6.2 KiB
6.2 KiB
Key Rotation Complete
Date: 2025-12-20
Status: ✅ COMPLETE
Summary
Successfully rotated all validator and node identities for the QBFT network using Quorum-Genesis-Tool. All keys have been regenerated, genesis.json has been updated with new extraData, and all configuration files have been regenerated with new enode URLs.
1. Detected Consensus: QBFT
Evidence: genesis.json contains:
"config": {
"qbft": {
"blockperiodseconds": 2,
"epochlength": 30000,
"requesttimeoutseconds": 10
}
}
2. Node Count: 5 Validators, 4 Sentries, 3 RPC Nodes
- Validators: 5 (VMIDs 1000-1004)
- Sentries: 4 (VMIDs 1500-1503)
- RPC Nodes: 3 (VMIDs 2500-2502) - Using member4-member6 from output/2025-12-20-19-54-21
3. Commands Executed
npx --yes quorum-genesis-tool \
--consensus qbft \
--chainID 138 \
--validators 5 \
--members 4 \
--bootnodes 0 \
--blockperiod 2 \
--epochLength 30000 \
--requestTimeout 10 \
--difficulty 1 \
--gasLimit 0x1c9c380
Output Location: output/2025-12-20-19-54-02/
4. Files Changed/Created
Updated Files
- ✅
smom-dbis-138-proxmox/config/genesis.json- UpdatedextraDatawith new QBFT validator addresses
Created Files
- ✅
smom-dbis-138-proxmox/config/static-nodes.json- New validator enode URLs - ✅
smom-dbis-138-proxmox/config/permissioned-nodes.json- All node enode URLs (JSON format) - ✅
smom-dbis-138-proxmox/config/permissions-nodes.toml- All node enode URLs (TOML format)
Copied Keys
- ✅
smom-dbis-138-proxmox/keys/validators/validator-*/key.priv- Validator private keys - ✅
smom-dbis-138-proxmox/keys/validators/validator-*/address.txt- Validator addresses - ✅
smom-dbis-138-proxmox/config/nodes/validator-*/nodekey- Validator nodekeys (P2P identity) - ✅
smom-dbis-138-proxmox/config/nodes/sentry-*/nodekey- Sentry nodekeys (P2P identity) - ✅
smom-dbis-138-proxmox/config/nodes/rpc-*/nodekey- RPC nodekeys (P2P identity)
5. New Validator Addresses (Ordered)
validator0: 0x1c25c54bf177ecf9365445706d8b9209e8f1c39b
validator1: 0xc4c1aeeb5ab86c6179fc98220b51844b74935446
validator2: 0x22f37f6faaa353e652a0840f485e71a7e5a89373
validator3: 0x573ff6d00d2bdc0d9c0c08615dc052db75f82574
validator4: 0x11563e26a70ed3605b80a03081be52aca9e0f141
6. New Enode List (Ordered)
Validators
enode://2221dd9fc65c9082d4a937832cba9f6759981888df6798407c390bd153f4332c152ea5d03dd9d9cda74d7990fb3479a5c4ba7166269322be9790eed9ebdcfe24@192.168.11.100:30303
enode://4e358db339804914d53bec6de23a269aef7be54c2812001025e6a545398ac64b2513a418cd3e2ca06dc57daf5c0aa2fb97c9948b6d7893e2bd51bf67dae97923@192.168.11.101:30303
enode://0daef7e3041ab3a5d73646ec882410302d63ece279b781be5cfed94c1970aacb438aeafc46d63a630b4ea5f7a0572a3a7edff028b16abc4c76ee84358af8c31f@192.168.11.102:30303
enode://107e59cb6c5ddf000082ddfd925aa670cba0c6f600c8e3dc5cdd6eb4ca818e0c22e4b33ef605eb4efd76ef29177ca00fd84a79935eccdddd2addbbb26d37a4a4@192.168.11.103:30303
enode://59844ade9912cee3a609fae1719694c607b30ac60a08532e6b15592524cb5f563f32c30d63e45075e7b9c76170a604f01fc6de02e3102f0f8d1648bf23425c16@192.168.11.104:30303
Sentries (Members)
