45 lines
1.5 KiB
Markdown
45 lines
1.5 KiB
Markdown
|
# Operator Key Provisioning
|
||
|
|
|
||
|
|
## Description
|
||
|
|
This guide can be used for provisioning Operator key pairs, and the output of
|
||
|
|
the ceremony is a set of the following for each Operator:
|
||
|
|
* Smart Card(s) seeded with PGP keys
|
||
|
|
* Storage Device with a backup of:
|
||
|
|
* PGP key pair public key
|
||
|
|
|
||
|
|
## Requirements
|
||
|
|
* Smart Card(s): whatever number of smart cards you would like to have seeded
|
||
|
|
for each Operator, usually 2 per Operator is recommended - one NitroKey 3 and
|
||
|
|
1 YubiKey Series 5.
|
||
|
|
|
||
|
|
* [Storage Devices](equipment.md#storage-device): as many storage devices as you
|
||
|
|
would like for backing up [Public Ceremony Artifacts](public-ceremony-artifact-storage.md)
|
||
|
|
|
||
|
|
## Playbook
|
||
|
|
|
||
|
|
### Steps
|
||
|
|
This playbook allows the setup of any number of Operator Keys. For each Operator,
|
||
|
|
the steps that follow need to be repeated.
|
||
|
|
|
||
|
|
1. Bring the Ceremony Machine and [Quorum Team](quorum-team.md) into the
|
||
|
|
established [Location](location.md)
|
||
|
|
|
||
|
|
2. Boot your Ceremony Machine using [Secure Boot Sequence](secure-boot-sequence.md)
|
||
|
|
|
||
|
|
3. Plug in a new Storage Device
|
||
|
|
|
||
|
|
4. Run `keyfork wizard operator` TODO: this command is not part of `keyfork` yet
|
||
|
|
|
||
|
|
5. As prompted plug in new Smart Cards
|
||
|
|
|
||
|
|
6. Once the ceremony is complete, make as many copies of the Storage Device
|
||
|
|
from Step 3 as desired.
|
||
|
|
|
||
|
|
7. Follow the [Physical Artifact Storage](physical-artifact-storage.md) guide
|
||
|
|
for storage of the Operator Smart Cards and Location Smart Cards
|
||
|
|
|
||
|
|
8. Follow the [Public Ceremony Artifacts Storage](public-ceremony-artifact-storage.md)
|
||
|
|
guide for all public artifacts produced during the ceremony
|
||
|
|
|
||
|
|
|