This document describes a simple process for Manually generating participation keys (not for relay nodes) and registering the corresponding accounts with Algorand as being online.
We assume that the spending secret/public key-pair for an account was already generated (see Algorand Mainnet KeyGen article), the account has some stake, and the secret key is kept offline but can be used to sign transactions. Below we denote the account address by acctAddr. We also assume that we have access to a participation node in the network.
This procedure below is simple, but it assumes that we can run goal on the participation node with the parameters of our choice. Later we discuss a variant of this procedure that does not need this level of access.
1. Generate a participation key on the online node itself by running
./goal account addpartkey -a acctAddr --roundFirstValid 1000 --roundLastValid 3000000
(Of course, the numbers 1000 and 3000000 are just an example.)
2. Generate a registration request (i.e., an unsigned transaction) on the same node by running:
./goal account changeonlinestatus -a acctAddre -o 1 -t onlineRequest.tx
This will generate the file onlineRequest.tx in the current directory (the filename could be anything).
3. Transfer the file onlineRequest.tx to an offline machine for signature. Use the spending secret key, sign this transaction and generate a signed transaction file called (e.g.) onlineRequest.tx.signed. For example, for a regular key this could be accomplished using
./algokey sign -k seckeyFile -t onlineRequest.tx -o onlineRequest.tx.signed
For multi-signature keys the process is more complicated, and involve generating multiple standard signatures and then combining them with:
‘./goal clerk multisig’. Either way, at the end of this step the stakeholder will have a file with the signed registration request (which we called onlineRequest.tx.signed above).
4. Place the signed registration file onlineRequest.tx.signed back on the online node, then send the signed transaction to the network, using:
./goal clerk rawsend -f onlineRequest.tx.signedA variation on this procedure
As we mentioned, the procedure above assumes that we can run the goal command on the participation node itself. This may require having ssh access to the node, or some other methods of running commands there. For security reasons, we may want to avoid having to run commands on the online participating node.
An alternative is to spin a different temporary node to serve as our online participating node and run the procedure above with that temporary node. Once the procedure is completed, we can stop the temporary node and extract the participation key from the ledger directory on that node. E.g., for the default setting in the current testnet, this is the file
We then just need to drop that file in the ledger directory on the real participating node, thereby completing the process.