Key Evolving Signature (KES) cryptography is a cryptographic signing scheme designed for forward security. In Cardano, we use this to sign blocks, "evolving" keys every 36 hours.
This forward security however requires that after a key has been evolved, all copies of the old key must be securely erased. This implies that KES keys must never be stored on disk. The KES Agent exists so that KES keys can be securely stored in memory, rather than on disk, and will manage the evolution of KES keys in place of the node, allowing for the keys to persist (in ephemeral storage) even over a restart of the node itself.
For further information, see the Guide.
KES Agent does not currently work on Windows.
It will compile and run, but the test suite has been disabled because it fails / deadlocks, and it will almost certainly not work correctly.
Quick guide:
Clone git repository:
git clone https://github.com/input-output-hk/kes-agent/ ./kes-agent
cd kes-agentBuild & install:
cabal install exe:kes-agent exe:kes-agent-controlRunning tests:
cabal test allRunning KES agent as a regular process:
kes-agent run \
-s /path/to/service.socket -c /path/to/control.socket \
--cold-verification-key /path/to/cold.vkey \
--genesis-file /path/to/genesis.jsonQuerying the KES agent to verify that it works:
KES_AGENT_CONTROL_PATH=/path/to/control.socket kes-agent-control infoFor further information, see the Guide.
Copyright INTERSECT 2024-2025.
Licensed under the Apache License, Version 2.0 (the "License"); see the enclosed NOTICE and LICENSE files.
