LogoLogo
  • Overview
    • SEDA Overview
      • SEDA Primer for Key Features
        • SEDA’s Intent-Centric Framework
        • Modular Design Benefits
        • Programmable Tooling and Permissionless Development
        • Fast Settlement & Horizontally Scalable
        • Fork-less Upgrades
      • RWAs, Price Feeds, AI and More
        • Custom Data Feeds
      • SEDA Token Primer
        • Network Utilization
        • Network Participation & Chain Security
        • Network Governance
      • Introducing SEDA's Flagship Product - The IVM
        • 🌉Intro to Interop 3.0 & Emerging Verification Markets
        • Programmable Modules
        • Triggering A Verification Data Request With An IVM
        • SEDA IVM Security
        • An IVM Summary
    • SEDA Network Architecture
      • Walking Through SEDA’s Architectural Features
      • The PoS SEDA Chain
      • Oracle Programs
      • The Overlay Network
      • Decentralized Solver Network
      • SEDA’s Prover Contract
  • For Users
    • ⭐Getting Started
      • 🏦Wallet Overview
      • ⏬Installing Cosmos Hub on Ledger
      • ⛓️Adding SEDA Chain to Keplr
      • 🌌Delegating your SEDA
        • 📨Selecting a Validator
        • 📡Delegating to a Validator
    • 👐Tools and Dashboards
      • 🌐SEDA Explorers and Dashboards
      • 🔭Third-party Explorers
      • 📶Public RPCs + APIs
    • 🔵SEDA Token Info
      • 📈Token Charts and Tracking
      • 📊Exchanges
      • 〰️SEDA Distribution Schedule
  • For Developers
    • 📈Data Requests
      • ❓What is a Data Request?
      • 🔃Data Request Life Cycle
    • 💾Building an Oracle Program
      • Price Feed Example
        • 👋Getting Started: Price Feed
        • 🧪Testing Your Oracle Program
        • 🚀Deploying Your Oracle Program
      • 🌐Fetching Open Data
      • 🔐Advanced: API-key Gated Data
    • ⚡Access Data from Any Network
      • 🔎Access from EVM Networks
        • 🔧Using SEDA in a Contract
        • 🚀Contract Deployment
      • 🔜Access from other Networks
      • 🔜Advanced: Run your own Solver
    • 🏗️Deployments
    • 👽Interoperability Verification Module (IVM)
      • 🛸Interop Verification Module for Message-Based Bridge Protocols
      • Powering Intents and Chain Abstraction with SEDA
  • Resources
    • 🌍Upgrade your FLX to SEDA Token
      • 🔓How to Connect your EVM and SEDA Wallets
      • ➡️How to Upgrade from FLX to SEDA
      • 🚁Support and FAQs
    • 🛡️Audits
      • Trail of Bits Audit Report Repo Link - March 2024
      • Sherlock Audit of SEDA Network Full Feature Launch - April 2025
  • For Data Providers
    • Data Proxy
      • ℹ️Introduction to Data Proxy
      • 💻System Requirements
      • 🔢Operating and Running a Data Proxy
      • 🔐Advanced: API-key Gated Data
  • For Node Operators
    • 📶SEDA Chain Guide and Requirements
      • 🎬Installation and System Requirements
      • 👟Operating and Running a Node
      • 🔗Linking to an External Node
      • 🏗️Validator Onboarding
      • 🔑SEDA Keys
      • 📸Joining Testnet Using Snapshot
      • 🤝Joining Testnet Using State Sync
  • Legal
    • Privacy Policy
    • Terms
Powered by GitBook
On this page
  • Generating and Registering SEDA Keys
  • Key Rotation
  1. For Node Operators
  2. SEDA Chain Guide and Requirements

SEDA Keys

SEDA Chain validators may be asked to generate SEDA Keys and register their public keys to perform various signing duties in the SEDA Protocol.

Starting with v1.0.0 of the SEDA Chain, validators will be expected to generate SEDA Keys and register their public keys to perform signing duties beyond consensus signing. SEDA Keys currently consist of a single secp256k1 key used to sign batches.

If you are not a validator yet, follow the instructions in Validator Onboarding instead.

If you are an existing validator, you may be asked to generate or regenerate SEDA Keys and upload the public keys when we roll out a new proving scheme. Failure to do so may result in getting jailed.

Contents

Generating and Registering SEDA Keys Key Rotation

Generating and Registering SEDA Keys

First, check the relevant app configurations and modify them as necessary. You may also directly modify the app.toml file.

sedad config get app seda.enable-seda-signer 
sedad config get app seda.allow-unencrypted-seda-keys
sedad config get app seda.seda-key-file # path to key file from node directory

# You must enable SEDA signer.
sedad config set app seda.enable-seda-signer true
# We recommend that you encrypt your SEDA key file.
sedad config set app seda.allow-unencrypted-seda-keys false

We recommend that you take the following steps to generate a key file, load it onto the node, and register the public keys on-chain.

