├── .gitignore ├── CHANGELOG.md ├── LICENSE ├── README.md └── src ├── cardano-signer.js └── package.json /.gitignore: -------------------------------------------------------------------------------- 1 | .idea 2 | .DS_Store 3 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | ## Release Notes / Change-Logs 2 | 3 | * **1.25.0** 4 | 5 | #### CIP8/30 Updates 6 | 7 | - The CIP8/30 verification function got a bit of a code clean up, reencoding the `protected_header` into cbor hex only if needed. 8 | - Using the `sign --cip8/30` function now also has the `--include-maps` flag option. If set, the `--json-extended` output contains the COSE maps too. This was available for `verify --cip8/30` before. 9 | 10 | #### CIP88v2/151 Calidus Updates 11 | 12 | - Using the `verify --cip88` function now also has the `--include-maps` flag option. If set, the `--json-extended` output contains the COSE maps too. 13 | 14 | #### CIP100 Author-Signing 15 | 16 | - Its now possible to sign in `CIP-8` mode if the optional `--address xxx` parameter is used: 17 | `cardano-signer sign --cip100 --data-file myUnsigned.json --secret-key xxx.skey --author-name "Its me!" --address xxx --out-file mySigned.json` 18 | 19 | #### Key-Generation 20 | 21 | - Generating pool-keys via a set path `--path pool` or `--path 1853H/1815H/0H/0H` now also includes the extended bech keys in the `--json-extended` output: 22 | `"secretKeyBech": "pool_xsk1fzvvmh...", "publicKeyBech": "pool_vk1wc8mjku..."` 23 | - The `calidusIdHex` and `calidusIdBech` output is now only showing up if you generate calidus keys. 24 | 25 | 26 | #### General Updates 27 | 28 | - Code clean-up like optional start flags are now read from an array. Improved error messages. etc. 29 | 30 | 31 | * **1.24.3** 32 | 33 | #### CIP-100 Author-Signing 34 | 35 | - the generated output metadata json now always includes a NewLine/LineFeed at the end to make it more robust against re-opening in editors (fixes https://github.com/gitmachtl/cardano-signer/issues/4) 36 | 37 | * **1.24.2** 38 | 39 | #### Bugfixes 40 | 41 | - improved handling of integer key values when converting from json to cbor 42 | - default path 'payment' for keygen was broken 43 | 44 | * **1.24.1** 45 | 46 | #### CIP8/30 Updates 47 | 48 | - The CIP8/30 verification function now handles all set keys in the `protected header`. In the past the `protected header` was rebuilt for internal verification using only the `alg (map 1)` and `address` key entry.
Which could have caused an issue if Signature-Generators add additional keys in the `protected header`, like the optional `kid (map 4)` entry.
Now cardano-signer handles the header as it is and only replaces entries in the address and kid keys if an optional verification address is provided. 49 | - The *protected header map* is now also included in the `--json-extended` output for the `verify cip-8/30` command if you set the `--include-maps` flag. 50 | 51 | 52 | * **1.24.0** 53 | 54 | #### Calidus Pool-Key updates 55 | 56 | - A new path shortcut `--path calidus` was added to the `keygen` function 57 | - Using the new calidus path also switches the output description of skey/vkey files to be `Calidus Pool Signing Key` and `Calidus Pool Verification Key` 58 | - Using the new calidus path also outputs the new `Calidus-ID` in hex and bech format with the `--json-extended` flag 59 | - The `sign --cip88` function to generate Calidus Key registration data now also outputs the new `Calidus-ID` in hex and bech format. In addition it also outputs the `Pool-ID` in bech format. 60 | - The `verify --cip88` function to verify Calidus Key registration data now also outputs the new `Calidus-ID` in hex and bech format. In addition it also outputs the `Pool-ID` in bech format. 61 | 62 | #### Other updates 63 | 64 | - A new internal function was created to convert maps in to json format, this is simplifying various inputs and output in the future 65 | - The key7 entry for the CIP88v2 format was renamed from `update-key` to `calidus-key` 66 | 67 | * **1.23.0** 68 | 69 | #### NEW FUNCTION - Sign/Verify Calidus Pool-Key registration metadata (CIP88v2) 70 | 71 | - Generating of new Calidus Pool-Key registration metadata is now possible via the `sign --cip88` method
72 | The data can be generated in human readable JSON format, or as a binary CBOR file. Both can directly be used in a transaction on the blockchain. 73 | - Verification of Calidus Pool-Key registration metadata is now possible via the `verify --cip88` method
74 | The data for verification can be provided as JSON-File, JSON-Plaintext or as a CBOR-HexString 75 | 76 | #### Other Changes 77 | 78 | - Cardano-Signer is now using the cardano-serialization-lib version 14.1.1 79 | 80 | * **1.22.0** 81 | - Verification of signatures in `--cip100` mode now also supports both the `CIP-0030` & `CIP-0008` author wittnessAlgorithm 82 | - Signing a jsonld file in `--cip100` mode with `ed25519` author signatures now also rechecks existing `CIP-0030/CIP-0008` signatures 83 | - Verification of a `--cip100` document now also returns the `fileHash` -> `anchorHash` of the document in the `--json` and `--json-extended` output format 84 | - Generating keys via the `keygen` and a set derivation path now also returns the `rootKey` in the `--json-extended` output-mode format 85 | - Verification of `CIP-0008` structures was moved into its own subfunction, so it can be reused within other functions 86 | - Upgraded to CSL v14.1.0 87 | 88 | * **1.20.1** 89 | #### CIP100 Verification and Canonize 90 | - Bugfix: Corrected a bug where doublequotes that are already escaped in the body content to form the canonized body array were escaped again. 91 | 92 | * **1.20.0** 93 | #### NEW FUNCTION - Derive keys from Hardware-Wallet mnemonics 94 | - Two new flags have been added to the `keygen` mode: 95 | - `--ledger` let you derive your keys in Ledger-Hardware-Wallet type format 96 | - `--trezor` let you derive your keys in Trezor-Hardware-Wallet type format 97 | 98 | This new function allows to recover keys from a Hardware-Wallet as pure CLI-Keys. 99 | 100 | #### UPDATE/CHANGES: 101 | - The preset path `--path pool` has been added to the `keygen` mode, to directly derive Cardano-Pool Cold-Keys 102 | - The `path` entry in the `--json-extended` output for the `keygen` mode was renamed into `derivationPath` (breaking!) 103 | - A new entry was added in the `--json-extended` output for the `keygen` mode -> `derivationType`, which can be `icarus`, `ledger` or `trezor` 104 | - If keys are derived for `--path drep` or `--path pool`, the output now also contains the corresponding DRep-ID/Pool-ID. 105 | 106 | * **1.19.0** 107 | #### NEW FUNCTION - Adding authors signatures for CIP100 JSONLD metadata 108 | - A new function is now available via the 'sign --cip100' parameter. Its now possible to add authors entries (Name + Signature) with a single command using cardano-signer 109 | #### UPDATE/CHANGES: 110 | - cardano-signer is now compatible with CIP129 standard for drep, committee-cold and committee-hot bech strings. this works now for all functions that allow a '--address' parameter. 111 | - CIP 8/30 DataSign: 112 | - you can now directly also use governance bech-ids for the '--address' parameter like 'drep1xxx' 113 | - CIP 100 - Governance: 114 | - the canonize&hash command 'hash' introduced in version 1.17 was renamed to 'canonize'. change was made to avoid confusion, because this command is to output the hash of the canonized body, not the file-hash. 115 | - output fields of the 'canonize' and 'verify' function changed 'hash' is now 'canonizedHash', 'canonized' is now 'canonizedBody' 116 | - in addition to the existing checks in the 'verify' function, cardano-signer now also checks for duplicated public-key entries in the authors array of the input jsonld file 117 | 118 | * **1.18.0** 119 | #### General 120 | - verify governance metadata following CIP-100, CIP-108, CIP-119 standard via the new `verify --cip100` option 121 | 122 | * **1.17.0** 123 | #### General 124 | - Now using NODE.JS v18 125 | - Updated all dependencies to the latest versions 126 | 127 | #### New Hash mode to Canonize & Hash Governance Metadata 128 | - canonize & hash governance metadata following CIP-100, CIP-108, CIP-119 standard via the new `canonize --cip100` option 129 | 130 | * **1.16.1** 131 | #### Catalyst Vote Key Generation CIP36 132 | - Bugfix: The description field of the generated *.vkey file was corrected to be 'Catalyst Vote Verification Key' 133 | 134 | * **1.16.0** 135 | #### Signing & Verification in CIP-030/008 mode 136 | - Added a new flag `--nohashcheck` for the signing and verification in CIP030/008 format. Using this flag will tell cardano-signer to not perform a check of the hash in the address-field against the public-key during the verification process. And additionally it can disable the address/hash check in the signing process too. 137 | 138 | * **1.15.1** 139 | #### General 140 | - small bugfix, parameters `help`, `usage`, `version` throwing an "unknown" error 141 | 142 | 143 | * **1.15.0** 144 | #### New constitutional-commitee-member cold-key generation mode: 145 | - generate conway cc-cold keys via the path `--path cc-cold` or 146 | - generate conway cc-cold keys from the derivation path "1852'/1815'/acc'/4/idx' 147 | - generate conway cc-cold keys from mnemonics or let cardano-signer generate new mnemonics for you 148 | 149 | #### New constitutional-commitee-member hot-key generation mode: 150 | - generate conway cc-hot keys via the path `--path cc-hot` or 151 | - generate conway cc-hot keys from the derivation path "1852'/1815'/acc'/5/idx' 152 | - generate conway cc-hot keys from mnemonics or let cardano-signer generate new mnemonics for you 153 | 154 | #### General 155 | - some corrections on extended verification key outputs 156 | - an unknown parameter now throws an error. before, optional parameters with a typo were simply ignored 157 | - general code cleanup, typos, etc. 158 | 159 | * **1.14.0** 160 | #### New dRep-Key generation mode: 161 | - generate conway dRep keys via the path `--path drep` or 162 | - generate conway dRep keys from the derivation path `1852'/1815'/acc'/3/idx'` 163 | - generate conway dRep keys from mnemonics or let cardano-signer generate new mnemonics for you 164 | 165 | #### Key generation mode changes: 166 | - the flag `with-chain-code` has been replaced by the new flag `vkey-extended`. this makes it easier for the users to understand the meaning 167 | - per default the public keys are now always generated as non-extended keys, the secret keys are always extended ones if derived from a path 168 | 169 | #### General 170 | - code cleanup 171 | 172 | * **1.13.0** 173 | #### New key generation mode: 174 | - generate normal ed25519 keys 175 | - generate extended ed25519 keys from a derivation path like "1852H/1815H/0H/0/0" 176 | - generate keys from mnemonics or let cardano-signer generate new mnemonics for you 177 | - generate CIP36 conform vote keys incl. bech `cvote_vk` data and an optional vote_purpose 178 | - generate keys with or without chaincode attached 179 | - directly write out `.skey`/`.vkey` files (like cardano-cli) 180 | - extended information like an `Xpub...` key is available via the `--json-extended` flag 181 | - shortcuts for paths can be used like `--path payment`, `--path stake`, `--path cip36` 182 | 183 | * **1.12.1** 184 | #### CIP-36 update: 185 | - Changed the `--rewards-address` parameter to `--payment-address` parameter. This reflects the latest changes in CIP-36 186 | - Also the keys for `rewardsAddressHex`,`rewardsAddressType` and `rewardsAddressNetwork` in the `--json-extended` output are not renamed to `paymentAddressHex`, `paymentAddressType`, `paymentAddressNetwork` 187 | 188 | * **1.12.0** 189 | #### General: 190 | - The output via `--json-extended` is now showing more details about the address (hex, type, network) 191 | - The help description can now be displayed for each sub command like: `cardano-signer sign --cip8 --help` 192 | - Addresses provided via the `--address` parameter can now be a bech-address, hex-string or the path to a file containing the bech-address (typical mywallet.addr) files 193 | #### CIP-8 / CIP-30 updates: 194 | - Completely reworked CIP-8/CIP-30 code. Flags `--cip8` & `--cip30` will currently do the same, because CIP-30 uses CIP-8 signing. 195 | - Signing a payload now generates a full COSE_Sign1 signature together with the COSE_Key publicKey 196 | - The payload can be set to hashed via the new flag `--hashed` 197 | - The payload can be excluded from the COSE_Sign1 signature with the new flag `--nopayload` 198 | - The signing address will be automatically checked against the publicKey (signing and verification) 199 | - Extended data structure check of the given COSE_Sign1 & COSE_Key 200 | - Verification can be done against the COSE_Sign1 & COSE_Key, and optionally also against a given payload and address 201 | - The output via `--json-extended` shows additional information if the payload is hashed, address infos, etc. 202 | 203 | * **1.11.0** 204 | #### General: 205 | - Added an optional flag `--bech` (also `--jcli` works), to output the signature and public key in jcli compatible bech format with prefixes `ed25519_sig` and `ed25519_pk`. This is available in the normal signing mode. 206 | - The verify function now also accepts bech encoded signatures `ed25519_sig` in addition to hex strings. 207 | - With this update the sign/verify functions in **cardano-signer can substitute jcli** for sign/verify. 208 | 209 | * **1.10.1** 210 | #### CIP-36 updates: 211 | - Starting with Fund10, the rewards address for the voting rewards must be a regular payment address (enterprise or base address), not a stake address like before. 