$HOME/.sgx_secrets/consensus_seed.sealed, does the same key derivation steps as above in steps 2-5.
genesis.jsonand creates a remote attestation proof for their own machine to show to the network that the node's Enclave is genuine.
nonce(a 256 bit true random) a private key is derived. From
secretcli tx register authtransaction with the following inputs:
secretcli tx register authtransaction
seed_exchange_keyis derived using HKDF-SHA256 from
nonce. When sending the
seed_exchange_keyto new nodes the Nonce is added as plaintext, it just serves the function of making each
seed_exchange_keygenerated in step 5 is used to encrypt the
ADfor this encryption algorithm is the public key of the new node:
new_node_public_keyAll this logic is done in side the Authorization transaction.
secretcli tx register authoutputs the
encrypted_consensus_seedand will have to decrypt to plaintext to receive the
seed_exchange_keyis used to decrypt
consensus_seedTo derive this the reverse logic is followed highlighted in step 5.
seed_exchange_ikmis derived using ECDH (x25519) with
registration_privkey(available only inside the new node's Enclave) This is the DH-key echange in action as this is the reverse public/private input of the IKM generation in step 5.
seed_exchange_keyis derived using HKDF-SHA256 with
encrypted_consensus_seedis encrypted with AES-128-SIV,
seed_exchange_keyas the encryption key and the public key of the registering node as the
adas the decryption additional data The new node now has all of these parameters inside its Enclave, so it's able to decrypt
encrypted_consensus_seedand then seal
consensus_seedto disk at