Since the SEDA key file is used by the SEDA signer at the application layer of the chain, if you're using Horcrux, you must copy the SEDA key file to all your sentry nodes. It is crucial that you place and load the same key file across your sentry nodes.

  1. Execute add-seda-keys transaction with the --generate-only flag to generate a SEDA key file without actually sending the transaction for uploading its public keys. Take note of the encryption key.

    sedad tx pubkey add-seda-keys \
    --from <wallet-name> --chain-id <chain-id> \
    --gas-prices 10000000000aseda --gas auto --gas-adjustment 2.0 \
    --generate-only

  2. The encryption key should be set as an environment variable SEDA_KEYS_ENCRYPTION_KEY in the node environment.

    • In a basic setup, this means executing something like the following sequence of commands:

      sedad stop
export SEDA_KEYS_ENCRYPTION_KEY=ajfUfrdnrFRkej9OXTDb1IMdrIWkDN3P7CWKz5It20I=+g9ZQ=
sedad start

    • If you are using systemctl to run the node, add the following line to the service file's [service] section, reload the daemon, and then restart the node service. 

      Environment="SEDA_KEYS_ENCRYPTION_KEY=aJr4EJeogSYZ+MBhNMQsSDQd9VxH3t3acXEFXkUIDPE="

  3. Make sure the node has successfully started with the signer. The node will fail to start if the key file is not loaded successfully even though the SEDA signer is enabled in the app configuration. If the signer has been set up correctly, the following message should appear in the log:

    3:34PM INF successfully loaded SEDA signer module=server

  4. Once your validation setup is ready, send the transaction transaction with the --key-file-custom-encryption-key flag and the --key-file flag pointing to the SEDA key file. You will be prompted to enter the encryption key twice.

    sedad tx pubkey add-seda-keys \
    --from <wallet-name> --chain-id <chain-id> \
    --gas-prices 10000000000aseda --gas auto --gas-adjustment 2.0 \
    --key-file ~/.sedad/config/seda_keys.json \
    --key-file-custom-encryption-key

Key Rotation

SEDA Keys can be rotated at any time. If you still have access to the original key file, make sure to first back it up before following the instructions.

If you use the same encryption key as before, you can rotate your keys without restarting the node because the node already has the encryption key.

  • Using the Same Encryption Key (Single Node Setup)

  • Using the Same Encryption Key (Multiple Node Setup)

If you decide to use a different encryption key for the key file, you have to restart the node(s). We recommend that you turn off all your nodes, follow the same instructions without the --key-file-custom-encryption-key flag, and restart your nodes after you confirm that the transaction you sent to an external RPC porvider has been included in a block.

If you use Horcrux signing service with multiple sentry nodes, make sure to follow the instructions for Multiple Node Setup. It is crucial that you place and load the same key file across your sentry nodes.

Using the Same Encryption Key (Single Node Setup)

The rotation process is simplified if you have a single node setup and do not change the encryption key. Directly executing the transaction in the setup will generate a key file in the configured SEDA key file path. The node will then automatically detect the key file change and load it using the original encryption key after signing one additional batch.

Execute the transaction with the --key-file-custom-encryption-key flag and provide the original encryption key.

sedad tx pubkey add-seda-keys \
    --from <wallet-name> --chain-id <chain-id> \
    --gas-prices 10000000000aseda --gas auto --gas-adjustment 2.0 \
    --generate-only --key-file-custom-encryption-key

Using the Same Encryption Key (Multiple Node Setup)

If you run multiple sentry nodes, we recommend that you first generate a key file without sending the transaction and copying the key file across all your nodes. As long as the identical key file is placed in the correct path, the nodes will automatically reload their signers to the updated key file.

  1. Generate the key file using the existing encryption key by using the flags --generate-only and --key-file-custom-encryption-key. You will be prompted to provide the encryption key.

    sedad tx pubkey add-seda-keys \
    --from <wallet-name> --chain-id <chain-id> \
    --gas-prices 10000000000aseda --gas auto --gas-adjustment 2.0 \
    --generate-only --key-file-custom-encryption-key

  2. Copy and place the key file in the correct path across all your nodes.

  3. Now actually submit the transaction using the --key-file flag pointing to the key file created in Step 1. You must also add the --key-file-custom-encryption-key flag and provide the encryption key when prompted.

    sedad tx pubkey add-seda-keys \
    --from <wallet-name> --chain-id <chain-id> \
    --gas-prices 10000000000aseda --gas auto --gas-adjustment 2.0 \
    --key-file ~/.sedad/config/seda_keys.json \
    --key-file-custom-encryption-key

PreviousValidator OnboardingNextJoining Testnet Using Snapshot

Last updated 4 days ago

📶
🔑