212 | 213 | * **1.10.0** 214 | - Added an optional address check for the normal sign/verify functions via the `--address` parameter. If provided, cardano-signer checks that the address belongs to the provided signing/public key. 215 | 216 | * **1.9.0** 217 | #### CIP-36 mode updates: 218 | - Added the new [deregistration metadata format](https://github.com/cardano-foundation/CIPs/tree/master/CIP-0036#deregistration-metadata-format-catalyst) in CIP-36 mode, which is using key 61286 for the deregistration data. 219 | - Changed the output of `--json-extended` in CIP-36 mode to output the cbor and json content below the "output" key [example](https://github.com/gitmachtl/cardano-signer/edit/main/README.md#signing-cip-36-mode---catalyst-voting-registration--votingpower-delegation) 220 | #### General: 221 | - Using the general bech32 lib to decode public/private keys, so **any bech32 string** can be used. Before it was limited to `ed25519_pk` and `ed25519_sk` prefixes. 222 | - Defining command-line argument types to avoid parsing arguments like `--data-hex="000000"` as a number. Must be parsed as a string of course. 223 | - Added command-line aliases so you **can also use**: `--signing-key` or `--secret-key`, `--verification-key` or `--public-key`, etc. 224 | 225 | * **1.8.0** 226 | #### CIP-36 mode updates: 227 | - Allow duplicated voting_key entries 228 | - New check to avoid using a wrong vote-public-key or a wrong stake secret-key. Because the public-key of the signing secret-key must be different than the entries in the delegations array. 229 | - New check that the total-vote-weight is not zero 230 | - Added the fields `votePurpose` and `totalVoteWeight` to the `--json-extended` output-mode 231 | - Syntax Update: Added flag `--deregister` to generate an empty delegation array, no voting_keys or rewards address is needed using that flag 232 | - Syntax Update: If no `--nonce` parameter is provided, cardano-signer automatically calculates the Mainnet slotHeight from the current machine time and uses it as the nonce 233 | #### General: 234 | - Syntax Update: Added parameter `--testnet-magic [xxx]` to CIP-8 and CIP-36 mode to allow an additional check about the right bech-address format. (Default = mainnet) 235 | 236 | * **1.7.0** 237 | - Added JSON and JSON-Extended output format: Default output format is plaintext, using the `--json` flag generates a JSON output. Using the `--json-extended` flag generates a JSON output with much more information. 238 | - In CIP-36 mode, using the new `--json` flag together with the `--out-file` parameter generates directly a JSON Format which is compatible to be used as a registration.json metadata with cardano-cli. `--out-cbor` always generates a binary registration.cbor metadata file, also compatible to be used with cardano-cli. 239 | - Usage/Help context is now colored for better readability 240 | 241 | * **1.6.1** 242 | - Added new check in CIP-36 mode to avoid duplicated voting_key entries in the delegations. Exits with an error if duplicates are found. 243 | 244 | * **1.6.0** 245 | - New Syntax - Now you can use the parameter `--data-file` to use any binary file as the data source to sign. 246 | - Added the function to directly use bech encoded secret and public keys for the signing/verification. You can mix the formats. 247 | 248 | * **1.5.0** 249 | - New CIP-36 mode via parameter `--cip36`. This enables the new catalyst/governance registration and votingpower (multi-)delegation mode. Output generates a signed cbor file or hex_string. 250 | 251 | * **1.4.0** 252 | - New CIP-8 mode via parameter `--cip8`. This enables CIP-8 conform payload signing. 253 | - New Syntax - Now you can use the parameter `--data` for pure text payloads, and `--data-hex` for hex-encoded payloads. 254 | 255 | * **1.3.0** 256 | - Now supporting true parameter/flag names. 257 | - Added new optional `--out-file` option, which would write the signature+publicKey to a file and not to the standard output. 258 | 259 | * **1.2.0** 260 | - Added support to use Cardano-Key-Files in addition to a direct Key-Hexstring. Supports standard sKey/vKey JSON files and also files with a Bech32-Key in it, like the ones generated via jcli 261 | 262 | * **1.1.0** 263 | - Added functionality to do also a Verification of the Signature together with the data and the Public Key. 264 | 265 | * **1.0.0** 266 | - Initial version, supports signing of a Data-Hexstring string with a Key-Hexstring. 267 | 268 |
269 |
270 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 Martin Lang 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## Sign & verify data with a Cardano Secret/Public-Key
Sign & verify CIP-8, CIP-30 & CIP-36 data (Catalyst)
Generate Cardano-Keys from (Hardware)-Mnemonics and Derivation-Paths
Canonize, Hash & Sign Governance Metadata CIP-100/108/119
Generate and Verify CIP-88v2 Calidus-Pool-Key data 2 | 3 | 4 | 5 |  

6 | 7 | ### What can cardano-signer sign/generate? 8 | * **Sign** any hexdata, textdata or binaryfile with a provided normal or extended secret key. The key can be provided in hex, bech or file format. The signing output is a signature in hex- or json-format, also the public key of the provided secret key for verification. With the enabled `--jcli` flag the generated signature and public key will be return in a **jcli** compatible bech format. **Cardano-signer can be used instead of jcli for signing**. 9 | * Sign payloads in **CIP-8 / CIP-30** mode, hashed or not hashed, with or without a payload in the output. The signing output is a COSE_Sign1 signature in hex format and also the public key of the provided secret key for verification. The output can also be set to be in json format which will also show additional data (--json-extended). 10 | * Generate and sign **Catalyst registration/delegation/deregistration** metadata in **CIP-36** mode. This also includes relatively weighted voting power delegation. The output is the registration/delegation or deregistraton data in json or cborHex-format and/or a binary cbor file, which can be transmitted on chain as it is. 11 | * Generate **Cardano Keys** like .skey/.vkey files and hex-keys from **derivation paths**, with or without **mnemonic words**. 12 | * Support for **Hardware-Wallet** derivation types **Ledger & Trezor**. 13 | * Generate conway **dRep Keys, Constitutional Commitee Member Cold/Hot Keys** with or without **mnemonic words**. 14 | * Canonized & Hash CIP-100/108/119 governance metadata jsonld data 15 | * Sign CIP-100/108/119 governacne metadata by adding an authors signature to the document 16 | * Generate CIP-36 voting-keys. 17 | * A given address will automatically be checked against the used publicKey. 18 | * Generate **CIP-88v2 Calidus Pool-Key** registration metadata in CBOR and JSON format 19 | 20 | ### What can cardano-signer verify? 21 | * **Verify** a signature for any hexdata, textdata or binaryfile together with a provided public key. Also an optional address can be verified against the given public key. The key can be provided in hex, bech or file format. The verification output is true(exitcode=0) or false(exitcode=1) as a console output or in json-format. 22 | * The signature can be provided in hex format or also in bech encoded `ed25519_sig` format. **Cardano-signer can be used instead of jcli for verification**. 23 | * Verify **CIP-8 / CIP-30** COSE_Sign1/COSE_Key data. With hashed or non-hashed payloads. There is also a detailed check on the COSE_Sign1 and COSE_Key data structure included. Verification can be done on the COSE_Sign1 + COSE_Key, or COSE_Sign1 + COSE_Key + payload and/or address. 24 | * Verify **CIP-100/108/119** metadata JSONLD files 25 | * Verify **CIP-88v2 Calidus Pool-Key** registration metadata in CBOR and JSON format 26 | 27 |  

28 | 29 | ## Examples 30 | * **[Default mode](#default-mode)**: Sign and verify data with ed25519(cardano) keys 31 | * **[CIP-8 / CIP-30 mode](#cip-8--cip-30-mode)**: COSE_Sign1 signature & COSE_Key publicKey generation/verification 32 | * **[CIP-36 mode](#cip-36-mode-catalyst-voting-registration--votingpower-delegation)**: Generate Catalyst metadata for registration/delegation and also deregistration 33 | * **[KeyGeneration mode](#keygeneration-mode)**: Generate Cardano keys from mnemonics and derivation-paths, also from Ledger/Trezor-HardwareWallets 34 | * **[CIP-100 / CIP-108 / CIP-119 mode](#cip-100--cip-108--cip-119-mode)**: Sign, Verify and Canonize governance metadata 35 | * **[CIP-88v2 Calidus Pool-Key](#cip-88v2-calidus-pool-key-mode)**: Sign & Verify Calidus Key registration metadata 36 |  

37 | 38 | ## Full syntax 39 | 40 | ``` console 41 | 42 | $ cardano-signer help 43 | 44 | cardano-signer 1.24.3 45 | 46 | Sign a hex/text-string or a binary-file: 47 | 48 | Syntax: cardano-signer sign 49 | Params: --data-hex "" | --data "" | --data-file "" 50 | data/payload/file to sign in hex-, text- or binary-file-format 51 | --secret-key "||" path to a signing-key-file or a direct signing hex/bech-key string 52 | [--address "||"] optional address check against the signing-key (address-file or a direct bech/hex format) 53 | [--json | --json-extended] optional flag to generate output in json/json-extended format 54 | [--jcli | --bech] optional flag to generate signature & publicKey in jcli compatible bech-format 55 | [--out-file ""] path to an output file, default: standard-output 56 | Output: "signature + publicKey" or JSON-Format default: hex-format 57 | 58 | 59 | Sign a payload in CIP-8 / CIP-30 mode: (COSE_Sign1 only currently) 60 | 61 | Syntax: cardano-signer sign --cip8 62 | cardano-signer sign --cip30 63 | Params: --data-hex "" | --data "" | --data-file "" 64 | data/payload/file to sign in hex-, text- or binary-file-format 65 | --secret-key "||" path to a signing-key-file or a direct signing hex/bech-key string 66 | --address "||" path to an address-file or a direct bech/hex format 'stake1..., stake_test1..., addr1...' 67 | [--nohashcheck] optional flag to not perform a check that the public-key belongs to the address/hash 68 | [--hashed] optional flag to hash the payload given via the 'data' parameters 69 | [--nopayload] optional flag to exclude the payload from the COSE_Sign1 signature, default: included 70 | [--testnet-magic [xxx]] optional flag to switch the address check to testnet-addresses, default: mainnet 71 | [--json | --json-extended] optional flag to generate output in json/json-extended format 72 | [--out-file ""] path to an output file, default: standard-output 73 | Output: "COSE_Sign1 + COSE_Key" or JSON-Format 74 | 75 | 76 | Sign a catalyst registration/delegation or deregistration in CIP-36 mode: 77 | 78 | Syntax: cardano-signer sign --cip36 79 | Params: [--vote-public-key "||" public-key-file(s) or public hex/bech-key string(s) to delegate the votingpower to (single or multiple) 80 | --vote-weight ] relative weight of each delegated votingpower, default: 100% for a single delegation 81 | --secret-key "||" signing-key-file or a direct signing hex/bech-key string of the stake key (votingpower) 82 | --payment-address "||" rewards payout address (address-file or a direct bech/hex format 'addr1..., addr_test1...') 83 | [--nonce ] optional nonce value, if not provided the mainnet-slotHeight calculated from current machine-time will be used 84 | [--vote-purpose ] optional parameter (unsigned int), default: 0 (catalyst) 85 | [--deregister] optional flag to generate a deregistration (no --vote-public-key/--vote-weight/--payment-address needed 86 | [--testnet-magic [xxx]] optional flag to switch the address check to testnet-addresses, default: mainnet 87 | [--json | --json-extended] optional flag to generate output in json/json-extended format, default: cborHex(text) 88 | [--out-file ""] path to an output file, default: standard-output 89 | [--out-cbor ""] path to write a binary metadata.cbor file to 90 | Output: Registration-Metadata in JSON-, cborHex-, cborBinary-Format 91 | 92 | 93 | Sign a Calidus-Pool-PublicKey registration with a Pool-Cold-Key in CIP-88 mode: 94 | 95 | Syntax: cardano-signer sign --cip88 96 | Params: --calidus-public-key "||" public-key-file or public hex/bech-key string to use as the new calidus-key 97 | --secret-key "||" signing-key-file or a direct signing hex/bech-key string of the stakepool 98 | [--nonce ] optional nonce value, if not provided the mainnet-slotHeight calculated from current machine-time will be used 99 | [--json | --json-extended] optional flag to generate output in json/json-extended format, default: cborHex(text) 100 | [--out-file ""] path to an output file, default: standard-output 101 | [--out-cbor ""] path to write a binary metadata.cbor file to 102 | Output: Registration-Metadata in JSON-, cborHex-, cborBinary-Format 103 | 104 | 105 | Sign a governance JSON-LD metadata file with a Secret-Key (add authors, ed25519 algorithm): 106 | 107 | Syntax: cardano-signer sign --cip100 108 | Params: --data "" | --data-file "" 109 | data or file in jsonld format to sign 110 | --secret-key "||" path to a signing-key-file or a direct signing hex/bech-key string 111 | --author-name "" name of the signing author f.e. "John Doe" 112 | [--replace] optional flag to replace the authors entry with the same public-key 113 | [--out-file ""] path to an output file, default: standard-output 114 | Output: "Signed JSON-LD Content" or "JSON-HashInfo if --out-file is used" 115 | 116 | 117 | Verify a hex/text-string or a binary-file via signature + publicKey: 118 | 119 | Syntax: cardano-signer verify 120 | Params: --data-hex "" | --data "" | --data-file "" 121 | data/payload/file to verify in hex-, text- or binary-file-format 122 | --signature "|" signature in hex- or bech-format 123 | --public-key "||" path to a public-key-file or a direct public hex/bech-key string 124 | [--address "||"] optional address check against the public-key (address-file or a direct bech/hex format) 125 | [--json | --json-extended] optional flag to generate output in json/json-extended format 126 | [--out-file ""] path to an output file, default: standard-output 127 | Output: "true/false" (exitcode 0/1) or JSON-Format 128 | 129 | 130 | Verify a CIP-8 / CIP-30 payload: (COSE_Sign1 only currently) 131 | 132 | Syntax: cardano-signer verify --cip8 133 | cardano-signer verify --cip30 134 | Params: --cose-sign1 "" COSE_Sign1 signature in cbor-hex-format 135 | --cose-key "" COSE_Key containing the public-key in cbor-hex-format 136 | [--data-hex "" | --data "" | --data-file ""] 137 | optional data/payload/file if not present in the COSE_Sign1 signature 138 | [--address "||"] optional signing-address to do the verification with 139 | [--nohashcheck] optional flag to not perform a check that the public-key belongs to the address/hash 140 | [--include-maps] optional flag to include the COSE maps in the json-extended output 141 | [--json | --json-extended] optional flag to generate output in json/json-extended format 142 | [--out-file ""] path to an output file, default: standard-output 143 | Output: "true/false" (exitcode 0/1) or JSON-Format 144 | 145 | 146 | Verify CIP-88 Calidus-Pool-PublicKey registration-data: 147 | 148 | Syntax: cardano-signer verify --cip88 149 | Params: --data "" | data to verify as json text 150 | --data-file "" | data to verify as json file 151 | --data-hex "" data to verify as cbor-hex-format 152 | [--json | --json-extended] optional flag to generate output in json/json-extended format 153 | [--out-file ""] path to an output file, default: standard-output 154 | Output: "true/false" or JSON-Format 155 | 156 | 157 | Verify Signatures in CIP-100/108/119/136 governance JSON-LD metadata: 158 | 159 | Syntax: cardano-signer verify --cip100 160 | Params: --data "" | --data-file "" 161 | data or file in jsonld format to verify 162 | [--json | --json-extended] optional flag to generate output in json/json-extended format 163 | [--out-file ""] path to an output file, default: standard-output 164 | Output: "true/false" or JSON-Format 165 | 166 | 167 | Generate Cardano ed25519/ed25519-extended keys: 168 | 169 | Syntax: cardano-signer keygen 170 | Params: [--path ""] optional derivation path in the format like "1852H/1815H/0H/0/0" or "1852'/1815'/0'/0/0" 171 | or predefined names: --path payment, --path stake, --path cip36, --path drep, --path cc-cold, 172 | --path cc-hot, --path pool, --path calidus 173 | [--mnemonics "word1 word2 ... word24"] optional mnemonic words to derive the key from (separate via space) 174 | [--passphrase "passphrase"] optional passphrase for --ledger or --trezor derivation method 175 | [--ledger | --trezor] optional flag to set the derivation type to "Ledger" or "Trezor" hardware wallet 176 | [--cip36] optional flag to generate CIP36 conform vote keys (also using path 1694H/1815H/0H/0/0) 177 | [--vote-purpose ] optional vote-purpose (unsigned int) together with --cip36 flag, default: 0 (Catalyst) 178 | [--vkey-extended] optional flag to generate a 64byte publicKey with chain code 179 | [--json | --json-extended] optional flag to generate output in json/json-extended format 180 | [--out-file ""] path to an output file, default: standard-output 181 | [--out-skey ""] path to an output skey-file 182 | [--out-vkey ""] path to an output vkey-file 183 | Output: "secretKey + publicKey" or JSON-Format default: hex-format 184 | 185 | 186 | Canonize&Hash the governance JSON-LD body metadata for author-signatures: (CIP-100) 187 | 188 | Syntax: cardano-signer canonize --cip100 189 | Params: --data "" | --data-file "" 190 | data or file in jsonld format to canonize and hash 191 | [--json | --json-extended] optional flag to generate output in json/json-extended format 192 | [--out-canonized ""] path to an output file for the canonized data 193 | [--out-file ""] path to an output file, default: standard-output 194 | Output: "HASH of canonized body" or JSON-Format NOTE: This is NOT the anchor-url-hash!!! 195 | 196 | ``` 197 | 198 |
199 |
200 | 201 | # Default mode 202 | 203 | ## *Signing - Generate a signature* 204 | 205 | ![image](https://user-images.githubusercontent.com/47434720/208511485-34ad734d-3c0b-42f9-996a-887966cbd12d.png) 206 | 207 | ### Sign text-data with a KEY-FILE (.skey) 208 | ``` console 209 | cardano-signer sign --data "this is a test payload :-)" \ 210 | --secret-key test.skey 211 | ``` 212 | Output - Signature & publicKey (hex) : 213 | ``` 214 | 8a5fd6602094407b7e5923aa0f2694f8cb5cf39f317a61059fdc572e24fc1c7660d23c04d46355aed78b5ec35ae8cad1433e7367bb874390dfe46ed155727a08 57758911253f6b31df2a87c10eb08a2c9b8450768cb8dd0d378d93f7c2e220f0 215 | ``` 216 | You can generate a nice json output via the `--json` flag 217 | ``` console 218 | cardano-signer sign --data "this is a test payload :-)" \ 219 | --secret-key test.skey \ 220 | --json 221 | ``` 222 | ``` json 223 | { 224 | "signature": "8a5fd6602094407b7e5923aa0f2694f8cb5cf39f317a61059fdc572e24fc1c7660d23c04d46355aed78b5ec35ae8cad1433e7367bb874390dfe46ed155727a08", 225 | "publicKey": "57758911253f6b31df2a87c10eb08a2c9b8450768cb8dd0d378d93f7c2e220f0" 226 | } 227 | ``` 228 | You can generate a more detailed json output via the `--json-extended` flag 229 | ``` console 230 | cardano-signer sign --data "this is a test payload :-)" \ 231 | --secret-key test.skey \ 232 | --json-extended 233 | ``` 234 | ``` json 235 | { 236 | "workMode": "sign", 237 | "signDataHex": "7468697320697320612074657374207061796c6f6164203a2d29", 238 | "signature": "8a5fd6602094407b7e5923aa0f2694f8cb5cf39f317a61059fdc572e24fc1c7660d23c04d46355aed78b5ec35ae8cad1433e7367bb874390dfe46ed155727a08", 239 | "secretKey": "e8ddb1cfc09e163915e6c28fcb5fbb563bfef57201857e15288b67abbd91e4441e5fa179a8f90da1684ba5aa310da521651d2ce20443f149f8ca9e333a96dabc", 240 | "publicKey": "57758911253f6b31df2a87c10eb08a2c9b8450768cb8dd0d378d93f7c2e220f0" 241 | } 242 | ``` 243 | You can also do an optional address check, if the address belongs to the key. 244 | ``` console 245 | cardano-signer sign --data "this is a test payload :-)" \ 246 | --secret-key dummy.skey \ 247 | --json-extended \ 248 | --address "addr1v9ux8dwy800s5pnq327g9uzh8f2fw98ldytxqaxumh3e8kqumfr6d" 249 | ``` 250 | If the address is wrong you will get an error like: 251 | ``` 252 | Error: The address 'addr1v9ux8dwy800s5pnq327g9uzh8f2fw98ldytxqaxumh3e8kqumfr6d' does not belong to the provided secret key. 253 | ``` 254 | If the address is correct, cardano-signer outputs like normal. In case of the **detailed json output** it also **includes the address infos**. 255 | ``` json 256 | { 257 | "workMode": "sign", 258 | "signDataHex": "7468697320697320612074657374207061796c6f6164203a2d29", 259 | "addressHex": "617863b5c43bdf0a06608abc82f0573a549714ff69166074dcdde393d8", 260 | "addressType": "payment enterprise", 261 | "addressNetwork": "mainnet", 262 | "signature": "c60aae4701b49d0b5276b703e72b1a310d6df45b6671bcc08eb06ae9640584577d5d7bb14429bbc855a6382a40412a27f8d5c794220e26cea7404f1cfb0e5d0b", 263 | "secretKey": "16275bd6647f94a53e9fe1c71439a258a03c13cadf32935ed5388972ebd7e53f", 264 | "publicKey": "755b017578b701dc9ddd4eaee67015b4ca8baf66293b7b1d204df426c0ceccb9" 265 | } 266 | ``` 267 | 268 | > :bulb: For **verification**, check out the [Examples](#examples---verification) below too! 269 | 270 |
271 | 272 | ### Sign hex-data with a KEY-HEXSTRING 273 | ``` console 274 | cardano-signer sign \ 275 | --data-hex "8f21b675423a65244483506122492f5720d7bd35d70616348089678ed4eb07a9" \ 276 | --secret-key "c14ef0cc5e352446d6243976f51e8ffb2ae257f2a547c4fba170964a76501e7a" 277 | ``` 278 | Output - Signature & publicKey (hex) : 279 | ``` 280 | ca3ddc10f845dbe0c22875aaf91f66323d3f28e265696dcd3c56b91a8e675c9e30fd86ba69b9d1cf271a12f7710c9f3385c78cbf016e17e1df339bea8bd2db03 9be513df12b3fabe7c1b8c3f9fab0968eb2168d5689bf981c2f7c35b11718b27 281 | ``` 282 | You can also write out to a file of course. 283 | ``` console 284 | cardano-signer sign \ 285 | --out-file mySignature.txt \ 286 | --data-hex "8f21b675423a65244483506122492f5720d7bd35d70616348089678ed4eb07a9" \ 287 | --secret-key "c14ef0cc5e352446d6243976f51e8ffb2ae257f2a547c4fba170964a76501e7a" 288 | ``` 289 | No visible output was generated to the stdout, but Signature+publicKey was written to the file mySignature.txt
290 | 291 | Here are two examples for invalid input secret keys: 292 | ``` console 293 | cardano-signer sign \ 294 | --data-hex "8f21b675423a65244483506122492f5720d7bd35d70616348089678ed4eb07a9" \ 295 | --secret-key "c14ef0cc5e352446d6243976f51e8ffb2ae257f2a547c4fba170964a" 296 | ``` 297 | ``` 298 | Error: Invalid normal secret key 299 | ``` 300 | ``` console 301 | cardano-signer sign \ 302 | --data-hex "8f21b675423a65244483506122492f5720d7bd35d70616348089678ed4eb07a9" \ 303 | --secret-key "c14ef0cc5e352446d6243976f51e8ffb2ae257f2a547c4fba170964a76501e7a88afe88fa8f888544e6f5a5f555e5faf6f6f" 304 | ``` 305 | ``` 306 | Error: Invalid extended secret key 307 | ``` 308 | 309 |
310 | 311 | ### Sign hex-data with a KEY-FILE (.skey) 312 | ``` console 313 | cardano-signer sign \ 314 | --data-hex "8f21b675423a65244483506122492f5720d7bd35d70616348089678ed4eb07a9" \ 315 | --secret-key owner.staking.skey 316 | ``` 317 | Output - Signature & publicKey (hex) : 318 | ``` 319 | ca3ddc10f845dbe0c22875aaf91f66323d3f28e265696dcd3c56b91a8e675c9e30fd86ba69b9d1cf271a12f7710c9f3385c78cbf016e17e1df339bea8bd2db03 9be513df12b3fabe7c1b8c3f9fab0968eb2168d5689bf981c2f7c35b11718b27 320 | ``` 321 | ``` console 322 | cardano-signer sign \ 323 | --data-hex "8f21b675423a65244483506122492f5720d7bd35d70616348089678ed4eb07a9" \ 324 | --secret-key owner.staking.vkey 325 | Error: The file 'owner.staking.vkey' is not a signing/secret key json 326 | ``` 327 | 328 |
329 | 330 | ### Sign a file with a KEY-FILE (.skey) 331 | ``` console 332 | cardano-signer sign --data-file test.txt --secret-key test.skey 333 | ``` 334 | Output - Signature & publicKey (hex) : 335 | ``` 336 | caacb18c46319f55b932efa77357f14b66b27aa908750df2c91800dc59711015ea2e568974ac0bcabf9b1c4708b877c2b94a7658c2dcad78b108049062572e09 57758911253f6b31df2a87c10eb08a2c9b8450768cb8dd0d378d93f7c2e220f0 337 | ``` 338 | 339 |
340 | 341 | ## *Verification* 342 | 343 | ![image](https://user-images.githubusercontent.com/47434720/208521774-acc55a42-f37d-46cd-a424-eb7dcc01f149.png) 344 | 345 | ### Verify text-data with a given signature and a key-file (.skey) 346 | ``` console 347 | cardano-signer verify --data "this is a test payload :-)" \ 348 | --public-key test.vkey \ 349 | --signature "8a5fd6602094407b7e5923aa0f2694f8cb5cf39f317a61059fdc572e24fc1c7660d23c04d46355aed78b5ec35ae8cad1433e7367bb874390dfe46ed155727a08" 350 | ``` 351 | The output is plaintext (without any flag) and will be simply `true` if there is a match, or `false` if there is a mismatch. Cardano-signer also exits with an exitcode=0 (no error) in case of a match, or with exitcode=1 in case any error or mismatch occured. 352 | ``` 353 | true 354 | ``` 355 | You can generate a json output via the `--json` flag too. 356 | ``` console 357 | cardano-signer verify --data "this is a test payload :-)" \ 358 | --public-key test.vkey \ 359 | --signature "8a5fd6602094407b7e5923aa0f2694f8cb5cf39f317a61059fdc572e24fc1c7660d23c04d46355aed78b5ec35ae8cad1433e7367bb874390dfe46ed155727a08" \ 360 | --json 361 | ``` 362 | ``` json 363 | { 364 | "result": "true" 365 | } 366 | ``` 367 | Or a more detailed json output via the `--json-extended` flag. 368 | ``` console 369 | cardano-signer verify --data "this is a test payload :-)" \ 370 | --public-key test.vkey \ 371 | --signature "8a5fd6602094407b7e5923aa0f2694f8cb5cf39f317a61059fdc572e24fc1c7660d23c04d46355aed78b5ec35ae8cad1433e7367bb874390dfe46ed155727a08" \ 372 | --json-extended 373 | ``` 374 | ``` json 375 | { 376 | "workMode": "verify", 377 | "result": "true", 378 | "verifyDataHex": "7468697320697320612074657374207061796c6f6164203a2d29", 379 | "signature": "8a5fd6602094407b7e5923aa0f2694f8cb5cf39f317a61059fdc572e24fc1c7660d23c04d46355aed78b5ec35ae8cad1433e7367bb874390dfe46ed155727a08", 380 | "publicKey": "57758911253f6b31df2a87c10eb08a2c9b8450768cb8dd0d378d93f7c2e220f0" 381 | } 382 | ``` 383 | You can also do an optional address check, if the address belongs to the provided public key by adding the address with parameter `--address`: 384 | ``` console 385 | cardano-signer verify --data "this is a test payload :-)" \ 386 | --public-key dummy.vkey \ 387 | --signature "c60aae4701b49d0b5276b703e72b1a310d6df45b6671bcc08eb06ae9640584577d5d7bb14429bbc855a6382a40412a27f8d5c794220e26cea7404f1cfb0e5d0b" \ 388 | --address "addr1v9ux8dwy800s5pnq327g9uzh8f2fw98ldytxqaxumh3e8kqumfr6d" 389 | ``` 390 | ``` 391 | Error: The address 'addr1v9ux8dwy800s5pnq327g9uzh8f2fw98ldytxqaxumh3e8kqumfr6d' does not belong to the provided public key. 392 | ``` 393 | And if the address matched, cardano-signer will just generate a normal output. If you have set it to `--json-extended` it also includes the address infos like: 394 | ``` json 395 | { 396 | "workMode": "verify", 397 | "result": "true", 398 | "verifyDataHex": "7468697320697320612074657374207061796c6f6164203a2d29", 399 | "addressHex": "617863b5c43bdf0a06608abc82f0573a549714ff69166074dcdde393d8", 400 | "addressType": "payment enterprise", 401 | "addressNetwork": "mainnet", 402 | "signature": "c60aae4701b49d0b5276b703e72b1a310d6df45b6671bcc08eb06ae9640584577d5d7bb14429bbc855a6382a40412a27f8d5c794220e26cea7404f1cfb0e5d0b", 403 | "publicKey": "755b017578b701dc9ddd4eaee67015b4ca8baf66293b7b1d204df426c0ceccb9" 404 | } 405 | ``` 406 | 407 | 408 |