enode://2d4eeff2d5710427cf5f11319b48a883d5eb39e18e3a42052ccc6ea613d1f0ac72a17fc560b84e270ce0320b518bee7632071f20f64a69b6634496a66adafb71@192.168.11.150:30303
enode://88e407e879af2e5a6a9cfd16385390a7e6fce91fae462418fc858047d61f932f1e0114e99a8ff84c8f261c733cbb5bd7a76a7fbb5e5eac9920a41b11f6e5a07b@192.168.11.151:30303
enode://7a98f86ced272d3f61046b08bb617d157516fd21e3cf6edb0f8090ca87ea5f920bc05dac489c82cf7b8d32bd64c51f904d868ed0ce8f9c83bf1e9c2022b33baa@192.168.11.152:30303
enode://0cbd315d8f80f8ba46f0229297a493a71d37287cbfb0fc991dd3680fa4db21e2891d4dd2f1577c5020d93224a2f0f690b331551490796ddee3bbb56ecfa6b6f5@192.168.11.153:30303
RPC Nodes (from member4-member6 in output/2025-12-20-19-54-21)
enode://6cdc892fa09afa2b05c21cc9a1193a86cf0d195ce81b02a270d8bb987f78ca98ad90d907670796c90fc6e4eaf3b4cae6c0c15871e2564de063beceb4bbfc6532@192.168.11.250:30303
enode://07daf3d64079faa3982bc8be7aa86c24ef21eca4565aae4a7fd963c55c728de0639d80663834634edf113b9f047d690232ae23423c64979961db4b6449aa6dfd@192.168.11.251:30303
enode://83eb8c172034afd72846740921f748c77780c3cc0cea45604348ba859bc3a47187e24e5fad7f74e5fe353e86fd35ab7c37f02cfbb8299a850a190b40968bd8e2@192.168.11.252:30303
7. Verification Checklist
✅ All validator keys generated using quorum-genesis-tool
✅ genesis.json updated with new extraData (QBFT format, RLP-encoded)
✅ static-nodes.json created with new validator enodes
✅ permissioned-nodes.json created with all node enodes
✅ permissions-nodes.toml created with all node enodes
✅ Keys copied to repository structure
✅ Validator addresses in extraData match new validator keys
✅ RPC nodes (VMIDs 2500-2502) included
Note: RPC nodekeys were sourced from member4-member6 in output/2025-12-20-19-54-21 directory, which were generated in a separate quorum-genesis-tool run.
8. Updated extraData
The extraData field in genesis.json has been updated with the new QBFT validator addresses:
0xf88fa00000000000000000000000000000000000000000000000000000000000000000f869941c25c54bf177ecf9365445706d8b9209e8f1c39b94c4c1aeeb5ab86c6179fc98220b51844b749354469422f37f6faaa353e652a0840f485e71a7e5a8937394573ff6d00d2bdc0d9c0c08615dc052db75f825749411563e26a70ed3605b80a03081be52aca9e0f141c080c0
This contains:
- 32-byte vanity (zeros)
- RLP-encoded list of 5 validator addresses (20 bytes each)
- Empty seals section for genesis
Next Steps
- Deploy new keys to nodes: Copy the new keys from the repository to the deployed nodes
- Update node configurations: Ensure all nodes reference the new keys
- Restart nodes: Restart all nodes to apply the new keys
- Verify block production: Confirm the network starts producing blocks with the new validators
Important Notes
- All old keys have been replaced - Old validator addresses are no longer in use
- genesis.json updated in-place - All other settings (chainId, gasLimit, alloc, etc.) preserved
- Deterministic generation - All keys generated using quorum-genesis-tool for consistency
- No manual edits required - All configuration files auto-generated from the tool output