Solana Key Generation Guide

# Solana Key Generation Guide Please make sure all the commands are ran in an air-gapped machine to ensure safety. Solana Validators follow the following Key Structure: 1. **Authorized Withdrawer Key**: Controls all operations related to assigning roles and managing rewards. THIS IS THE MOST IMPORTANT KEY. 2. **Vote Authority Key**: This key receives rewards and votes on transactions. It is also replaceable. When staking, users will need your vote authority address. 3. **Validator Identity Key**: Responsible for the validator's identity and for validating and producing blocks when on a validator node. This key can be switched out for another in case it is compromised. This key is used to vote on governance proposals. This key is linked to the vote authority key. **Please refer here to the [official documentation](https://docs.solanalabs.com/operations/guides/vote-accounts) for a more detailed guide. It includes sections on commission changing, validator identity changing, etc.** ## Key Generation Follow the steps below to generate your **authorized withdrawer**, **validator** and **vote authority** keys. Store the keys in a single directory: ```bash mkdir keys cd keys ``` ### Install Solana CLI ```bash sh -c "$(curl -sSfL https://release.solana.com/stable/install)" ``` If unable to run the commands, please restart your terminal session to refresh your environment. ### 1. Generate Authorized Withdrawer This address has ultimate authority over the validator. Due to this we recommend generating a seed phrase and not a file. Solana CLI lets you pay for transaction fees with either a seed phrase or a keypair file. Generate seed phrase: ```bash solana-keygen new --no-outfile --word-count 24 ``` You will be prompted to enter a password. Pick a strong password. You will then see the authorized withdrawer's public key and seed phrase. Please carefully note down the seed phrase and public key. We will be using them in the upcoming commands. Alternative **(NOT RECOMMENDED):** Generate an keypair file: ```bash solana-keygen new -o authorized-withdrawer-keypair.json ``` Send **0.5 SOL** to this account to be able to pay for fees in the future. ### 2. Generate Validator Identity ```bash solana-keygen new -o validator-keypair.json ``` This will create a file called `validator-keypair.json`. At the moment, the key is just a standard address and is not linked to any vote authority. ### 3. Generate Vote Authority ```bash solana-keygen new -o vote-account-keypair.json ``` This account will receive the rewards. Rewards will only be withdrawable using the authorized withdrawer seed phrase/key. ### 4. Create the Vote Account on the Blockchain This command will link the three accounts together and publish it on the blockchain. ```bash solana create-vote-account vote-account-keypair.json validator-keypair.json <AUTHORIZED_WITHDRAWER_PUBKEY> --commission <EXAMPLE: 10> --fee-payer ASK ``` You will be prompted to enter your authorized withdrawer's seed phrase to authorize the transaction. This is also the account which will be paying for fees. ## Done! You have created all the necessary keys. You can send your `validator-keypair.json` file to anyone and they can validate for you. As mentioned earlier, please refer to official documentation in case you want to [rotate keys.](https://docs.solanalabs.com/operations/guides/vote-accounts#key-rotation)