409 | 410 | ### Verify hex-data with a given signature and a key-hexstring 411 | ``` console 412 | cardano-signer verify \ 413 | --data-hex "8f21b675423a65244483506122492f5720d7bd35d70616348089678ed4eb07a9" \ 414 | --signature "ca3ddc10f845dbe0c22875aaf91f66323d3f28e265696dcd3c56b91a8e675c9e30fd86ba69b9d1cf271a12f7710c9f3385c78cbf016e17e1df339bea8bd2db03" \ 415 | --public-key "9be513df12b3fabe7c1b8c3f9fab0968eb2168d5689bf981c2f7c35b11718b27" 416 | ``` 417 | The output is plaintext and will be simply `true` if there is a match, or `false` if there is a mismatch. Cardano-signer also exits with an exitcode=0 (no error) in case of a match, or with exitcode=1 in case any error or mismatch occured. 418 | ``` 419 | true 420 | ``` 421 | ``` console 422 | cardano-signer verify \ 423 | --data-hex "8f21b675423a65244483506122492f5720d7bd35d70616348089678ed4eb07a9" \ 424 | --signature "ca3ddc10f845dbe0c22875aaf91f66323d3f28e265696dcd3c56b91a8e675c9e30fd86ba69b9d1cf271a12f7710c9f3385c78cbf016e17e1df339bea8bd2db03" \ 425 | --public-key "aaaaaaaaaab3fabe7c1b8c3f9fab0968eb2168d5689bf981c2f7c35b11718b27" 426 | ``` 427 | ``` 428 | false 429 | ``` 430 | ``` console 431 | cardano-signer verify \ 432 | --data-hex "8f21b675423a65244483506122492f5720d7bd35d70616348089678ed4eb07a9" \ 433 | --signature "aaaaaaaaaa45dbe0c22875aaf91f66323d3f28e265696dcd3c56b91a8e675c9e30fd86ba69b9d1cf271a12f7710c9f3385c78cbf016e17e1df339bea8bd2db03" \ 434 | --public-key "9be513df12b3fabe7c1b8c3f9fab0968eb2168d5689bf981c2f7c35b11718b27" \ 435 | --json 436 | ``` 437 | ``` json 438 | { 439 | "result": "false" 440 | } 441 | ``` 442 | 443 |
444 | 445 | ### Verify hex-data with a signature and a key-file 446 | ``` console 447 | cardano-signer verify \ 448 | --data-hex "8f21b675423a65244483506122492f5720d7bd35d70616348089678ed4eb07a9" \ 449 | --signature "ca3ddc10f845dbe0c22875aaf91f66323d3f28e265696dcd3c56b91a8e675c9e30fd86ba69b9d1cf271a12f7710c9f3385c78cbf016e17e1df339bea8bd2db03" \ 450 | --public-key owner.staking.vkey 451 | ``` 452 | ``` 453 | true 454 | ``` 455 | ``` console 456 | cardano-signer verify \ 457 | --data-hex "8f21b675423a65244483506122492f5720d7bd35d70616348089678ed4eb07a9" \ 458 | --signature "ca3ddc10f845dbe0c22875aaf91f66323d3f28e265696dcd3c56b91a8e675c9e30fd86ba69b9d1cf271a12f7710c9f3385c78cbf016e17e1df339bea8bd2db03" \ 459 | --public-key owner.staking.skey 460 | ``` 461 | You will also get errors if the provided key is not a public-key for example 462 | ``` 463 | Error: The file 'owner.staking.skey' is not a verification/public key json 464 | ``` 465 | 466 |
467 | 468 | ### Verify a file with a signature and a key-file 469 | ``` console 470 | cardano-signer verify --data-file test.txt --public-key test.vkey \ 471 | --signature "caacb18c46319f55b932efa77357f14b66b27aa908750df2c91800dc59711015ea2e568974ac0bcabf9b1c4708b877c2b94a7658c2dcad78b108049062572e09" 472 | ``` 473 | ``` 474 | true 475 | ``` 476 | 477 |

 

  478 | 479 | # CIP-8 / CIP-30 mode 480 | 481 | ## *Signing - Generate the COSE_Sign1 & COSE_Key* 482 | 483 | ![image](https://user-images.githubusercontent.com/47434720/208512729-e0119b98-5d26-458f-8575-ecbb3d64241c.png) 484 | 485 | ### Sign some text-data payload 486 | 487 | ``` console 488 | cardano-signer sign --cip8 \ 489 | --data "Hello world" \ 490 | --secret-key dummy.skey \ 491 | --address dummy.addr 492 | ``` 493 | Output - **COSE_Sign1 Signature & COSE_Key publicKey** (hex): 494 | ``` 495 | 84582aa201276761646472657373581d617863b5c43bdf0a06608abc82f0573a549714ff69166074dcdde393d8a166686173686564f44b48656c6c6f20776f726c645840fc58155f0cee05bc00e7299af1df1f159ac82a46a055786b259657934eff346eec81349d4678ceabc79f213c66a2bdbfd4ea5d9ebdc630bee5ac9cce75cfc001 a4010103272006215820755b017578b701dc9ddd4eaee67015b4ca8baf66293b7b1d204df426c0ceccb9 496 | ``` 497 | Or with the **more detailed** json output which includes many useful and extra information like the `signedMessage` string: 498 | ``` console 499 | cardano-signer sign --cip8 \ 500 | --data "Hello world" \ 501 | --secret-key dummy.skey \ 502 | --address dummy.addr \ 503 | --json-extended 504 | ``` 505 | ``` json 506 | { 507 | "workMode": "sign-cip8", 508 | "addressHex": "617863b5c43bdf0a06608abc82f0573a549714ff69166074dcdde393d8", 509 | "addressType": "payment enterprise", 510 | "addressNetwork": "mainnet", 511 | "inputDataHex": "48656c6c6f20776f726c64", 512 | "isHashed": "false", 513 | "signDataHex": "846a5369676e617475726531582aa201276761646472657373581d617863b5c43bdf0a06608abc82f0573a549714ff69166074dcdde393d8404b48656c6c6f20776f726c64", 514 | "signature": "fc58155f0cee05bc00e7299af1df1f159ac82a46a055786b259657934eff346eec81349d4678ceabc79f213c66a2bdbfd4ea5d9ebdc630bee5ac9cce75cfc001", 515 | "secretKey": "16275bd6647f94a53e9fe1c71439a258a03c13cadf32935ed5388972ebd7e53f", 516 | "publicKey": "755b017578b701dc9ddd4eaee67015b4ca8baf66293b7b1d204df426c0ceccb9", 517 | "output": { 518 | "signedMessage": "cms_hFgqogEnZ2FkZHJlc3NYHWF4Y7XEO98KBmCKvILwVzpUlxT_aRZgdNzd45PYoWZoYXNoZWT0S0hlbGxvIHdvcmxkWED8WBVfDO4FvADnKZrx3x8VmsgqRqBVeGsllleTTv80buyBNJ1GeM6rx58hPGaivb_U6l2evcYwvuWsnM51z8ABZWrr1w", 519 | "COSE_Sign1_hex": "84582aa201276761646472657373581d617863b5c43bdf0a06608abc82f0573a549714ff69166074dcdde393d8a166686173686564f44b48656c6c6f20776f726c645840fc58155f0cee05bc00e7299af1df1f159ac82a46a055786b259657934eff346eec81349d4678ceabc79f213c66a2bdbfd4ea5d9ebdc630bee5ac9cce75cfc001", 520 | "COSE_Key_hex": "a4010103272006215820755b017578b701dc9ddd4eaee67015b4ca8baf66293b7b1d204df426c0ceccb9" 521 | } 522 | } 523 | ``` 524 | If you wanna **hash the payload**, add the `--hashed` flag: 525 | ``` console 526 | cardano-signer sign --cip8 \ 527 | --data "Hello world" \ 528 | --secret-key dummy.skey \ 529 | --address dummy.addr \ 530 | --hashed \ 531 | --json-extended 532 | ``` 533 | If you wanna **exclude the payload** itself from the COSE_Sign1 output, add the `--nopayload` flag: 534 | ``` console 535 | cardano-signer sign --cip8 \ 536 | --data "Hello world" \ 537 | --secret-key dummy.skey \ 538 | --address dummy.addr \ 539 | --nopayload \ 540 | --json-extended 541 | ``` 542 | This will not include the payload in the COSE_Sign1 signature, useful if all involved entities know the payload. 543 | ``` 544 | COSE_Sign1 cbor: 545 | 84 # array(4) 546 | 58 2a # bytes(42) 547 | a201276761646472657373581d617863 # "\xa2\x01\'gaddressX\x1daxc" 548 | b5c43bdf0a06608abc82f0573a549714 # "\xb5\xc4;\xdf\n\x06`\x8a\xbc\x82\xf0W:T\x97\x14" 549 | ff69166074dcdde393d8 # "\xffi\x16`t\xdc\xdd\xe3\x93\xd8" 550 | a1 # map(1) 551 | 66 # text(6) 552 | 686173686564 # "hashed" 553 | f4 # false, simple(20) 554 | f6 # null, simple(22) 555 | 58 40 # bytes(64) 556 | fc58155f0cee05bc00e7299af1df1f15 # "\xfcX\x15_\x0c\xee\x05\xbc\x00\xe7)\x9a\xf1\xdf\x1f\x15" 557 | 9ac82a46a055786b259657934eff346e # "\x9a\xc8*F\xa0Uxk%\x96W\x93N\xff4n" 558 | ec81349d4678ceabc79f213c66a2bdbf # "\xec\x814\x9dFx\xce\xab\xc7\x9f! 563 | 564 | ### Sign hex-data payload 565 | ``` console 566 | cardano-signer sign --cip8 \ 567 | --address "stake_test1urqntq4wexjylnrdnp97qq79qkxxvrsa9lcnwr7ckjd6w0cr04y4p" \ 568 | --data-hex "7b2263686f696365223a22596573222c22636f6d6d656e74223a22222c226e6574776f726b223a2270726576696577222c2270726f706f73616c223a2232303338633431376431313265303035656636316339356437313065653632313834613663313737643138623264613839316639376365666165346638353335222c2270726f746f636f6c223a2253756e64616553776170222c227469746c65223a22546573742050726f706f73616c202d2054616d7065726564222c2276657273696f6e223a2231222c22766f7465644174223a2233313337323237222c22766f746572223a227374616b655f7465737431757174336e7161707a373939747670326c7438616474747432396b36786132786e6c7461686e363535747534736763366173617167227d" \ 569 | --secret-key staking.skey \ 570 | --testnet-magic 1 \ 571 | --json 572 | ``` 573 | Output - **COSE_Sign1 Signature & COSE_Key publicKey** (hex): 574 | ``` json 575 | { 576 | "COSE_Sign1_hex": "84582aa201276761646472657373581de0c13582aec9a44fcc6d984be003c5058c660e1d2ff1370fd8b49ba73fa166686173686564f45901277b2263686f696365223a22596573222c22636f6d6d656e74223a22222c226e6574776f726b223a2270726576696577222c2270726f706f73616c223a2232303338633431376431313265303035656636316339356437313065653632313834613663313737643138623264613839316639376365666165346638353335222c2270726f746f636f6c223a2253756e64616553776170222c227469746c65223a22546573742050726f706f73616c202d2054616d7065726564222c2276657273696f6e223a2231222c22766f7465644174223a2233313337323237222c22766f746572223a227374616b655f7465737431757174336e7161707a373939747670326c7438616474747432396b36786132786e6c7461686e363535747534736763366173617167227d5840c2ffc4650e21376297f42040028382406bf888c09f35a74324e80a531cc6359a6d2acc9a6e4c58c664463a25889de37d2f54422ae20a259db6fed37b86d05202", 577 | "COSE_Key_hex": "a40101032720062158209be513df12b3fabe7c1b8c3f9fab0968eb2168d5689bf981c2f7c35b11718b27" 578 | } 579 | ``` 580 | 581 | ## *Verification* 582 | 583 | ![image](https://user-images.githubusercontent.com/47434720/208522843-296257c8-fced-4573-8592-85f10b0f4762.png) 584 | 585 | ### Verify COSE_Sign1 & COSE_Key data 586 | 587 | Lets use the signed data from the first signing example for the verification. 588 | ``` 589 | COSE_Sign1: 84582aa201276761646472657373581d617863b5c43bdf0a06608abc82f0573a549714ff69166074dcdde393d8a166686173686564f44b48656c6c6f20776f726c645840fc58155f0cee05bc00e7299af1df1f159ac82a46a055786b259657934eff346eec81349d4678ceabc79f213c66a2bdbfd4ea5d9ebdc630bee5ac9cce75cfc001 590 | COSE_Key: a4010103272006215820755b017578b701dc9ddd4eaee67015b4ca8baf66293b7b1d204df426c0ceccb9 591 | ``` 592 | To **verify** the COSE data with a **detailed output** run: 593 | ``` console 594 | cardano-signer verify --cip8 \ 595 | --cose-sign1 84582aa201276761646472657373581d617863b5c43bdf0a06608abc82f0573a549714ff69166074dcdde393d8a166686173686564f44b48656c6c6f20776f726c645840fc58155f0cee05bc00e7299af1df1f159ac82a46a055786b259657934eff346eec81349d4678ceabc79f213c66a2bdbfd4ea5d9ebdc630bee5ac9cce75cfc001 \ 596 | --cose-key a4010103272006215820755b017578b701dc9ddd4eaee67015b4ca8baf66293b7b1d204df426c0ceccb9 \ 597 | --json-extended 598 | ``` 599 | This outputs the detailed json: 600 | ``` json 601 | { 602 | "workMode": "verify-cip8", 603 | "result": "true", 604 | "addressHex": "617863b5c43bdf0a06608abc82f0573a549714ff69166074dcdde393d8", 605 | "addressType": "payment enterprise", 606 | "addressNetwork": "mainnet", 607 | "payloadDataHex": "48656c6c6f20776f726c64", 608 | "isHashed": "false", 609 | "verifyDataHex": "846a5369676e617475726531582aa201276761646472657373581d617863b5c43bdf0a06608abc82f0573a549714ff69166074dcdde393d8404b48656c6c6f20776f726c64", 610 | "signature": "fc58155f0cee05bc00e7299af1df1f159ac82a46a055786b259657934eff346eec81349d4678ceabc79f213c66a2bdbfd4ea5d9ebdc630bee5ac9cce75cfc001", 611 | "publicKey": "755b017578b701dc9ddd4eaee67015b4ca8baf66293b7b1d204df426c0ceccb9" 612 | } 613 | ``` 614 | You see that the verification was successful, the used signing-address, and payload was not hashed. 615 | 616 | ### Verify COSE_Sign1 & COSE_Key data with a given payload 617 | 618 | If you wanna verify the COSE data against a given payload, simply add it as a --data parameter: 619 | ``` console 620 | cardano-signer verify --cip8 \ 621 | --cose-sign1 84582aa201276761646472657373581d617863b5c43bdf0a06608abc82f0573a549714ff69166074dcdde393d8a166686173686564f44b48656c6c6f20776f726c645840fc58155f0cee05bc00e7299af1df1f159ac82a46a055786b259657934eff346eec81349d4678ceabc79f213c66a2bdbfd4ea5d9ebdc630bee5ac9cce75cfc001 \ 622 | --cose-key a4010103272006215820755b017578b701dc9ddd4eaee67015b4ca8baf66293b7b1d204df426c0ceccb9 \ 623 | --data 'Not hello world' \ 624 | --json 625 | ``` 626 | ``` json 627 | { 628 | "result": "false" 629 | } 630 | ``` 631 | 632 | ### Verify a 'payloadless' COSE_Sign1 & COSE_Key by providing the needed payload data 633 | 634 | If you have a COSE_Sign1 without an included payload (like the signing example further above), you need to provide the payload data to do a successful verification. In the example the payload was 'Hello world' but was not included in the COSE_Sign1, so we add it. 635 | ``` console 636 | cardano-signer verify --cip30 \ 637 | --cose-sign1 84582aa201276761646472657373581d617863b5c43bdf0a06608abc82f0573a549714ff69166074dcdde393d8a166686173686564f4f65840fc58155f0cee05bc00e7299af1df1f159ac82a46a055786b259657934eff346eec81349d4678ceabc79f213c66a2bdbfd4ea5d9ebdc630bee5ac9cce75cfc001 \ 638 | --cose-key a4010103272006215820755b017578b701dc9ddd4eaee67015b4ca8baf66293b7b1d204df426c0ceccb9 \ 639 | --data 'Hello world' \ 640 | --json-extended 641 | ``` 642 | ``` json 643 | { 644 | "workMode": "verify-cip30", 645 | "result": "true", 646 | "addressHex": "617863b5c43bdf0a06608abc82f0573a549714ff69166074dcdde393d8", 647 | "addressType": "payment enterprise", 648 | "addressNetwork": "mainnet", 649 | "payloadDataHex": "48656c6c6f20776f726c64", 650 | "isHashed": "false", 651 | "verifyDataHex": "846a5369676e617475726531582aa201276761646472657373581d617863b5c43bdf0a06608abc82f0573a549714ff69166074dcdde393d8404b48656c6c6f20776f726c64", 652 | "signature": "fc58155f0cee05bc00e7299af1df1f159ac82a46a055786b259657934eff346eec81349d4678ceabc79f213c66a2bdbfd4ea5d9ebdc630bee5ac9cce75cfc001", 653 | "publicKey": "755b017578b701dc9ddd4eaee67015b4ca8baf66293b7b1d204df426c0ceccb9" 654 | } 655 | ``` 656 | The verification is successful. 657 | 658 | ### Verify the address in the COSE_Sign1 & COSE_Key data 659 | 660 | To verify the address in the COSE data simply add the address via the `--address` parameter: 661 | ``` console 662 | cardano-signer verify --cip8 \ 663 | --cose-sign1 84582aa201276761646472657373581d617863b5c43bdf0a06608abc82f0573a549714ff69166074dcdde393d8a166686173686564f44b48656c6c6f20776f726c645840fc58155f0cee05bc00e7299af1df1f159ac82a46a055786b259657934eff346eec81349d4678ceabc79f213c66a2bdbfd4ea5d9ebdc630bee5ac9cce75cfc001 \ 664 | --cose-key a4010103272006215820755b017578b701dc9ddd4eaee67015b4ca8baf66293b7b1d204df426c0ceccb9 \ 665 | --address dummy.addr 666 | --json 667 | ``` 668 | ``` json 669 | { 670 | "result": "true" 671 | } 672 | ``` 673 | If the address does not belong to the publicKey in the COSE_Key, there will be an error. 674 | ``` console 675 | cardano-signer verify --cip8 \ 676 | --cose-sign1 84582aa201276761646472657373581d617863b5c43bdf0a06608abc82f0573a549714ff69166074dcdde393d8a166686173686564f44b48656c6c6f20776f726c645840fc58155f0cee05bc00e7299af1df1f159ac82a46a055786b259657934eff346eec81349d4678ceabc79f213c66a2bdbfd4ea5d9ebdc630bee5ac9cce75cfc001 \ 677 | --cose-key a4010103272006215820755b017578b701dc9ddd4eaee67015b4ca8baf66293b7b1d204df426c0ceccb9 \ 678 | --address addr_test1vpfwv0ezc5g8a4mkku8hhy3y3vp92t7s3ul8g778g5yegsgalc6gc 679 | --json 680 | ``` 681 | Results in an error: 682 | ``` 683 | Error: The given payment enterprise address 'addr_test1vpfwv0ezc5g8a4mkku8hhy3y3vp92t7s3ul8g778g5yegsgalc6gc' does not belong to the public key in the COSE_Key. 684 | ``` 685 | 686 |

 

