Keystore management

Key types

Key types can be conditionally divided into two groups: agents and validators.

Agents keys are used for linking content, sending liquid tokens, delegating, redelegating, and undelegating tokens to validators. Also, withdrawing rewards, voting and multisig accounts creating.

  • cyber a.k.a. address. Cyberdcli application key.

    • Derived from account mnemonic phrase, generated by cyberdcli keys add
    • e.g. cyber15h6vd5f0wqps26zjlwrc6chah08ryu4hzzdwhc
  • cyberpub the public key of account address. Is used for generating multisig address.

    • Derived from account mnemonic phrase, generated by cyberdcli keys add
    • e.g. cyberpub1zcjduc3q7fu03jnlu2xpl75s2nkt7krm6grh4cc5aqth73v0zwmea25wj2hsqhlqzm

All agents user keypairs stored locally at PATH_TO_CYBERD/cli/keys folder. You can backup this folder for easy migrating between testnets or machines.

Validators are actors on the network committing new blocks by submitting their votes. It refers to the node itself, not a single person or a single account. Therefore, the public key here is referring to the node public key, not the public key of the agent address.

  • cybervaloper validator application level address. It is associated with a public key cybervalconspub. This is the address used to identify your validator publicly. The private key associated with this address is used to delegate, unbond, claim rewards, and participate in governance. Generated by cyberdcli on application level. Application keys are associated with a public key prefixed by cyberpub and an address prefixed by cyberd network. Both are derived from account keys generated by cyberdcli keys add.

    • e.g. cybervaloper1carzvgq3e6y3z5kz5y6gxp3wpy3qdrv928vyah
  • cybervalconspub the public key of node/validator address. The private key associated with this Tendermint PubKey is used to sign prevotes and precommits.

    • Generated when the node is created
    • Get this value with cyberdcli tendermint show-validator
    • e.g. cybervalconspub1zcjduepq0ms2738680y72v44tfyqm3c9ppduku8fs6sr73fx7m666sjztznqzp2emf

Note: A validator’s operator key is directly tied to an application key, but uses reserved prefixes solely for this purpose: cybervaloper and cybersvaloperpub.

The node keypair stored in node_key.json and priv_validator_key.json at PATH_TO_CYBERD/daemon/config folder. You can delete it and restart docker if you want to change this keypair. The new pair will create automatically. Or you can backup it too and insert in the same folder at new testnet if you want same node pubkey.

Generate keys

You’ll need an account private and public key pair (a.k.a. sk, pk respectively) to be able to receive funds, send txs, bond tx, etc.

To generate a new secp256k1 key:

cyberdcli keys add <account_name>

Next, you will have to create a passphrase to protect the key on disk. The output of the above command will contain a seed phrase. It is recommended to save the seed phrase in a safe place so that in case you forget the password, you could eventually regenerate the key from the seed phrase with the following command:

cyberdcli keys add <account_name> --recover

Also, you can import your ETH account to cyberdcli:

cyberdcli keys add import_private <account_name>

by ETH private key

… and Cosmos account by seed phrase:

cyberdcli keys add <account_name> --recover 

cyberdcli provides compatibility of Cosmos and ETH public keys with Cyber addresses.

You can check your application account details by account name:

cyberdcli keys show <account_name>

You can see all your available keys by typing:

cyberdcli keys list

View the validator pubkey for your node by typing:

cyberdcli tendermint show-validator
Note that this is the Tendermint signing key, not the operator key you will use in delegation transactions.
::: danger Warning We strongly recommend NOT using the same passphrase for multiple keys. The cyberd team and the cyber•Congress team will not be responsible for the loss of funds. :::

Generate Multisig Public Keys

You can generate and print a multisig public key by typing:

cyberdcli keys add --multisig=name1,name2,name3[...] --multisig-threshold=K new_key_name

K is the minimum number of private keys that must have signed the transactions that carry the public key’s address as signer.

The --multisig flag must contain the name of public keys that will be combined into a public key that will be generated and stored as new_key_name in the local database. All names supplied through --multisig must already exist in the local database. Unless the flag --nosort is set, the order in which the keys are supplied on the command line does not matter, i.e. the following commands generate two identical keys:

cyberdcli keys add --multisig=foo,bar,baz --multisig-threshold=2 multisig_address
cyberdcli keys add --multisig=baz,foo,bar --multisig-threshold=2 multisig_address

Multisig addresses can also be generated on-the-fly and printed through the which command:

cyberdcli keys show --multisig-threshold K name1 name2 name3 [...]

For more information regarding how to generate, sign and broadcast transactions with a multi signature account see Multisig Guide.