab title="Air-gapped offline machine" %} ``` cardano-cli transaction assemble --tx-body-file tx.raw --witness-file node-cold.witness --witness-file cli-stake.witness --witness-file cli-payment.witness --witness-file hw-stake.witness --out-file tx-pool.multisign ``` {% endtab %} {% endtabs %} Copy tx-pool.multisign to your Block Producer. Submit final transaction. {% tabs %} {% tab title="Block Producer" %} ``` cardano-cli transaction submit --tx-file tx-pool.multisign --mainnet ``` {% endtab %} {% endtabs %} {% hint style="info" %} 🔥 **Critical : Do not move your funds from CLI pledge wallet before HW wallet delegation is active on your pool!!(*****after 2 snapshots)*** **If you move them before, your pledge will show as "pledge not met".** **ONLY USE THE FIRST ADDRESS showing in Daedalus or Yoroi if you want to keep your pledge address queryable via the CLI.** {% endhint %} For the latest updates, follow us on twitter! [![Follow us on twitter!](https://raw.githubusercontent.com/Mikederel/HW-wallet-as-owner/main/Twitter.png)](https://twitter.com/frca_stakepool) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://poolguide.frcan.com/readme-1.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.