  687 | 688 | # CIP-36 mode (Catalyst Voting Registration / VotingPower Delegation) 689 | 690 | ## *Signing - Generate the registration metadata* 691 | 692 | ![image](https://user-images.githubusercontent.com/47434720/215330136-9d99c86d-9545-4d8f-a79e-5806e98f5974.png) 693 | 694 | ### Register/Delegate to a single voting-key with minimal parameters (Mainnet example) 695 | ``` console 696 | cardano-signer sign --cip36 \ 697 | --payment-address "addr1v9ux8dwy800s5pnq327g9uzh8f2fw98ldytxqaxumh3e8kqumfr6d" \ 698 | --vote-public-key test.voting.vkey \ 699 | --secret-key myStakeKey.skey \ 700 | --json 701 | ``` 702 | The output in json format (Nonce automatically calculated from current machine time): 703 | ``` json 704 | { 705 | "61284": { 706 | "1": [ 707 | [ "0x423fa841abf9f7fa8dfa10dacdb6737b27fdb0d9bcd9b95d48cabb53047ab769", 1 ] 708 | ], 709 | "2": "0x9be513df12b3fabe7c1b8c3f9fab0968eb2168d5689bf981c2f7c35b11718b27", 710 | "3": "0x617863b5c43bdf0a06608abc82f0573a549714ff69166074dcdde393d8", 711 | "4": 76763961, 712 | "5": 0 713 | }, 714 | "61285": { 715 | "1": "0x9b3534eeedaea8300bad568be60363b9e2e829ab4249b0ba23f78738a7f952e84afd22a97b744a541c431cf8e9e0bb4a6f7431a2f752fa450b761bc0fa100b0a" 716 | } 717 | } 718 | ``` 719 | If you write out the output to a file via the `--out-file` or `--out-cbor` parameter, you can directly attach it to a transaction as metadata to execute the registration/delegation on chain. 720 | ``` console 721 | cardano-signer sign --cip36 \ 722 | --payment-address "addr1v9ux8dwy800s5pnq327g9uzh8f2fw98ldytxqaxumh3e8kqumfr6d" \ 723 | --vote-public-key test.voting.vkey \ 724 | --secret-key myStakeKey.skey \ 725 | --out-cbor myRegistration.cbor 726 | 727 | #Sending example via the SPO-Scripts like: 728 | 01_sendLovelaces.sh wallet wallet min myRegistration.cbor 729 | ``` 730 | 731 |
732 | 733 | ### Register/Delegate to a single voting-key with more parameters 734 | 735 | ``` console 736 | cardano-signer sign --cip36 \ 737 | --payment-address "addr_test1qrlvt2gzuvrhq7m2k00rsyzfrrqwx085cdqgum7w5nc2rxwpxkp2ajdyflxxmxztuqpu2pvvvc8p6tl3xu8a3dym5uls50mr97" \ 738 | --secret-key ../owner.staking.skey \ 739 | --vote-public-key somevote.vkey \ 740 | --nonce 71948552 \ 741 | --testnet-magic 1 \ 742 | --out-cbor catalyst-delegation.cbor 743 | ``` 744 | Output (cbor-hex): 745 | ``` 746 | a219ef64a50181825820423fa841abf9f7fa8dfa10dacdb6737b27fdb0d9bcd9b95d48cabb53047ab769010258209be513df12b3fabe7c1b8c3f9fab0968eb2168d5689bf981c2f7c35b11718b2703583900fec5a902e307707b6ab3de38104918c0e33cf4c3408e6fcea4f0a199c13582aec9a44fcc6d984be003c5058c660e1d2ff1370fd8b49ba73f041a0449d908050019ef65a101584000780582b60c651fa9d2cd3a8cb378561520e3c76ea398f1eb8f17b25084836488d1d75cf323a4b1fa7317099c2c87e411e8403a9f71349042b5723c7fbec807 747 | ``` 748 | 749 |
750 | 751 | ### Register/Delegate to multiple voting-keys with votingpower 10%,20%,70% 752 | 753 | ``` console 754 | cardano-signer sign --cip36 \ 755 | --payment-address "addr_test1qrlvt2gzuvrhq7m2k00rsyzfrrqwx085cdqgum7w5nc2rxwpxkp2ajdyflxxmxztuqpu2pvvvc8p6tl3xu8a3dym5uls50mr97" \ 756 | --secret-key ../owner.staking.skey \ 757 | --vote-public-key ../somevote.vkey \ 758 | --vote-weight 10 \ 759 | --vote-public-key "C2CD50D8A231FBC1444D65ABAB4F6BF74178E6DE64722558EEEF0B73DE293A8A" \ 760 | --vote-weight 20 \ 761 | --vote-public-key "ed25519_pk128c305nw9xh20kearuhcwj447kzlvxdfttkk6uwnrf6qfjm9276svd678w" \ 762 | --vote-weight 70 \ 763 | --nonce 71948552 \ 764 | --testnet-magic 1 \ 765 | --out-cbor catalyst-multidelegation.cbor 766 | ``` 767 | Output (cbor-hex): 768 | ``` 769 | a219ef64a50183825820423fa841abf9f7fa8dfa10dacdb6737b27fdb0d9bcd9b95d48cabb53047ab7690a825820c2cd50d8a231fbc1444d65abab4f6bf74178e6de64722558eeef0b73de293a8a1482582051f117d26e29aea7db3d1f2f874ab5f585f619a95aed6d71d31a7404cb6557b518460258209be513df12b3fabe7c1b8c3f9fab0968eb2168d5689bf981c2f7c35b11718b2703583900fec5a902e307707b6ab3de38104918c0e33cf4c3408e6fcea4f0a199c13582aec9a44fcc6d984be003c5058c660e1d2ff1370fd8b49ba73f041a0449d908050019ef65a101584086600d0ebbf1e0f200fc9cc148464bcb2e55b893838d0f50b208148cf9d498523dd548423b25897e6e4ce9daa19a74766704a2581cea9441d92c9e25ea901208 770 | ``` 771 | Or with two voting-keys and votingpower 1 & 5 with a json-extended output 772 | ``` console 773 | cardano-signer sign --cip36 \ 774 | --payment-address "addr_test1qrlvt2gzuvrhq7m2k00rsyzfrrqwx085cdqgum7w5nc2rxwpxkp2ajdyflxxmxztuqpu2pvvvc8p6tl3xu8a3dym5uls50mr97" \ 775 | --secret-key "f5beaeff7932a4164d270afde7716067582412e8977e67986cd9b456fc082e3a" \ 776 | --vote-public-key ../myvote.voting.pkey --vote-weight 1 \ 777 | --vote-public-key vote-test.vkey --vote-weight 5 \ 778 | --nonce 123456789 \ 779 | --testnet-magic 1 \ 780 | --json-extended 781 | ``` 782 | The output is a **way more detailed json** format, it contains the raw cbor output in the `.output.cbor` key, and the human-readable format in the `.output.json` key: 783 | ``` json 784 | { 785 | "workMode": "sign-cip36", 786 | "votePurpose": "Catalyst (0)", 787 | "totalVoteWeight": 6, 788 | "paymentAddressHex": "00fec5a902e307707b6ab3de38104918c0e33cf4c3408e6fcea4f0a199c13582aec9a44fcc6d984be003c5058c660e1d2ff1370fd8b49ba73f", 789 | "paymentAddressType": "payment base", 790 | "paymentAddressNetwork": "testnet", 791 | "signDataHex": "1ebe4301d8db0af3c65682e8c9c70c0a22ecc474824d4688b6c24936b9d69fd4", 792 | "signature": "c5e380e1282b54d6e2f9004e73c533c5e1b135b81076859ff606a16dde410f8375164fc4c4d6c11e43633228687580b5bab02b3181908715f74efdefd2e63902", 793 | "secretKey": "f5beaeff7932a4164d270afde7716067582412e8977e67986cd9b456fc082e3a", 794 | "publicKey": "86870efc99c453a873a16492ce87738ec79a0ebd064379a62e2c9cf4e119219e", 795 | "output": { 796 | "cbor": "a219ef64a5018282582051f117d26e29aea7db3d1f2f874ab5f585f619a95aed6d71d31a7404cb6557b501825820755b017578b701dc9ddd4eaee67015b4ca8baf66293b7b1d204df426c0ceccb90502582086870efc99c453a873a16492ce87738ec79a0ebd064379a62e2c9cf4e119219e03583900fec5a902e307707b6ab3de38104918c0e33cf4c3408e6fcea4f0a199c13582aec9a44fcc6d984be003c5058c660e1d2ff1370fd8b49ba73f041a075bcd15050019ef65a1015840c5e380e1282b54d6e2f9004e73c533c5e1b135b81076859ff606a16dde410f8375164fc4c4d6c11e43633228687580b5bab02b3181908715f74efdefd2e63902", 797 | "json": { 798 | "61284": { 799 | "1": [ 800 | [ 801 | "0x51f117d26e29aea7db3d1f2f874ab5f585f619a95aed6d71d31a7404cb6557b5", 802 | 1 803 | ], 804 | [ 805 | "0x755b017578b701dc9ddd4eaee67015b4ca8baf66293b7b1d204df426c0ceccb9", 806 | 5 807 | ] 808 | ], 809 | "2": "0x86870efc99c453a873a16492ce87738ec79a0ebd064379a62e2c9cf4e119219e", 810 | "3": "0x00fec5a902e307707b6ab3de38104918c0e33cf4c3408e6fcea4f0a199c13582aec9a44fcc6d984be003c5058c660e1d2ff1370fd8b49ba73f", 811 | "4": 123456789, 812 | "5": 0 813 | }, 814 | "61285": { 815 | "1": "0xc5e380e1282b54d6e2f9004e73c533c5e1b135b81076859ff606a16dde410f8375164fc4c4d6c11e43633228687580b5bab02b3181908715f74efdefd2e63902" 816 | } 817 | } 818 | } 819 | } 820 | ``` 821 | 822 |
823 | 824 | ### Deregistration from the voting-chain with minimal parameters (Mainnet example) 825 | 826 | You can generate a deregistration metadata by using the `--deregister` flag. In that case no vote-key (vote-public-key) or rewards-address is needed as input. Just the secret-key and optionally a nonce and voting-chain-id. 827 | 828 | ``` console 829 | cardano-signer sign --cip36 \ 830 | --deregister \ 831 | --secret-key myStakeKey.skey \ 832 | --json 833 | ``` 834 | The output is a human-readable json format, if you redirect it to a file via the `--out-file` parameter, you can directly use it as metadata in a transaction on the chain. Nonce (if not provided) its automatically calculated from current machine time. 835 | ``` json 836 | { 837 | "61286": { 838 | "1": "0x57758911253f6b31df2a87c10eb08a2c9b8450768cb8dd0d378d93f7c2e220f0", 839 | "2": 74858300, 840 | "3": 0 841 | }, 842 | "61285": { 843 | "1": "0xc7bec561f2b80766f78c169ccb231865048e0ed7e9fb4f98f263d00e3e4a2e6126a18f70b303be63f8e01f46dd116be5c387495a7cec707d3ebc3e6be4d87008" 844 | } 845 | } 846 | ``` 847 | 848 | 849 |  

 

850 | 851 | # KeyGeneration mode 852 | 853 | ![image](https://github.com/user-attachments/assets/ffc1ab3b-338f-4042-a4bc-8e170e1a61f4) 854 | 855 | ## *Normal ed25519 keypair without derivation-path/mnemonics* 856 | 857 | ### Generate a keypair in hex-format 858 | ``` console 859 | cardano-signer keygen 860 | ``` 861 | Output - secretKey & publicKey (hex) : 862 | ``` 863 | 1e0e5b1614ad54e170a43ce74fd53e29217ec4ba341d9ad52d97c30ba696bb9c 1d8f971d0b8553981c90e1b5d2884e8190b21f5547c2a784fc65c59cf022d4b2 864 | ``` 865 | You can generate a nice json output via the `--json` or `--json-extended` flag 866 | ``` console 867 | cardano-signer keygen --json-extended 868 | ``` 869 | ``` json 870 | { 871 | "workMode": "keygen", 872 | "secretKey": "629ebc4ca6ace67f7b427bf728b39aa5d7bb2f8851f88575d8cee8d112a0956c", 873 | "publicKey": "f987631d2e136fc9905f8f7f27a8654a5f86834e118c2873d805f2573e41d0c2", 874 | "output": { 875 | "skey": { 876 | "type": "PaymentSigningKeyShelley_ed25519", 877 | "description": "Payment Signing Key", 878 | "cborHex": "5820629ebc4ca6ace67f7b427bf728b39aa5d7bb2f8851f88575d8cee8d112a0956c" 879 | }, 880 | "vkey": { 881 | "type": "PaymentVerificationKeyShelley_ed25519", 882 | "description": "Payment Verification Key", 883 | "cborHex": "5820f987631d2e136fc9905f8f7f27a8654a5f86834e118c2873d805f2573e41d0c2" 884 | } 885 | } 886 | } 887 | ``` 888 |
889 | 890 | ### Generate .skey/.vkey files 891 | 892 | You can also directly generate .skey/.vkey files via the `--out-skey` & `--out-vkey` parameter 893 | ``` console 894 | cardano-signer keygen --json-extended \ 895 | --out-skey test.skey \ 896 | --out-vkey test.vkey 897 | ``` 898 | This generates the typical .skey/.vkey files with content like 899 | ``` json 900 | { 901 | "type": "PaymentSigningKeyShelley_ed25519", 902 | "description": "Payment Signing Key", 903 | "cborHex": "5820629ebc4ca6ace67f7b427bf728b39aa5d7bb2f8851f88575d8cee8d112a0956c" 904 | } 905 | ``` 906 | ``` json 907 | { 908 | "type": "PaymentVerificationKeyShelley_ed25519", 909 | "description": "Payment Verification Key", 910 | "cborHex": "5820f987631d2e136fc9905f8f7f27a8654a5f86834e118c2873d805f2573e41d0c2" 911 | } 912 | ``` 913 | 914 |
915 | 916 | ## *ed25519-extended keys with a derivation-path* 917 | 918 | ### Generate a keypair from the standard payment path 919 | ``` console 920 | cardano-signer keygen \ 921 | --path 1852H/1815H/0H/0/0 \ 922 | --json-extended 923 | ``` 924 | Output - JSON Format: 925 | ``` json 926 | { 927 | "workMode": "keygen", 928 | "derivationPath": "1852H/1815H/0H/0/0", 929 | "derivationType": "icarus", 930 | "mnemonics": "snap siege fatal leopard label thunder rely trap robot identify someone exclude glance spring right rude tower pluck explain mouse scheme sister onion include", 931 | "secretKey": "60f0a79e0776b4063d7bff8ada6a37b5fb79168d5e844b51e45fa5088eac6558f858251fdfd2fc55488fceb448c5d8f5d1c93cea5505df05efed86efd90ded6d4db6843876f0154e7d5ab14ddec3dacb353b44d38b9a5a03bde142b5cedf52479eeb435bd154d50e80b2980900ac2d8237408ae373daf68d19b6013f5fcd2ef2", 932 | "publicKey": "4db6843876f0154e7d5ab14ddec3dacb353b44d38b9a5a03bde142b5cedf5247", 933 | "XpubKeyHex": "f1d184dc020c90ed0ab318f98b2bbf0b215723d3e68121fba9b12bd5389fa9a3cb01f7d31f63fd73c7406a4381066c747b2cc6eafccbc1f85eb24f664238216a", 934 | "XpubKeyBech": "xpub178gcfhqzpjgw6z4nrruck2alpvs4wg7nu6qjr7afky4a2wyl4x3ukq0h6v0k8ltncaqx5supqek8g7evcm40ej7plp0tynmxgguzz6sm2mv70", 935 | "output": { 936 | "skey": { 937 | "type": "PaymentExtendedSigningKeyShelley_ed25519_bip32", 938 | "description": "Payment Signing Key", 939 | "cborHex": "588060f0a79e0776b4063d7bff8ada6a37b5fb79168d5e844b51e45fa5088eac6558f858251fdfd2fc55488fceb448c5d8f5d1c93cea5505df05efed86efd90ded6d4db6843876f0154e7d5ab14ddec3dacb353b44d38b9a5a03bde142b5cedf52479eeb435bd154d50e80b2980900ac2d8237408ae373daf68d19b6013f5fcd2ef2" 940 | }, 941 | "vkey": { 942 | "type": "PaymentVerificationKeyShelley_ed25519", 943 | "description": "Payment Verification Key", 944 | "cborHex": "58204db6843876f0154e7d5ab14ddec3dacb353b44d38b9a5a03bde142b5cedf5247" 945 | } 946 | } 947 | } 948 | ``` 949 | As you can see, this generates a new keypair with random mnemonics for the given derivation path `1852H/1815H/0H/0/0`. You can also use the format "1852'/1815'/0'/0/0" for the path, just make sure you put the whole path in doublequotes. 950 | 951 | This generated mnemonics are in the Shelley(Icarus) standard BIP39 format and will work with all major wallets like Eternl, Typhoon, etc. 952 | 953 | Also a `Xpub...` key was generated, which can be used to view wallet data in external tracking apps. 954 |
