Generating User and Validator Keys


These instructions have been tested on Ubuntu 18.04 (Bionic) only.


For PBFT, repeat this procedure on the other nodes in the initial network. When you create the genesis block on the first node, you will need the validator keys for at least three other nodes.

  1. Generate your user key for Sawtooth.

    $ sawtooth keygen my_key
    writing file: /home/yourname/.sawtooth/keys/my_key.priv
    writing file: /home/yourname/.sawtooth/keys/


    This command specifies my_key as the base name for the key files, to be consistent with the key name that is used in some example Docker and Kubernetes files. By default (when no key name is specified), the sawtooth keygen command uses your user name.

  2. Generate the key for the validator, which runs as root.

    $ sudo sawadm keygen
    writing file: /etc/sawtooth/keys/validator.priv
    writing file: /etc/sawtooth/keys/


    By default, this command stores the validator key files in /etc/sawtooth/keys/validator.priv and /etc/sawtooth/keys/ However, settings in the path configuration file could change this location; see Path Configuration File.

Sawtooth also includes a network key pair that is used to encrypt communication between the validators in a Sawtooth network. This off-chain configuration setting is described in a later procedure.