Operator keys are used by the BFT consensus mechanism to agree on the published keys. Every Replica node must generate a new set of private and public keys for the system to become operational and handle external requests.

The operator keys must be published to all of the Replica Network using the previously assigned bootstrap keys and the consensus mechanism.


  1. Log in to the VMware Blockchain Orchestrator appliance.
  2. Generate a private operator key using nxtgn-openssl.
    ​nxtgn-openssl genpkey -algorithm ed25519 -outform PEM -out operator_private_key.pem
  3. View the private operator key.
    cat operator_private_key.pem 

    Sample output:

    -----BEGIN PRIVATE KEY-----
    -----END PRIVATE KEY-----
  4. Generate a public operator key using nxtgn-openssl.
    ​nxtgn-openssl pkey -in operator_private_key.pem -out operator_public_key.pem -outform PEM -pubout
  5. View the public operator key.
    cat operator_public_key.pem 

    Sample output:

    -----BEGIN PUBLIC KEY-----
    -----END PUBLIC KEY-----
  6. Convert the public operator key into a single line.
    awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' operator_public_key.pem

    Sample output:

    Sample output: -----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAJccAQeAvvhXtePIUqPE1EjZ/rMH76dG28x3OIru5OJk=\n-----END PUBLIC KEY-----\n

What to do next

Add the newly converted public operator key in the deployment descriptor file. See Configuring the Deployment Descriptor Parameters on vSphere. During deployment, the operator public key details are added to all the Replica nodes.