955 | 956 | ### Generate .skey/.vkey files 957 | 958 | Like with the normal ed25519 keys, use the `--out-skey` & `--out-vkey` parameters to directly write out .skey/.vkey files. 959 | ``` console 960 | cardano-signer keygen \ 961 | --path 1852H/1815H/0H/2/0 \ 962 | --json-extended \ 963 | --out-skey stake.skey \ 964 | --out-vkey stake.vkey 965 | ``` 966 | This generates the typical .skey/.vkey files with content like 967 | ``` json 968 | { 969 | "type": "StakeExtendedSigningKeyShelley_ed25519_bip32", 970 | "description": "Stake Signing Key", 971 | "cborHex": "5880f0e78e6c657812e10359bce03c14dda79cd27748571e153f477f0eeca741f049022fe2e261bbda8bcedb96b3ec82eb994b80a739ad0e06fe560f59ae8df50bbea74b785851b0d36b8add6dc24d94112fe18e9fa4e60cc0e420002f77b5ce81482632a8abbe24b57b25912eea26ba686786ea45d4c08d67a8c1207ac219467a82" 972 | } 973 | ``` 974 | ``` json 975 | { 976 | "type": "StakeVerificationKeyShelley_ed25519", 977 | "description": "Stake Verification Key", 978 | "cborHex": "5820a74b785851b0d36b8add6dc24d94112fe18e9fa4e60cc0e420002f77b5ce8148" 979 | } 980 | ``` 981 | 982 |
983 | 984 | ## Generate a keypair from Hardware-Wallet Mnemonics 985 | 986 | ``` console 987 | cardano-signer keygen \ 988 | --path payment \ 989 | --mnemonics "snap siege fatal leopard label thunder rely trap robot identify someone exclude glance spring right rude tower pluck explain mouse scheme sister onion include" \ 990 | --ledger \ 991 | --json-extended 992 | ``` 993 | Output - JSON Format: 994 | ``` json 995 | { 996 | "workMode": "keygen-ledger", 997 | "derivationPath": "1852H/1815H/0H/0/0", 998 | "derivationType": "ledger", 999 | "mnemonics": "snap siege fatal leopard label thunder rely trap robot identify someone exclude glance spring right rude tower pluck explain mouse scheme sister onion include", 1000 | "secretKey": "f80ad0a24e08aaa39136ae52ab007b0e3b9d1d593b3d170fcaa61a322fcdb95d5e3a846ea94ebbf22ac5ab64abd7583404762bb3850f4c3362a46226ee92eec94c0ffded554c9a6eda379450af9f38640f87aff455129f679996e056697d4190a00c5bcb331ad60daf8b5b0a3fe6dfa2ec48c546f6290a9787cadd566807eb91", 1001 | "publicKey": "4c0ffded554c9a6eda379450af9f38640f87aff455129f679996e056697d4190", 1002 | "XpubKeyHex": "58c80020cc2e6c99e801f6caaa296381673c7ea8aed92cb14b5229dc7434acc97c04b33d3aa811847957f4f82965e7d4e2a7273b67f251c22bfca5dcdfd44c03", 1003 | "XpubKeyBech": "xpub1tryqqgxv9ekfn6qp7m9252trs9nncl4g4mvjev2t2g5acap54nyhcp9n85a2syvy09tlf7pfvhnafc48yuak0uj3cg4lefwuml2ycqc3457ta", 1004 | "output": { 1005 | "skey": { 1006 | "type": "PaymentExtendedSigningKeyShelley_ed25519_bip32", 1007 | "description": "Payment Signing Key", 1008 | "cborHex": "5880f80ad0a24e08aaa39136ae52ab007b0e3b9d1d593b3d170fcaa61a322fcdb95d5e3a846ea94ebbf22ac5ab64abd7583404762bb3850f4c3362a46226ee92eec94c0ffded554c9a6eda379450af9f38640f87aff455129f679996e056697d4190a00c5bcb331ad60daf8b5b0a3fe6dfa2ec48c546f6290a9787cadd566807eb91" 1009 | }, 1010 | "vkey": { 1011 | "type": "PaymentVerificationKeyShelley_ed25519", 1012 | "description": "Payment Verification Key", 1013 | "cborHex": "58204c0ffded554c9a6eda379450af9f38640f87aff455129f679996e056697d4190" 1014 | } 1015 | } 1016 | } 1017 | ``` 1018 | As you can see, this generates a new keypair from the given mnemonics. In this example just a standard payment keypair. The used derivation type was set to `Ledger` hardware wallet. 1019 | 1020 |
1021 | 1022 | ## *CIP36 voting keys without/with mnemonics* 1023 | 1024 | ### Generate a keypair from the specific 1694H/1815H/0H/0/0 CIP36 path without mnemonics 1025 | ``` console 1026 | cardano-signer keygen \ 1027 | --cip36 \ 1028 | --json-extended 1029 | ``` 1030 | Output - JSON Format: 1031 | ``` json 1032 | { 1033 | "workMode": "keygen-cip36", 1034 | "derivationPath": "1694H/1815H/0H/0/0", 1035 | "derivationType": "icarus", 1036 | "votePurpose": "Catalyst (0)", 1037 | "mnemonics": "sudden release husband tone know ladder couple timber another human horn humble exit gift depth green aspect annual crawl final garage innocent cluster aisle", 1038 | "secretKey": "38483eb792e0e4daa12a317ffdeaddd72b3dfde549ee174ecaabf14173bb315dbe3f42605e7400f1616a73a4c08b7f6a89d3e3da87adab9c5e8571bc58bf32d336fdc791592d144da05165c89323c98078d4a888bf4d6e4e146192493d23a065e31ab5741b2180735bd168d2d1a0911e874beb32651f7519733444f3df8bc956", 1039 | "publicKey": "36fdc791592d144da05165c89323c98078d4a888bf4d6e4e146192493d23a065", 1040 | "XpubKeyHex": "792ca6f66a4a37769e24de762b4a79a1b4340c5f5388b9e9fc3ad16f63a1188f766b14cd0d5d5bcd2f8c7bdaef983b7539b24911d92c136ef54d78aa61b564c8", 1041 | "XpubKeyBech": "xpub10yk2dan2fgmhd83ymemzkjne5x6rgrzl2wytn60u8tgk7caprz8hv6c5e5x46k7d97x8hkh0nqah2wdjfygajtqndm656792vx6kfjqr7hegx", 1042 | "secretKeyBech": "cvote_sk18pyradujurjd4gf2x9llm6ka6u4nml09f8hpwnk240c5zuamx9wmu06zvp08gq83v9488fxq3dlk4zwnu0dg0tdtn30g2udutzln95eklhrezkfdz3x6q5t9ezfj8jvq0r223z9lf4hyu9rpjfyn6gaqvh334dt5rvscqu6m695d95dqjy0gwjltxfj37agewv6yfu7l30y4v0wn82x", 1043 | "publicKeyBech": "cvote_vk1xm7u0y2e952ymgz3vhyfxg7fspudf2yghaxkuns5vxfyj0fr5pjss26uda", 1044 | "output": { 1045 | "skey": { 1046 | "type": "CIP36VoteExtendedSigningKey_ed25519", 1047 | "description": "undefined Vote Signing Key", 1048 | "cborHex": "588038483eb792e0e4daa12a317ffdeaddd72b3dfde549ee174ecaabf14173bb315dbe3f42605e7400f1616a73a4c08b7f6a89d3e3da87adab9c5e8571bc58bf32d336fdc791592d144da05165c89323c98078d4a888bf4d6e4e146192493d23a065e31ab5741b2180735bd168d2d1a0911e874beb32651f7519733444f3df8bc956" 1049 | }, 1050 | "vkey": { 1051 | "type": "CIP36VoteVerificationKey_ed25519", 1052 | "description": "undefined Vote Verification Key", 1053 | "cborHex": "582036fdc791592d144da05165c89323c98078d4a888bf4d6e4e146192493d23a065" 1054 | } 1055 | } 1056 | } 1057 | ``` 1058 | Providing the `--cip36` flag sets the parameters to generate CIP36 conform voting key. 1059 | 1060 | You can achieve the same result by setting `--path 1694H/1815H/0H/0/0` or using the shortcut `--path cip36`. 1061 | 1062 | Like with the examples before, you can write out .skey/.vkey files if needed. 1063 | 1064 | Such a generated voting key can be used to be included in the CIP36(Catalyst) registration metadata, which can also be generated & signed by cardano-signer. You can delegate Voting-Power to such a voting key. Later on you can restore a Wallet in a dApp enabled LightWallet like Eternl with the generated mnemonics to do the Voting via the VotingCenter. 1065 | 1066 |
1067 | 1068 | ### Generate a keypair with given mnemonics 1069 | ``` console 1070 | cardano-signer keygen \ 1071 | --path 1694H/1815H/0H/0/0 \ 1072 | --mnemonics "noise dad blood spell fiber valley pact dial nest arrow umbrella addict skill excuse duty hover lyrics enrich now zebra draft sample city hair" \ 1073 | --json-extended 1074 | ``` 1075 | Output - JSON Format: 1076 | ``` json 1077 | { 1078 | "workMode": "keygen", 1079 | "derivationPath": "1694H/1815H/0H/0/0", 1080 | "votePurpose": "Catalyst (0)", 1081 | "mnemonics": "noise dad blood spell fiber valley pact dial nest arrow umbrella addict skill excuse duty hover lyrics enrich now zebra draft sample city hair", 1082 | "secretKey": "106c158474bf7cc634bd4368c69d83a0d9930fbb8036f4905beec7b5f82e6547ad08887117afa7c7fb452e831c1c157d53168b5ccf2a349964485be877d69cf88f1c138a9a1d9c54c38881cdd46aeaf7b409c2dab30d168344934d34299a6dea5744838cd3d3916f0cda808bb91f512162cc58be3ca9b87cb4b69db7e5558861", 1083 | "publicKey": "8f1c138a9a1d9c54c38881cdd46aeaf7b409c2dab30d168344934d34299a6dea", 1084 | "XpubKeyHex": "81d2f04ba976badf5f83711c904898f26f08c64de2185b3fb3c46fdb7f37bae4e093e35996924a30f98a169d862f57b248cb95eb77ba50ce4d24b76c1859e21a", 1085 | "XpubKeyBech": "xpub1s8f0qjafw6ad7hurwywfqjyc7fhs33jdugv9k0anc3haklehhtjwpylrtxtfyj3slx9pd8vx9atmyjxtjh4h0wjseexjfdmvrpv7yxsku9k6z", 1086 | "secretKeyBech": "cvote_sk1zpkptpr5ha7vvd9agd5vd8vr5rvexramsqm0fyzmamrmt7pwv4r66zygwyt6lf78ldzjaqcurs2h65ck3dwv7235n9jysklgwltfe7y0rsfc4xsan32v8zypeh2x46hhksyu9k4np5tgx3ynf56znxndaft5fquv60fezmcvm2qghwgl2ysk9nzchc72nwrukjmfmdl92kyxzczy5xl", 1087 | "publicKeyBech": "cvote_vk13uwp8z56rkw9fsugs8xag6h2776qnsk6kvx3dq6yjdxng2v6dh4qtskqms", 1088 | "output": { 1089 | "skey": { 1090 | "type": "CIP36VoteExtendedSigningKey_ed25519", 1091 | "description": "undefined Vote Signing Key", 1092 | "cborHex": "5880106c158474bf7cc634bd4368c69d83a0d9930fbb8036f4905beec7b5f82e6547ad08887117afa7c7fb452e831c1c157d53168b5ccf2a349964485be877d69cf88f1c138a9a1d9c54c38881cdd46aeaf7b409c2dab30d168344934d34299a6dea5744838cd3d3916f0cda808bb91f512162cc58be3ca9b87cb4b69db7e5558861" 1093 | }, 1094 | "vkey": { 1095 | "type": "CIP36VoteVerificationKey_ed25519", 1096 | "description": "undefined Vote Verification Key", 1097 | "cborHex": "58208f1c138a9a1d9c54c38881cdd46aeaf7b409c2dab30d168344934d34299a6dea" 1098 | } 1099 | } 1100 | } 1101 | ``` 1102 | If you provide mnemonics via the `--mnemonics` parameter, these mnemonics will be used to derive the keys from. So you can also for example convert your Daedalus Wallet into .skey/.vkey files. 1103 |
1104 | 1105 | ## *dRep keys without/with mnemonics* 1106 | 1107 | ### Generate a keypair from the dRep specific path 1852H/1815H/0H/3/0 without mnemonics 1108 | ``` console 1109 | cardano-signer keygen \ 1110 | --path drep \ 1111 | --json-extended 1112 | ``` 1113 | Output - JSON Format: 1114 | ``` json 1115 | { 1116 | "workMode": "keygen", 1117 | "derivationPath": "1852H/1815H/0H/3/0", 1118 | "derivationType": "icarus", 1119 | "mnemonics": "spirit poverty boring zero banner argue cream bag damage menu purity project scatter harsh moment exit tribe security autumn bar olive defy slight mirror", 1120 | "secretKey": "00ff6013126074c9cfa811c3b7fe02c92d90b7eab4917067043b83f11a9cff4aab46e483282e058b8626a21441c337b26124d2d6cdf9ad8cf90ed179a74c5381395392af20002accd13ca5e4fe1860882ebe2f7f736f7004e39512feb25241af9ee678410593fb9a10d10f21b18457502bfb578d168acfb9bf7418a662bf17bd", 1121 | "publicKey": "395392af20002accd13ca5e4fe1860882ebe2f7f736f7004e39512feb25241af", 1122 | "XpubKeyHex": "a91179e1ab2f8b7866f27a298b8004aab4981739b106fbf96b877bde63a400fe02bb92856c70bffb4389b815e64cafda1a14b447489324153d1075fdd8ea051d", 1123 | "XpubKeyBech": "xpub14yghncdt979hsehj0g5chqqy426fs9eekyr0h7ttsaaaucayqrlq9wujs4k8p0lmgwyms90xfjha5xs5k3r53yeyz573qa0amr4q28g9pgywh", 1124 | "drepIdHex": "f05f78a15b2db995bee537ce2e8220c068c5be44422eed27e129ac71", 1125 | "drepIdBech": "drep17p0h3g2m9kuet0h9xl8zaq3qcp5vt0jygghw6flp9xk8z7cz8zm", 1126 | "secretKeyBech": "drep_sk1qrlkqycjvp6vnnagz8pm0lszeykepdl2kjghqecy8wplzx5ula92k3hysv5zupvtscn2y9zpcvmmycfy6ttvm7dd3nusa5te5ax98qfe2wf27gqq9txdz099unlpscyg96lz7lmndacqfcu4ztlty5jp470wv7zpqkflhxss6y8jrvvy2agzh76h35tg4naeha6p3fnzhutm6jmxnf3", 1127 | "publicKeyBech": "drep_vk189fe9teqqq4ve5fu5hj0uxrq3qhtutmlwdhhqp8rj5f0avjjgxhsu2h6h8", 1128 | "output": { 1129 | "skey": { 1130 | "type": "DRepExtendedSigningKey_ed25519_bip32", 1131 | "description": "Delegate Representative Signing Key", 1132 | "cborHex": "588000ff6013126074c9cfa811c3b7fe02c92d90b7eab4917067043b83f11a9cff4aab46e483282e058b8626a21441c337b26124d2d6cdf9ad8cf90ed179a74c5381395392af20002accd13ca5e4fe1860882ebe2f7f736f7004e39512feb25241af9ee678410593fb9a10d10f21b18457502bfb578d168acfb9bf7418a662bf17bd" 1133 | }, 1134 | "vkey": { 1135 | "type": "DRepVerificationKey_ed25519", 1136 | "description": "Delegate Representative Verification Key", 1137 | "cborHex": "5820395392af20002accd13ca5e4fe1860882ebe2f7f736f7004e39512feb25241af" 1138 | } 1139 | } 1140 | } 1141 | ``` 1142 | As you can see, the path is recognized as a dRep Signing/Verification key path. 1143 | 1144 | You can achieve the same result by setting `--path 1852H/1815H/0H/3/0`. 1145 | 1146 | Like with the examples before, you can write out .skey/.vkey files if needed. 1147 | 1148 | Such a generated key can be used to register it on chain as your dRep key. You can also use the generated mnemonics to create a new wallet on a LightWallet like Eternl, if you like to have your keys synced. 1149 | 1150 |
1151 | 1152 | ### Generate a keypair with given mnemonics and with an extended verification key as an example 1153 | ``` console 1154 | cardano-signer keygen \ 1155 | --path 1852H/1815H/0H/3/0 \ 1156 | --mnemonics "spirit poverty boring zero banner argue cream bag damage menu purity project scatter harsh moment exit tribe security autumn bar olive defy slight mirror" \ 1157 | --vkey-extended 1158 | --json-extended 1159 | ``` 1160 | Output - JSON Format: 1161 | ``` json 1162 | { 1163 | "workMode": "keygen", 1164 | "derivationPath": "1852H/1815H/0H/3/0", 1165 | "derivationType": "icarus", 1166 | "mnemonics": "spirit poverty boring zero banner argue cream bag damage menu purity project scatter harsh moment exit tribe security autumn bar olive defy slight mirror", 1167 | "secretKey": "00ff6013126074c9cfa811c3b7fe02c92d90b7eab4917067043b83f11a9cff4aab46e483282e058b8626a21441c337b26124d2d6cdf9ad8cf90ed179a74c5381395392af20002accd13ca5e4fe1860882ebe2f7f736f7004e39512feb25241af9ee678410593fb9a10d10f21b18457502bfb578d168acfb9bf7418a662bf17bd", 1168 | "publicKey": "395392af20002accd13ca5e4fe1860882ebe2f7f736f7004e39512feb25241af9ee678410593fb9a10d10f21b18457502bfb578d168acfb9bf7418a662bf17bd", 1169 | "XpubKeyHex": "a91179e1ab2f8b7866f27a298b8004aab4981739b106fbf96b877bde63a400fe02bb92856c70bffb4389b815e64cafda1a14b447489324153d1075fdd8ea051d", 1170 | "XpubKeyBech": "xpub14yghncdt979hsehj0g5chqqy426fs9eekyr0h7ttsaaaucayqrlq9wujs4k8p0lmgwyms90xfjha5xs5k3r53yeyz573qa0amr4q28g9pgywh", 1171 | "drepIdHex": "1d40bb22a16442babf911c345736c4d4e07fcc3b3444690785764141", 1172 | "drepIdBech": "drep1r4qtkg4pv3pt40u3rs69wdky6ns8lnpmx3zxjpu9weq5z68dgyg", 1173 | "secretKeyBech": "drep_sk1qrlkqycjvp6vnnagz8pm0lszeykepdl2kjghqecy8wplzx5ula92k3hysv5zupvtscn2y9zpcvmmycfy6ttvm7dd3nusa5te5ax98qfe2wf27gqq9txdz099unlpscyg96lz7lmndacqfcu4ztlty5jp470wv7zpqkflhxss6y8jrvvy2agzh76h35tg4naeha6p3fnzhutm6jmxnf3", 1174 | "publicKeyBech": "drep_vk189fe9teqqq4ve5fu5hj0uxrq3qhtutmlwdhhqp8rj5f0avjjgxheaencgyze87u6zrgs7gd3s3t4q2lm27x3dzk0hxlhgx9xv2l300gge7d87", 1175 | "output": { 1176 | "skey": { 1177 | "type": "DRepExtendedSigningKey_ed25519_bip32", 1178 | "description": "Delegate Representative Signing Key", 1179 | "cborHex": "588000ff6013126074c9cfa811c3b7fe02c92d90b7eab4917067043b83f11a9cff4aab46e483282e058b8626a21441c337b26124d2d6cdf9ad8cf90ed179a74c5381395392af20002accd13ca5e4fe1860882ebe2f7f736f7004e39512feb25241af9ee678410593fb9a10d10f21b18457502bfb578d168acfb9bf7418a662bf17bd" 1180 | }, 1181 | "vkey": { 1182 | "type": "DRepExtendedVerificationKey_ed25519_bip32", 1183 | "description": "Delegate Representative Verification Key", 1184 | "cborHex": "5840395392af20002accd13ca5e4fe1860882ebe2f7f736f7004e39512feb25241af9ee678410593fb9a10d10f21b18457502bfb578d168acfb9bf7418a662bf17bd" 1185 | } 1186 | } 1187 | } 1188 | ``` 1189 | If you provide mnemonics via the `--mnemonics` parameter, these mnemonics will be used to derive the keys from. So you can also for example convert your LightWallet (Eternl, Typhon, ...) into .skey/.vkey files. 1190 |
