Generating Validator Keys

Validator nodes take actions on behalf of the Chainflip network, and all of these actions are authorised using cryptographic keys. Specifically, to run a validator node, you will need three private/public key pairs: an Ethereum key pair for interacting with Ethereum, a Chainflip-native key pair for interacting with the State Chain, and a key pair for encrypting peer to peer communications.

Validator Keys

It is recommended to generate and save the required keys using the following chainflip-cli command:

chainflip-cli generate-keys --path /etc/chainflip/keys

This should give you output similar to the below:

Generated fresh Validator keys for your Chainflip Node!
⁣
🔑 Node Public Key: 0x5fc8ea5dd16e0bbc273eedfe5406d548cdbcdaf66fe86a2643bace5045fe2edf
👤 Node Peer ID: 12D3KooWGGGbDdkegvsc1m5vkNppHtXZJqSMNQRH7AKE7cxRuuSe
🔑 Ethereum Public Key: 0x033b48e368ae9069413d443c7a52b1e340c6aa0a8a76aac507d62b5ede51dfa368
👤 Ethereum Address: 0x6b98c154357297d0459ede9e98e586a60bee55c3
🔑 Validator Public Key: 0x685b0a76f54c25e2bf03aa8f69450eb863f2ea23b16e93a2317282485e86a723
👤 Validator Account ID: cFLEJrTKtoHDWbRb1Yc8fqhNrEd2u1WPjUemVXjZQ1THxb5p6
⁣
🌱 Seed Phrase: slender pilot fiber auction junk sting ozone push shop reduce defense stamp
⁣
⁣
❗️❗️
❗️ THIS SEED PHRASE ALLOWS YOU TO RECOVER YOUR CHAINFLIP ACCOUNT KEYS AND ETHEREUM KEYS.
❗️ HOWEVER, THIS SEED PHRASE SHOULD ONLY BE USED IN CONJUNCTION WITH THIS UTILITY. NOTABLY,
❗️ IT CANNOT BE USED TO IMPORT YOUR ETHEREUM ADDRESS INTO METAMASK OR ANY OTHER WALLET IMPLEMENTATION.
❗️ THIS IS BY DESIGN: THIS ETHEREUM KEY SHOULD BE USED EXCLUSIVELY BY YOUR CHAINFLIP NODE.
❗️❗️
⁣
⁣
💾 Saved all secret keys to '/etc/chainflip/keys'.

Make sure to back up your Seed Phrase and make a note of the public keys and account ID. You will need the Seed Phrase if you ever need to restore your node or recover your funds if you lose access to the node. DO NOT LOSE THIS.

If the above command returned any errors, please ensure that the provided --path is accessible and that there are not already keys stored there! For security reasons, the files will not be overwritten automatically, so if you want to replace the stored keys, please make sure to move the old ones first, and back them up somewhere.

Take special note of the Validator Account ID beginning with cF. This is the ID that you will need to add funds and track your node.

Setting Up Your Ethereum Account

You must ensure that the public Ethereum address generated above has at least 0.1 sETH. Make sure you send 0.1 sETH to this account's address before trying to add funds to your validator node. This requirement is subject to change based on Sepolia Ethereum transaction fees but for now should be sufficient.

Please also note that the Ethereum key is for the exclusive use of the Validator node. Do not re-use this key elsewhere.

Final Checks

The private keys generated above should have been stored at the path provided to the generate-keys command. As a sanity check, make sure they are where you expect: ls /etc/chainflip/keys should show that there are three freshly created files: ethereum_key_file, node_key_file, signing_key_file.

Recovering Your Keys

In case you lose access to your keys, you can recover the private keys using the seed phrase. Using the example phrase generated above:

chainflip-cli generate-keys \
    --path /etc/chainflip/keys \
    --seed-phrase 'slender pilot fiber auction junk sting ozone push shop reduce defense stamp'

The output should be the same as above (except for the Node Key and Node Peer ID), and the keys should be written to the provided path, as above.

Cleaning Up After Yourself

The following commands will ensure that only the current user can read the files, and that the private keys are not available in your shell history:

sudo chmod 600 /etc/chainflip/keys/ethereum_key_file
sudo chmod 600 /etc/chainflip/keys/signing_key_file
sudo chmod 600 /etc/chainflip/keys/node_key_file
history -c