It’s a bit more complicated than that!
First, exporting the private key is the first essential step. But when you start the participant again, you need to configure it to not perform “auto-init”. You can do that by setting
canton.participants.participant1.init.auto-init = false
Otherwise, the participant will automatically perform the steps (including creating new keys) below:
// I'm using the modified simple-topology.conf
nodes.local.start
// export participant1 secret key and load it into participant2
val secret = participant1.keys.secret.list(filterName = "participant1-identity").head
val namespace = secret.publicKey.fingerprint
participant1.keys.secret.`export`(namespace, Some("secret.key"))
// load secret key
participant2.keys.secret.load("secret.key", Some("idm key"))
// create root certifiacate (self-signed)
participant2.topology.namespace_delegations.authorize(TopologyChangeOp.Add, namespace, namespace, true)
// init id - run this after you created the namespace delegation, as otherwise
// the system will complain about being unable to vet the admin workflow
// packages
// note, the name string can be choosen freely
participant2.topology.init_id("mateus", namespace)
// create signing and encryption keys
val enc = participant2.keys.secret.generate_encryption_key()
val sig = participant2.keys.secret.generate_signing_key()
// assign new keys to this participant
Seq(enc, sig).foreach{ key =>
participant2.topology.owner_to_key_mappings.authorize(TopologyChangeOp.Add,
participant2.id, key.fingerprint, key.purpose)
}
// test to ensure that it works
participant2.domains.connect_local(mydomain)
participant2.health.ping(participant2)
I hope this is clear now. Let me know if you have questions. The topology management system is quite flexible and can be configured in many more ways than the “vanilla” auto-init setup. However, you need to be a bit careful to not if you step off the standard paths.
Best,
Ratko