1191 | 1192 | ## *Constitutional Commitee Member Cold/Hot keys* 1193 | 1194 | ### Generate a CC-Cold keypair from the specific path 1852H/1815H/0H/4/0 1195 | ``` console 1196 | cardano-signer keygen \ 1197 | --path cc-cold \ 1198 | --json-extended 1199 | ``` 1200 | Output - JSON Format: 1201 | ``` json 1202 | { 1203 | "workMode": "keygen", 1204 | "derivationPath": "1852H/1815H/0H/4/0", 1205 | "derivationType": "icarus", 1206 | "mnemonics": "cotton thunder useful social state soft engage member rent subject kite earn forget robot coral depart future betray seed bag acquire enlist time primary", 1207 | "secretKey": "f07d70ee6fe6319bc265256077570a59b715312cf3c268547b7c4da966bc9e5568a67ca09e0f2ccbbbdd4b7c8563bb2e51529da43f2b77fe6db02371aa6dfba168c0ddf7e28f4a1060db367e1b3ec8dc1fa2c6eee2c9e92a7a45f0f4d026b093addcc291d29055a5407e99dcfce83436cf9369a09919bf5e653c680b6b418159", 1208 | "publicKey": "68c0ddf7e28f4a1060db367e1b3ec8dc1fa2c6eee2c9e92a7a45f0f4d026b093", 1209 | "XpubKeyHex": "6a86bb2d7eed40af0fc6bc96bb22cfdfac484570fbf20720e9af467418c12e13abe8b00e84b388298548608477c6ab410ab98582e2457faaf9642e7edcb191fc", 1210 | "XpubKeyBech": "xpub1d2rtktt7a4q27r7xhjttkgk0m7kys3tsl0eqwg8f4ar8gxxp9cf6h69sp6zt8zpfs4yxpprhc645zz4eskpwy3tl4tukgtn7mjcerlq6h05gk", 1211 | "ccColdIdHex": "12de8a19ab0a95aafdb881bf4bdfb092207e89ec2fa0c43be73dbcf1", 1212 | "ccColdIdBech": "cc_cold1zt0g5xdtp2264ldcsxl5hhasjgs8az0v97svgwl88k70zezc2s3", 1213 | "secretKeyBech": "cc_cold_xsk17p7hpmn0uccehsn9y4s8w4c2txm32vfv70pxs4rm03x6je4une2k3fnu5z0q7txth0w5kly9vwaju52jnkjr72mhlekmqgm34fklhgtgcrwl0c50fggxpkek0cdnajxur73vdmhze85j57j97r6dqf4sjwkaes5362g9tf2q06vael8gxsmvlymf5zv3n067v57xszmtgxq4j9q305j", 1214 | "publicKeyBech": "cc_cold_vk1drqdmalz3a9pqcxmxelpk0kgms0693hwuty7j2n6ghc0f5pxkzfsul89qx", 1215 | "output": { 1216 | "skey": { 1217 | "type": "ConstitutionalCommitteeColdExtendedSigningKey_ed25519_bip32", 1218 | "description": "Constitutional Committee Cold Extended Signing Key", 1219 | "cborHex": "5880f07d70ee6fe6319bc265256077570a59b715312cf3c268547b7c4da966bc9e5568a67ca09e0f2ccbbbdd4b7c8563bb2e51529da43f2b77fe6db02371aa6dfba168c0ddf7e28f4a1060db367e1b3ec8dc1fa2c6eee2c9e92a7a45f0f4d026b093addcc291d29055a5407e99dcfce83436cf9369a09919bf5e653c680b6b418159" 1220 | }, 1221 | "vkey": { 1222 | "type": "ConstitutionalCommitteeColdVerificationKey_ed25519", 1223 | "description": "Constitutional Committee Cold Verification Key", 1224 | "cborHex": "582068c0ddf7e28f4a1060db367e1b3ec8dc1fa2c6eee2c9e92a7a45f0f4d026b093" 1225 | } 1226 | } 1227 | } 1228 | ``` 1229 | As you can see, the path is recognized as a CC-Cold Signing/Verification key path. 1230 | 1231 | You can achieve the same result by setting `--path 1852H/1815H/0H/4/0`. 1232 | 1233 | Like with the examples before, you can directly also write out .skey/.vkey files if needed. 1234 | 1235 | **If you wanna use your own mnemonics, just provide them via the `--mnemonics` parameter!** 1236 | 1237 |
1238 | 1239 | ### Generate a CC-Hot keypair from the specific path 1852H/1815H/0H/5/0 1240 | ``` console 1241 | cardano-signer keygen \ 1242 | --path cc-hot \ 1243 | --json-extended 1244 | ``` 1245 | Output - JSON Format: 1246 | ``` json 1247 | { 1248 | "workMode": "keygen", 1249 | "derivationPath": "1852H/1815H/0H/5/0", 1250 | "derivationType": "icarus", 1251 | "mnemonics": "knock advance olympic table pride melody cause kick govern pass manual liberty warfare zero now meat confirm chronic amount powder three limb patient ball", 1252 | "secretKey": "401299d0380dec82d938092673de937c634338976bd246b86b9ddcd69838b654b87c0afa9d08df7bbfec137e8b2f98e48de0c01225f7b278b37efad1dfbbaefc344ece677d4931d596210917c7ba6125b6253dd4431a0c886369555235f385a093bca3010d9dadba7489f0f5ec9a7a43239b06326e9fbb3d7685ecf719b90738", 1253 | "publicKey": "344ece677d4931d596210917c7ba6125b6253dd4431a0c886369555235f385a0", 1254 | "XpubKeyHex": "7da8b212c1a0364f2fd08707f8e132a07d67c3e86e50e8f243ba8688403011bd3adfe9de3beed77354ca01887337a3779783250e20d2705a40d930d45220f6cb", 1255 | "XpubKeyBech": "xpub10k5tyykp5qmy7t7ssurl3cfj5p7k0slgdegw3ujrh2rgsspszx7n4hlfmca7a4mn2n9qrzrnx73h09ury58zp5nstfqdjvx52gs0djcpqjpv0", 1256 | "ccHotIdHex": "644d25e82ba444e6bc4f6141968f5f626ac26669d9952f682cdbc90f", 1257 | "ccHotIdBech": "cc_hot1v3xjt6pt53zwd0z0v9qedr6lvf4vyenfmx2j76pvm0ys7qcljwa", 1258 | "secretKeyBech": "cc_hot_xsk1gqffn5pcphkg9kfcpyn88h5n0335xwyhd0fydwrtnhwddxpcke2tslq2l2ws3hmmhlkpxl5t97vwfr0qcqfztaaj0zeha7k3m7a6alp5fm8xwl2fx82evggfzlrm5cf9kcjnm4zrrgxgscmf24frtuu95zfmegcppkw6mwn538c0tmy60fpj8xcxxfhflweaw6z7eacehyrnsf69qu2", 1259 | "publicKeyBech": "cc_hot_vk1x38vuemafycat93ppytu0wnpykmz20w5gvdqezrrd924yd0nsksqah2clh", 1260 | "output": { 1261 | "skey": { 1262 | "type": "ConstitutionalCommitteeHotExtendedSigningKey_ed25519_bip32", 1263 | "description": "Constitutional Committee Hot Extended Signing Key", 1264 | "cborHex": "5880401299d0380dec82d938092673de937c634338976bd246b86b9ddcd69838b654b87c0afa9d08df7bbfec137e8b2f98e48de0c01225f7b278b37efad1dfbbaefc344ece677d4931d596210917c7ba6125b6253dd4431a0c886369555235f385a093bca3010d9dadba7489f0f5ec9a7a43239b06326e9fbb3d7685ecf719b90738" 1265 | }, 1266 | "vkey": { 1267 | "type": "ConstitutionalCommitteeHotVerificationKey_ed25519", 1268 | "description": "Constitutional Committee Hot Verification Key", 1269 | "cborHex": "5820344ece677d4931d596210917c7ba6125b6253dd4431a0c886369555235f385a0" 1270 | } 1271 | } 1272 | } 1273 | ``` 1274 | As you can see, the path is recognized as a CC-Hot Signing/Verification key path. 1275 | 1276 | You can achieve the same result by setting `--path 1852H/1815H/0H/5/0`. 1277 | 1278 | Like with the examples before, you can directly also write out .skey/.vkey files if needed. 1279 | 1280 | **If you wanna use your own mnemonics, just provide them via the `--mnemonics` parameter!** 1281 | 1282 |  

 

1283 | 1284 | # CIP-100 / CIP-108 / CIP-119 mode 1285 | 1286 | ## Sign governance metadata and add author(s) field 1287 | 1288 | ![image](https://github.com/user-attachments/assets/06217286-dd0c-4536-bc27-201fd5d5ea72) 1289 | 1290 | If you input a JSONLD governance file (context part not shown) like 1291 | ```json 1292 | { 1293 | ... 1294 | "hashAlgorithm": "blake2b-256", 1295 | "body": { 1296 | "title": "Example CIP108(+CIP100) metadata", 1297 | "abstract": "This metadata was generated to test out db-sync, SPO-Scripts, Koios and other tools...", 1298 | "motivation": "This must work, should be motivation enough.", 1299 | "rationale": "Let's keep testing stuff", 1300 | "references": [ 1301 | { 1302 | "@type": "Other", 1303 | "label": "SanchoNet", 1304 | "uri": "https://sancho.network" 1305 | } 1306 | ], 1307 | "comment": "This is an example CIP-108 metadata-file... testing SPO-Scripts, Koios and Co.", 1308 | "externalUpdates": [ 1309 | { 1310 | "title": "SPO Scripts", 1311 | "uri": "https://github.com/gitmachtl/scripts" 1312 | }, 1313 | { 1314 | "title": "Koios", 1315 | "uri": "https://koios.rest" 1316 | } 1317 | ] 1318 | } 1319 | } 1320 | ``` 1321 | and running 1322 | ``` console 1323 | cardano-signer.js sign --cip100 \ 1324 | --data-file CIP108-example.json \ 1325 | --secret-key dummy.skey \ 1326 | --author-name "The great Name" \ 1327 | --out-file CIP108-example-signed.json 1328 | ``` 1329 | 1330 | generates you the governance metadata file with the added signature: 1331 | ```json 1332 | { 1333 | ... 1334 | "hashAlgorithm": "blake2b-256", 1335 | "body": { 1336 | "title": "Example CIP108(+CIP100) metadata", 1337 | "abstract": "This metadata was generated to test out db-sync, SPO-Scripts, Koios and other tools...", 1338 | "motivation": "This must work, should be motivation enough.", 1339 | "rationale": "Let's keep testing stuff", 1340 | "references": [ 1341 | { 1342 | "@type": "Other", 1343 | "label": "SanchoNet", 1344 | "uri": "https://sancho.network" 1345 | } 1346 | ], 1347 | "comment": "This is an example CIP-108 metadata-file... testing SPO-Scripts, Koios and Co.", 1348 | "externalUpdates": [ 1349 | { 1350 | "title": "SPO Scripts", 1351 | "uri": "https://github.com/gitmachtl/scripts" 1352 | }, 1353 | { 1354 | "title": "Koios", 1355 | "uri": "https://koios.rest" 1356 | } 1357 | ] 1358 | }, 1359 | "authors": [ 1360 | { 1361 | "name": "The great Name", 1362 | "witness": { 1363 | "witnessAlgorithm": "ed25519", 1364 | "publicKey": "755b017578b701dc9ddd4eaee67015b4ca8baf66293b7b1d204df426c0ceccb9", 1365 | "signature": "8b579ba2cb9bcb2355e550a67865d56017d4696a4a48f8db5218a92a7f85bb3ddcde13500b89531c68a3f52deb83ca45f1987ea048500e11feee26847cb6b900" 1366 | } 1367 | } 1368 | ] 1369 | } 1370 | ``` 1371 | 1372 | Cardano-Signer is doing the following steps to sign the document: 1373 | * check that the provided input data is a valid JSON file 1374 | * canonize the `@context` and `body` part via URDNA2015 method and hash it via black2b-256 method 1375 | * check that the `hashAlgorithm` is `black2b-256` 1376 | * check any preexisting `authors` array entry to be valid 1377 | * check that there is no duplicated public-key entry 1378 | * sign the canonized hash with the provided secret-key and author-name 1379 | 1380 | Additional authors can be added by simply running the same command multiple times! 1381 | 1382 | Also, if you write out the new file directly via the `--out-file` parameter, the output of cardano-signer becomes a json with the basic infos of the new file, including the `anchorHash`. Ready do be used with governance on Cardano. 1383 | ```json 1384 | { 1385 | "workMode": "sign-cip100", 1386 | "outFile": "CIP108-example-signed.json", 1387 | "anchorHash": "8723898521770d095f522a3976f8318128f97ae10b8cd97da0f66dd29f849f80" 1388 | } 1389 | ``` 1390 | 1391 |
1392 | 1393 | ## Verify governance metadata and the author(s) signatures 1394 | 1395 | ![image](https://github.com/user-attachments/assets/97598a29-70f1-4e95-8f3f-deae8f832fb6) 1396 | 1397 | As we already learned, you can use cardano-signer to sign a governance metadata file with author signatures. This function is doing the verification of such documents. 1398 | 1399 | Lets use the same document that we generated above: 1400 | 1401 | ``` console 1402 | cardano-signer verify --cip100 \ 1403 | --data-file CIP108-example-signed.json \ 1404 | --json-extended 1405 | ``` 1406 | 1407 | This gives us the following result: 1408 | ```json 1409 | { 1410 | "workMode": "verify-cip100", 1411 | "result": true, 1412 | "errorMsg": "", 1413 | "authors": [ 1414 | { 1415 | "name": "The great Name", 1416 | "publicKey": "755b017578b701dc9ddd4eaee67015b4ca8baf66293b7b1d204df426c0ceccb9", 1417 | "signature": "8b579ba2cb9bcb2355e550a67865d56017d4696a4a48f8db5218a92a7f85bb3ddcde13500b89531c68a3f52deb83ca45f1987ea048500e11feee26847cb6b900", 1418 | "valid": true 1419 | } 1420 | ], 1421 | "canonizedHash": "8b5db60af5d673fcff7c352db569bff595c3279d3db23f2b607607bd694496d1", 1422 | "body": { 1423 | "title": "Example CIP108(+CIP100) metadata", 1424 | "abstract": "This metadata was generated to test out db-sync, SPO-Scripts, Koios and other tools...", 1425 | "motivation": "This must work, should be motivation enough.", 1426 | "rationale": "Let's keep testing stuff", 1427 | "references": [ 1428 | { 1429 | "@type": "Other", 1430 | "label": "SanchoNet", 1431 | "uri": "https://sancho.network" 1432 | } 1433 | ], 1434 | "comment": "This is an example CIP-108 metadata-file... testing SPO-Scripts, Koios and Co.", 1435 | "externalUpdates": [ 1436 | { 1437 | "title": "SPO Scripts", 1438 | "uri": "https://github.com/gitmachtl/scripts" 1439 | }, 1440 | { 1441 | "title": "Koios", 1442 | "uri": "https://koios.rest" 1443 | } 1444 | ] 1445 | }, 1446 | "canonizedBody": [ 1447 | "_:c14n0 \"This is an example CIP-108 metadata-file... testing SPO-Scripts, Koios and Co.\"@en-us .", 1448 | "_:c14n0 _:c14n1 .", 1449 | "_:c14n0 _:c14n3 .", 1450 | "_:c14n0 \"This metadata was generated to test out db-sync, SPO-Scripts, Koios and other tools...\"@en-us .", 1451 | "_:c14n0 \"This must work, should be motivation enough.\"@en-us .", 1452 | "_:c14n0 \"Let's keep testing stuff\"@en-us .", 1453 | "_:c14n0 _:c14n2 .", 1454 | "_:c14n0 \"Example CIP108(+CIP100) metadata\"@en-us .", 1455 | "_:c14n1 \"SPO Scripts\"@en-us .", 1456 | "_:c14n1 \"https://github.com/gitmachtl/scripts\"@en-us .", 1457 | "_:c14n2 .", 1458 | "_:c14n2 \"SanchoNet\"@en-us .", 1459 | "_:c14n2 \"https://sancho.network\"@en-us .", 1460 | "_:c14n3 \"Koios\"@en-us .", 1461 | "_:c14n3 \"https://koios.rest\"@en-us .", 1462 | "_:c14n4 _:c14n0 ." 1463 | ] 1464 | } 1465 | ``` 1466 | 1467 | There are some interesting fields to notice: 1468 | * `result` : will be `true` or `false` -> this is an overall check result 1469 | * `errorMsg` : this is a freeform text, describing any found issues in the document 1470 | * `authors` : this is an array of all authors in the document and the signature verification result in the `valid` field 1471 | * `canonizedHash` : this holds the hash of the canonized body 1472 | * `canonizedBody` : this outputs the canonized body in case you wanna use it for debugging. the next function `canonize` below can also directly write out that canonized body for further usage. 1473 | 1474 |
