Skip to main content

Key pairs

On the Chromia network, key pairs have different meanings and responsibilities. As a provider, you typically handle two different types of key pairs. The PMC keygen command can create key pairs.

Provider key pair

The provider key pair is your personal key pair. It's used to sign transactions and proposals on the network. In the future, it'll connect to a wallet and thus be the target for your revenue stream. You must keep this key pair safe as it's not possible to recover this. Therefore, you should configure pmc to use this key pair. For more information, see PMC keygen.

You'll only generate this key once. We recommend setting this up globally for your convenience if you plan to participate on several networks.


Please write down the privkey/mnemonic so that you can recover it later.

Provider key pair signing example

Suppose you are a provider on the Chromia network and want to vote on a proposal. You would use your provider key pair for this purpose:

  1. Create a config file in the working directory with the keys. You need to name it.chromia/config or .pmc/config for PMC to automatically detect the files so the --config attribute is not needed in a command.

  2. Generate the provider key pair using the PMC keygen command.

    pmc keygen -s .chromia/config
    # or
    pmc keygen -s .pmc/config # is deprecated but still supported
  3. Connect the config file to the network.

    pmc config --local --set brid="<brid for the management chain in the network>"
    pmc config --local --set api.url="<url for a system node in the network including port ex.>"

    For example,

    #Keypair generated using secp256k1
    #Tue Aug 15 16:47:09 CEST 2023

  4. Now, let's add a provider to the network. To do this, an existing provider must create a proposal to add the new provider. The proposal can be made to add the new provider to the same or lower tier as the provider creating the proposal. This is done with PMC as follows:

    pmc provider add -pk <public key of the new provider>  -<e|d> -<sp|np|cnp>

    For example,

    # Example where I am a provider in the network of tier system providers. To add the new provider as an active node provider, I run
    pmc provider add -pk 02AC81F34F88BBD627A1AEBACA7B02FDD64353BFA817DA11578845376291E3C884 -e -np

    This command creates a proposal the other provider must accept for the new provider to be added.

  5. Once configured and voted in as one of the providers to be part of one of the voter sets, the new provider can participate in new proposals.

    pmc proposal vote -<y|n> --id <id of proposal>

    For example,

    # Example where I want to accept proposal 40
    pmc proposal vote -y --id 40

Node key pair

All nodes on the network have their own unique key pair. The nodes consensus algorithm uses it to sign blocks between its peers.

To generate one key pair for each node, you start with the following:

$ pmc keygen -s
$ pmc keygen -s

Edit the files to replace the key prefix from pubkey to messaging.pubkey before including them in your node-properties file as follows:

Node key pair signing example

Let's consider a scenario where I as a provider want to add a node to the network:

  1. For each network node, generate a unique node key pair using the PMC keygen command:

    pmc keygen --node --save
  2. Incorporate the generated key pairs into the node configuration (node-properties file) for each respective node:

    # node-properties for n0

    # node-properties for n1
  3. Once the node is up and running, it needs to be registered to the network.

    pmc node register --pubkey <pubkey in the file> --port <port that is open and configured for api traffic, normally 7740> --host <your host domain ex.> --api-url <full url to the api ex> --cluster <optional if not stated>
  4. The node key pair can now be used by the node to sign blocks during the consensus within each node.

  5. The signed block is then propagated and verified within the network's consensus process.