WithAutonomi · jacderida · Mar 30, 2026 · Mar 30, 2026
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -168,7 +168,7 @@ jobs:
         run: |
           cp config/bootstrap_peers.toml target/${{ matrix.target }}/release/
           cd target/${{ matrix.target }}/release
-          tar -czvf ../../../ant-node-cli-${{ matrix.friendly_name }}.tar.gz ${{ matrix.binary }} ant-keygen bootstrap_peers.toml
+          tar -czvf ../../../ant-node-cli-${{ matrix.friendly_name }}.tar.gz ${{ matrix.binary }} bootstrap_peers.toml
           cd ../../..
 
       - name: Create archive (Windows)
@@ -177,7 +177,7 @@ jobs:
         run: |
           Copy-Item "config/bootstrap_peers.toml" "target/${{ matrix.target }}/release/bootstrap_peers.toml"
           Push-Location "target/${{ matrix.target }}/release"
-          Compress-Archive -Path "${{ matrix.binary }}", "ant-keygen.exe", "bootstrap_peers.toml" -DestinationPath "../../../ant-node-cli-${{ matrix.friendly_name }}.zip"
+          Compress-Archive -Path "${{ matrix.binary }}", "bootstrap_peers.toml" -DestinationPath "../../../ant-node-cli-${{ matrix.friendly_name }}.zip"
           Pop-Location
 
       - name: Upload artifact
@@ -192,13 +192,6 @@ jobs:
     needs: [build]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-
-      - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@stable
-
-      - uses: Swatinem/rust-cache@v2
-
       - name: Download all artifacts
         uses: actions/download-artifact@v4
         with:
@@ -208,20 +201,25 @@ jobs:
       - name: List artifacts
         run: ls -la artifacts/
 
+      - name: Download ant-keygen
+        run: |
+          gh release download --repo WithAutonomi/ant-keygen --pattern 'ant-keygen-linux-x64.tar.gz' --dir /tmp
+          tar -xzf /tmp/ant-keygen-linux-x64.tar.gz -C /tmp
+          chmod +x /tmp/ant-keygen
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Decode signing key
         run: |
           echo "${{ secrets.ANT_NODE_SIGNING_KEY }}" | xxd -r -p > /tmp/signing-key.secret
           chmod 600 /tmp/signing-key.secret
 
-      - name: Build signing tool
-        run: cargo build --release --bin ant-keygen
-
       - name: Sign all release files
         run: |
           for file in artifacts/ant-node-cli-*.tar.gz artifacts/ant-node-cli-*.zip; do
             if [ -f "$file" ]; then
               echo "Signing $file..."
-              ./target/release/ant-keygen sign \
+              /tmp/ant-keygen sign \
                 --key /tmp/signing-key.secret \
                 --input "$file" \
                 --output "${file}.sig"
@@ -317,7 +315,8 @@ jobs:
             ### Verification
 
             All downloads are signed with ML-DSA-65 (FIPS 204) post-quantum signatures.
-            Download the corresponding `.sig` file and verify:
+            Download `ant-keygen` from [WithAutonomi/ant-keygen](https://github.com/WithAutonomi/ant-keygen/releases)
+            and verify:
 
             ```bash
             ant-keygen verify --key release-signing-key.pub --input <file> --signature <file>.sig

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -18,10 +18,6 @@ path = "src/lib.rs"
 name = "ant-node"
 path = "src/bin/ant-node/main.rs"
 
-[[bin]]
-name = "ant-keygen"
-path = "src/bin/keygen.rs"
-
 [[bin]]
 name = "ant-devnet"
 path = "src/bin/ant-devnet/main.rs"

diff --git a/deploy/scripts/spawn-nodes.sh b/deploy/scripts/spawn-nodes.sh
@@ -40,7 +40,6 @@ download_binary() {
     echo "Extracting..."
     tar -xzf /tmp/ant-node.tar.gz -C /tmp
     mv /tmp/ant-node "$BINARY_PATH"
-    mv /tmp/ant-keygen /usr/local/bin/ant-keygen 2>/dev/null || true
     chmod +x "$BINARY_PATH"
     rm -f /tmp/ant-node.tar.gz
 

diff --git a/deploy/terraform/cloud-init/worker.yml b/deploy/terraform/cloud-init/worker.yml
@@ -38,18 +38,16 @@ write_files:
       ARCHIVE_URL="https://github.com/WithAutonomi/ant-node/releases/download/v$${ANT_VERSION}/ant-node-cli-$${PLATFORM}.tar.gz"
       SIG_URL="$${ARCHIVE_URL}.sig"
       BINARY_PATH="/usr/local/bin/ant-node"
-      KEYGEN_PATH="/usr/local/bin/ant-keygen"
 
       echo "Downloading ant-node v$${ANT_VERSION} for $${PLATFORM}..."
       cd /tmp
       curl -L -o ant-node.tar.gz "$${ARCHIVE_URL}"
       curl -L -o ant-node.tar.gz.sig "$${SIG_URL}" || echo "No signature file (dev release)"
 
-      # Extract binaries
+      # Extract binary
       tar -xzf ant-node.tar.gz
       mv ant-node "$${BINARY_PATH}"
-      mv ant-keygen "$${KEYGEN_PATH}" || true
-      chmod +x "$${BINARY_PATH}" "$${KEYGEN_PATH}" 2>/dev/null || true
+      chmod +x "$${BINARY_PATH}"
       rm -f ant-node.tar.gz ant-node.tar.gz.sig
 
       echo "Installed ant-node v$${ANT_VERSION}"

diff --git a/scripts/testnet/build-and-deploy.sh b/scripts/testnet/build-and-deploy.sh
@@ -66,7 +66,6 @@ ssh -o StrictHostKeyChecking=no "root@${BUILD_HOST}" "
 echo "=== Installing on build host ==="
 ssh -o StrictHostKeyChecking=no "root@${BUILD_HOST}" "
     cp /root/ant-node/target/release/ant-node /usr/local/bin/
-    cp /root/ant-node/target/release/ant-keygen /usr/local/bin/ 2>/dev/null || true
     chmod +x /usr/local/bin/ant-node
     /usr/local/bin/ant-node --version
 "

diff --git a/scripts/testnet/deploy-all.sh b/scripts/testnet/deploy-all.sh
@@ -44,7 +44,6 @@ for i in "${!WORKERS[@]}"; do
         curl -sL '${BINARY_URL}' -o ant-node.tar.gz
         tar xzf ant-node.tar.gz
         mv ant-node /usr/local/bin/
-        mv ant-keygen /usr/local/bin/ 2>/dev/null || true
         chmod +x /usr/local/bin/ant-node
         rm -f ant-node.tar.gz
         /usr/local/bin/ant-node --version