1475 | 1476 | ## Canonize & Hash the body of governance metadata 1477 | 1478 | ![image](https://github.com/user-attachments/assets/9fe8403d-e43d-4469-9466-5ee7c07cacb0) 1479 | 1480 | In this mode you can provide a governance metadata json/jsonld file to cardano-signer to canonize 1481 | and hash the @context+body content. The hash is needed for verification and signing of the document authors. 1482 | 1483 | ``` console 1484 | cardano-signer canonize --cip100 --data-file CIP108-example.json 1485 | ``` 1486 | Output - Hash of the canonized body content(hex) : 1487 | ``` 1488 | 8b5db60af5d673fcff7c352db569bff595c3279d3db23f2b607607bd694496d1 1489 | ``` 1490 | 1491 | You can also generate a nice json output via the `--json` or `--json-extended` flag 1492 | ``` console 1493 | cardano-signer canonize --cip100 \ 1494 | --data-file CIP108-example.json \ 1495 | --json-extended 1496 | ``` 1497 | ``` json 1498 | { 1499 | "workMode": "hash-cip100", 1500 | "canonizedHash": "8b5db60af5d673fcff7c352db569bff595c3279d3db23f2b607607bd694496d1", 1501 | "body": { 1502 | "title": "Example CIP108(+CIP100) metadata", 1503 | "abstract": "This metadata was generated to test out db-sync, SPO-Scripts, Koios and other tools...", 1504 | "motivation": "This must work, should be motivation enough.", 1505 | "rationale": "Let's keep testing stuff", 1506 | "references": [ 1507 | { 1508 | "@type": "Other", 1509 | "label": "SanchoNet", 1510 | "uri": "https://sancho.network" 1511 | } 1512 | ], 1513 | "comment": "This is an example CIP-108 metadata-file... testing SPO-Scripts, Koios and Co.", 1514 | "externalUpdates": [ 1515 | { 1516 | "title": "SPO Scripts", 1517 | "uri": "https://github.com/gitmachtl/scripts" 1518 | }, 1519 | { 1520 | "title": "Koios", 1521 | "uri": "https://koios.rest" 1522 | } 1523 | ] 1524 | }, 1525 | "canonizedBody": [ 1526 | "_:c14n0 \"This is an example CIP-108 metadata-file... testing SPO-Scripts, Koios and Co.\"@en-us .", 1527 | "_:c14n0 _:c14n1 .", 1528 | "_:c14n0 _:c14n3 .", 1529 | "_:c14n0 \"This metadata was generated to test out db-sync, SPO-Scripts, Koios and other tools...\"@en-us .", 1530 | "_:c14n0 \"This must work, should be motivation enough.\"@en-us .", 1531 | "_:c14n0 \"Let's keep testing stuff\"@en-us .", 1532 | "_:c14n0 _:c14n2 .", 1533 | "_:c14n0 \"Example CIP108(+CIP100) metadata\"@en-us .", 1534 | "_:c14n1 \"SPO Scripts\"@en-us .", 1535 | "_:c14n1 \"https://github.com/gitmachtl/scripts\"@en-us .", 1536 | "_:c14n2 .", 1537 | "_:c14n2 \"SanchoNet\"@en-us .", 1538 | "_:c14n2 \"https://sancho.network\"@en-us .", 1539 | "_:c14n3 \"Koios\"@en-us .", 1540 | "_:c14n3 \"https://koios.rest\"@en-us .", 1541 | "_:c14n4 _:c14n0 ." 1542 | ] 1543 | } 1544 | ``` 1545 | 1546 | If you're interested in the **raw canonized data**, that can be written out to an extra file using the `--out-canonized` parameter like: 1547 | ``` console 1548 | cardano-signer canonize --cip100 \ 1549 | --data-file CIP108-example.json \ 1550 | --out-canonized CIP108-example.canonized \ 1551 | --json-extended 1552 | ``` 1553 | And of course you can write out the plaintext or json output also directly to a file like with the other functions. This is simply done by using the `--out-file` parameter. 1554 | 1555 |

 

  1556 | 1557 | # CIP-88v2 Calidus Pool-Key mode 1558 | 1559 | Cardano-Signer can Sign and Verify the so called Calidus Pool-Key registration metadata. The Calidus Pool-Key is used to identify/authorize pool ownership for public/private services without the need to go thru a VRF-Secret-Key signing process. 1560 | The Calidus Pool-Key can be used on the CLI and with LightWallets directly in the Browser for Identification/Login/Authorization/etc. If you wanna update to a new Calidus Key, just generate a new one and register it for the pool. 1561 | You only need to sign the registration metadata once with your Stakepool Cold-Key, after that you can use the Calidus Key for various services on a daily base. No need to use the Stakepool Cold-Key or the VRF Secret-Key anymore. 1562 | Its a standard ed25519 signing/verification in the end, so there are plenty of libs available for the integration in own services/dApps. 1563 | 1564 | ## *Signing - Generate the registration metadata* 1565 | 1566 | ![image](https://github.com/user-attachments/assets/35e7db4d-c744-4b19-bb03-257d20492b3b) 1567 | 1568 | Generating the registration metadata with Cardano-Signer is easy. All you need is the Calidus Public-Key as a `*.vkey` file, hex or bech format. You also need the Stakepool Cold-Key for the signing. 1569 | 1570 | ### 1. Generate a new Calidus Key with Mnemonics 1571 | 1572 | If there is not already a Calidus Key, than we have to generate a new one first. Its a good idea to directly do this with mnemonics generation, so you can import those mnemonics later on in a LightWallet. 1573 | We can use the standard `--path calidus` for this. Lets generate ourself a new Calidus key with the name `myCalidusKey`: 1574 | 1575 | ``` console 1576 | cardano-signer keygen --path calidus \ 1577 | --out-skey myCalidusKey.skey \ 1578 | --out-vkey myCalidusKey.vkey \ 1579 | --json-extended 1580 | ``` 1581 | The output in json format: 1582 | ``` json 1583 | { 1584 | "workMode": "keygen", 1585 | "derivationPath": "1852H/1815H/0H/0/0", 1586 | "derivationType": "icarus", 1587 | "mnemonics": "cinnamon brief fuel rotate horror author film noble enough priority hat wide glimpse occur clutch motor marble manage donor say bronze coach bamboo crime", 1588 | "rootKey": "a85b969997cb688b51c2f6d7acfb0709e34ac5acd75899c9e24c0027dc329d5474d09224ae7f0cf81424c71452db9632647e1185aa10fa14b9dc7f0c54acb404ba255eff1175274f86892fffa07dffdf346bd80b543e50b71bb74aaaef88d0ea", 1589 | "secretKey": "1053a319c116a0d2a1598a942c62741c275558512d72a8723f41c317e7329d5415fb9a06bdef60b5b65e86f20aa92e80d3af1e3e6684d760b2de7681af904ee7699e69a1f6142252fcc44ca2832ef7f90c94c5860a24fba3efbbd8f5e319b1fa0ed434d5f7998854cf1073e74e29078feaa93909f4e12d1c6e8d1e3ac977b9ac", 1590 | "publicKey": "699e69a1f6142252fcc44ca2832ef7f90c94c5860a24fba3efbbd8f5e319b1fa", 1591 | "XpubKeyHex": "8799250d456ac16ea07df64f7868e4c37160b0a1497f6c569d00b388f69186477f501827598a57f204bd5552abc444ffa8e3c216a9ab96f622a89aef598c3804", 1592 | "XpubKeyBech": "xpub1s7vj2r29dtqkagra7e8hs68ycdckpv9pf9lkc45aqzec3a53serh75qcyavc54ljqj74254tc3z0l28rcgt2n2uk7c323xh0txxrspq0jdyqy", 1593 | "output": { 1594 | "skey": { 1595 | "type": "PaymentExtendedSigningKeyShelley_ed25519_bip32", 1596 | "description": "Calidus Pool Signing Key", 1597 | "cborHex": "58801053a319c116a0d2a1598a942c62741c275558512d72a8723f41c317e7329d5415fb9a06bdef60b5b65e86f20aa92e80d3af1e3e6684d760b2de7681af904ee7699e69a1f6142252fcc44ca2832ef7f90c94c5860a24fba3efbbd8f5e319b1fa0ed434d5f7998854cf1073e74e29078feaa93909f4e12d1c6e8d1e3ac977b9ac" 1598 | }, 1599 | "vkey": { 1600 | "type": "PaymentVerificationKeyShelley_ed25519", 1601 | "description": "Calidus Pool Verification Key", 1602 | "cborHex": "5820699e69a1f6142252fcc44ca2832ef7f90c94c5860a24fba3efbbd8f5e319b1fa" 1603 | } 1604 | } 1605 | } 1606 | ``` 1607 | 1608 | Cardano-Signer generated a new key-pair for you `myCalidusKey.skey & myCalidusKey.vkey`. You can also see the used mnemonics for the key generation. This mnemonic can be reused in a LightWallet of your choice. 1609 | 1610 | ### 2. Generate the registration metadata 1611 | 1612 | Now that we have a Calidus Key ready, we can generate the registration metadata in JSON or CBOR format. If you wanna take a look at it, just use the JSON format. 1613 | 1614 | As stated above, we need the Calidus Public-Key and the Stakepool Cold-Key for this. In addition you can provide a unique `nonce` to the signer, this `nonce` must be a number higher than your old registration. 1615 | In case there is no nonce parameter provided, Cardano-Signer will automatically use the Cardano MainNet slotheight for this. The signature is generated via the CIP8/30 messageSign method, so this can also be used for Stakepool Keys on a Hardware-Wallet. 1616 | A special mode for this will follow in an upcoming release. 1617 | 1618 | ``` console 1619 | cardano-signer sign --cip88 \ 1620 | --calidus-public-key myCalidusKey.vkey \ 1621 | --secret-key myPoolCold.skey \ 1622 | --json \ 1623 | --out-file myCalidusRegistrationMetadata.json 1624 | ``` 1625 | The output file `myCalidusRegistrationMetadata.json`: 1626 | ``` json 1627 | { 1628 | "867": { 1629 | "0": 2, 1630 | "1": { 1631 | "1": [ 1632 | 1, 1633 | "0x172641c2c66128b5324be1cb663b8acb3cd66bc808276fd2813ba227" 1634 | ], 1635 | "2": [], 1636 | "3": [ 1637 | 2 1638 | ], 1639 | "4": 149261016, 1640 | "7": "0x699e69a1f6142252fcc44ca2832ef7f90c94c5860a24fba3efbbd8f5e319b1fa" 1641 | }, 1642 | "2": [ 1643 | { 1644 | "1": { 1645 | "1": 1, 1646 | "3": -8, 1647 | "-1": 6, 1648 | "-2": "0xce43a34542403e9f61f6384dbe1f3e21c047e050f56aa2c04daaecb4e5340a09" 1649 | }, 1650 | "2": [ 1651 | "0xa201276761646472657373581c172641c2c66128b5324be1cb663b8acb3cd66bc808276fd2813ba227", 1652 | 0, 1653 | "0xaff90146c0b74f1288437fa5a8c2915ea0a24d6e8d0f83a05fbbb46fecf0a7f6", 1654 | "0x5e748ae8602721ad179865b8e678918689d236da7a0d45b4f445c93ca287751bc9091ace25fcb6ef4feb61052809b9a0265c0dd7cdec5e2dc938ba15e78bce0b" 1655 | ] 1656 | } 1657 | ] 1658 | } 1659 | } 1660 | ``` 1661 | 1662 | This is the signed registration metadata. All that is left is to use it in a transaction on the Cardano Blockchain. 1663 | 1664 | In case you wanna link more than one pool to the same Calidus Key, just generate another registration metadata signed with the 2nd Pool Cold-Key but using the same Calidus Key. 1665 | 1666 |
1667 | 1668 | ## *Verify - Calidus Key registration metadata* 1669 | 1670 | ![image](https://github.com/user-attachments/assets/b4387810-bbf5-472a-b0af-4494afaa72f6) 1671 | 1672 | It is of course also possible to verify registration metadata. This metadata can be provided in form of a JSON-File, JSON-Plaintext or as a CBOR-HexString. 1673 | 1674 | ### Verify registration metadata provided as a JSON-File 1675 | 1676 | We can show the usecase with the registration file we used in the above signing example: 1677 | 1678 | ``` console 1679 | cardano-signer verify --cip88 \ 1680 | --data-file myCalidusRegistrationMetadata.json \ 1681 | --json-extended 1682 | ``` 1683 | The output in json format: 1684 | ``` json 1685 | { 1686 | "workMode": "verify-cip88", 1687 | "result": "true", 1688 | "poolIdHex": "172641c2c66128b5324be1cb663b8acb3cd66bc808276fd2813ba227", 1689 | "calidusPublicKey": "699e69a1f6142252fcc44ca2832ef7f90c94c5860a24fba3efbbd8f5e319b1fa", 1690 | "publicKey": "ce43a34542403e9f61f6384dbe1f3e21c047e050f56aa2c04daaecb4e5340a09", 1691 | "nonce": 149261016, 1692 | "payloadCbor": "a5018201581c172641c2c66128b5324be1cb663b8acb3cd66bc808276fd2813ba2270280038102041a08e58ad8075820699e69a1f6142252fcc44ca2832ef7f90c94c5860a24fba3efbbd8f5e319b1fa", 1693 | "payloadHash": "aff90146c0b74f1288437fa5a8c2915ea0a24d6e8d0f83a05fbbb46fecf0a7f6", 1694 | "isHashed": "false", 1695 | "verifyDataHex": "aff90146c0b74f1288437fa5a8c2915ea0a24d6e8d0f83a05fbbb46fecf0a7f6", 1696 | "coseSign1Hex": "845829a201276761646472657373581c172641c2c66128b5324be1cb663b8acb3cd66bc808276fd2813ba227a166686173686564f45820aff90146c0b74f1288437fa5a8c2915ea0a24d6e8d0f83a05fbbb46fecf0a7f658405e748ae8602721ad179865b8e678918689d236da7a0d45b4f445c93ca287751bc9091ace25fcb6ef4feb61052809b9a0265c0dd7cdec5e2dc938ba15e78bce0b", 1697 | "coseKeyHex": "a4010103272006215820ce43a34542403e9f61f6384dbe1f3e21c047e050f56aa2c04daaecb4e5340a09", 1698 | "coseSignature": "5e748ae8602721ad179865b8e678918689d236da7a0d45b4f445c93ca287751bc9091ace25fcb6ef4feb61052809b9a0265c0dd7cdec5e2dc938ba15e78bce0b" 1699 | } 1700 | ``` 1701 | 1702 | This is the extended json output with a lot of data in case you wanna use it in your own application. If you wanna check the registration metadata validity, you can run: 1703 | ``` console 1704 | cardano-signer verify --cip88 \ 1705 | --data-file myCalidusRegistrationMetadata.json 1706 | ``` 1707 | ``` 1708 | true 1709 | ``` 1710 | 1711 | 1712 | ## Contacts 1713 | 1714 | * Telegram - @atada_stakepool
1715 | * Twitter - [@ATADA_Stakepool](https://twitter.com/ATADA_Stakepool)
1716 | * Discord - MartinLang \[ATADA, SPO Scripts\]#5306 1717 | * Email - stakepool@stakepool.at
1718 | * Homepage - https://stakepool.at 1719 | -------------------------------------------------------------------------------- /src/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "cardano-signer", 3 | "version": "1.25.0", 4 | "description": "cardano-signer signs a given data(hex/text/file) with a signing key(hex/bech/file) or verify the signature via a public key(hex/bech/file). it can also produce a cip-8/cip-30/cip-36/cip-88v2/cip-100/cip-151 conform payload signing/verification. can produce ed25519 keys from mnemonic for payment, staking, drep, constitutional commitee cold/hot keys, pool, calidus, etc...", 5 | "main": "cardano-signer.js", 6 | "scripts": { 7 | "test": "echo \"Error: no test specified\" && exit 1" 8 | }, 9 | "author": "@gitmachtl - ATADA Stakepools Austria", 10 | "license": "MIT", 11 | "dependencies": { 12 | "@emurgo/cardano-serialization-lib-nodejs": "^14.1.1", 13 | "base64url": "^3.0.1", 14 | "bech32": "^2.0.0", 15 | "bip39": "^3.1.0", 16 | "blakejs": "^1.2.1", 17 | "cbor": "^9.0.2", 18 | "fnv32": "^0.0.1", 19 | "jsonld": "^8.3.2", 20 | "minimist": "^1.2.8" 21 | }, 22 | "repository": { 23 | "type": "git", 24 | "url": "https://github.com/gitmachtl/cardano-signer.git" 25 | } 26 | } 27 | --------------------------------------------------------------------------------