diff --git a/quorum-vault-system/src/generated-documents/level-2/fixed-location/approver/approve-transaction.md b/quorum-vault-system/src/generated-documents/level-2/fixed-location/approver/approve-transaction.md index 7f71f10..74592c0 100644 --- a/quorum-vault-system/src/generated-documents/level-2/fixed-location/approver/approve-transaction.md +++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/approver/approve-transaction.md @@ -48,10 +48,6 @@ The approver is responsible for verifying a transaction proposed by a [proposer] 1. Plug in the Operator smart card -1. Set a local variable `pgp_key_id` to the smart card OpenPGP key id: - - * `pgp_key_id="$(oct list -i | head -1)"` - 1. Copy the git repo locally from the Ceremony SD card * `cp -r /media//vaults /root/vaults` @@ -60,31 +56,9 @@ The approver is responsible for verifying a transaction proposed by a [proposer] * `cd /root/vaults` -1. Verify the detached signature for the payload +1. Verify the existing signatures and add your own signature: - * `gpg --verify ..json ...sig` - - * The filename will be of format: `//ceremonies//payloads/payload_.json` - -1. Verify the key is authenticated: - - * `sq-wot --gpg list ""` - - * Ensure the output of the command includes "fully authenticated" - -1. Sign the transaction payload: - - * `gpg --detach-sign /ceremonies//payloads/payload_.json > /ceremonies//payloads/payload__$pgp_key_id.sig` - - * e.g `gpg --detach-sign solana-01/ceremonies/2025-01-01/payloads/payload_1.json > solana-01/ceremonies/2025-01-01/payloads/payload_1_F4BF5C81EC78A5DD341C91EEDC4B7D1F52E0BA4D.sig` - -1. Stage the modified file: - - * `git add /ceremonies//payloads/payload__$pgp_key_id.sig` - -1. Create a signed git commit: - - * `git commit -S -m "add payload signature for payload_.json using $pgp_key_id"` + * `icepick workflow --add-signature-to-file /ceremonies//payload_.json --shardfile .asc` 1. {{ #include ../../../../component-documents/finding-device-name.md:content }} @@ -106,6 +80,14 @@ The approver is responsible for verifying a transaction proposed by a [proposer] * `cd ~/vaults` +1. Stage the modified file: + + * `git add /ceremonies//payloads/*` + +1. Create a signed git commit: + + * `git commit -S -m "add payload signature for payload_.json"` + 1. Push the latest commit to the repository * `git push origin main` diff --git a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sol/transfer-token.md b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sol/transfer-token.md index 378b270..3ea24f8 100644 --- a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sol/transfer-token.md +++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sol/transfer-token.md @@ -50,30 +50,6 @@ 1. Retrieve Ceremony SD card from High Visibility Storage and plug it into the air-gapped machine -1. Verify keyring data from the Ceremony SD card: - - 1. Import keys into the system - - * `gpg --import keys/all/*.asc` - - 1. Plug in the operator's smartcard, and ensure it is loaded: - - * `gpg --card-status` - - 1. Print the list of trusted keys: - - * `sq-wot --gpg list` - - 1. Repeat for every operator, ensuring all keys are cross-trusted. - - 1. Terminate `gpg-agent`: `killall gpg-agent` - -1. Verify all signatures for the workflow data: - - * `for file in .*.sig; do echo "Verifying: $file"; gpg --verify "${file}" ""; done` - - * Ensure that the script doesn't output any "WARNING" messages to the console. If it does, abort the ceremony and initiate incident response. - 1. Start Keyfork using the relevant Shardfile: * `keyfork recover shard --daemon /media/external/shard.asc` @@ -84,7 +60,7 @@ 1. Run the `icepick` command with the transaction payload - * `icepick workflow sol transfer-token --input-file=<(jq .values )` + * `icepick workflow --run-quorum .json --shardfile /media/external/shard.asc` * Follow on screen prompts diff --git a/quorum-vault-system/src/generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md b/quorum-vault-system/src/generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md index 22b249f..d540180 100644 --- a/quorum-vault-system/src/generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md +++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md @@ -74,10 +74,6 @@ The proposer must combine these values into a JSON file, such as: 1. Plug in the Operator smart card -1. Set a local variable `smart_card_id` to the smart card OpenPGP key id: - - * `smart_card_id="$(oct list -i | head -1)"` - 1. Copy the git repo locally from the Ceremony SD card * `cp -r /media//vaults /root/vaults` @@ -92,58 +88,13 @@ The proposer must combine these values into a JSON file, such as: * e.g `mkdir -p solana-01/ceremonies/2025-01-01/payloads` -1. Create a new file `payload_.json`, for example `payload_1.json` +1. Use `icepick workflow --help` to list the available workflows and options - * `touch /ceremonies//payloads/payload_.json` +1. Use icepick to generate and sign the payload: - * e.g `touch solana-01/ceremonies/2025-01-01/payloads/payload_1.json` + * `icepick workflow <--option value> <--option value> --export-for-quorum --sign > ` -1. Collect data for the transaction being sent, and structure it according to the template below, replacing values with valid ones. The values have to come from a organization approved list of values, for each field, except for `datetime` which is just the current date and time. - - * Write the data to the file: `vim /ceremonies//payloads/payload_.json` - - ```json - { - "workflow": ["", ""], - "values": { - "": "" - }, - "proposal_datetime": "" - } - ``` - - Example data object: - - ```json - { - "workflow": ["cosmos", "withdraw"], - "values": { - "delegate_address": "kyve1q9w3nar74up6mxnwd428wpr5nffcw3360tkxer", - "validator_address": "kyvevaloper1ghpmzfuggm7vcruyhfzrczl4aczy8gas8guslh", - "asset_name": "KYVE", - "asset_amount": "0.4", - "chain_name": "korellia" - }, - "proposal_datetime": "2025-01-28T18:18:00" - } - ``` -1. Import the keys relevant to the ceremony: - - * `gpg --import /keyring.asc` - -1. Sign the data in the CLI using `gpg` or another OpenPGP implementation: - - * `gpg --detach-sign /ceremonies//payloads/_.json > /ceremonies//payloads/payload__$smart_card_id.sig` - - * e.g `gpg --detach-sign solana-01/ceremonies/2025-01-01/payloads/payload_1.json > solana-01/ceremonies/2025-01-01/payloads/payload_1_F4BF5C81EC78A5DD341C91EEDC4B7D1F52E0BA4D.sig` - -1. Stage the new file: - - * `git add /ceremonies//payloads/..$smart_card_id.sig` - -1. Create a signed git commit: - - * `git commit -S -m "add payload signature for payload_.sig using $smart_card_id"` + * e.g `icepick workflow cosmos withdraw-rewards --delegate-address kyve1q9w3nar74up6mxnwd428wpr5nffcw3360tkxer --validator-address kyvevaloper1ghpmzfuggm7vcruyhfzrczl4aczy8gas8guslh --chain-name korellia --export-for-quorum --sign > /ceremonies//payloads/payload_.json` 1. {{ #include ../../../../component-documents/finding-device-name.md:content }} @@ -165,6 +116,14 @@ The proposer must combine these values into a JSON file, such as: * `cd ~/vaults` +1. Stage the modified file: + + * `git add /ceremonies//payloads/*` + +1. Create a signed git commit: + + * `git commit -S -m "add payload signature for payload_.json"` + 1. Push the latest commit to the repository * `git push origin main`