public
/
docs
5
0
Fork 0
Code Issues 18 Pull Requests 1 Packages Projects Releases Wiki Activity

more refactoring

This commit is contained in:
Anton Livaja 2025-01-15 14:17:38 -05:00
parent c5682b871f
commit 17bc691cf6
Signed by: anton
GPG Key ID: 44A86CFF1FDF0E85
8 changed files with 42 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
quorum-key-management/src/SUMMARY.md
View File

@ -8,11 +8,12 @@
* [Location](locations.md) * [Location](locations.md)
* [Glossary](glossary.md) * [Glossary](glossary.md)
* [Generated Documents]() * [Generated Documents]()
* [All Levels]()
* [Provision Personal PGP Signing Keys On-Board Smart Card](generated-documents/all-levels/provision-pgp-signing-keys-on-board-smart-card.md)
* [Level 2]() * [Level 2]()
* [Fixed-Location]() * [Fixed-Location]()
* [Procurer](generated-documents/level-2/fixed-location/procurer/index.md) * [Procurer](generated-documents/level-2/fixed-location/procurer/index.md)
* [Procure Facility](generated-documents/level-2/fixed-location/procurer/procure-facility.md) * [Procure Facility](generated-documents/level-2/fixed-location/procurer/procure-facility.md)
* [Provision PGP Signing Keys On-Board Smart Card](generated-documents/level-2/fixed-location/procurer/provision-pgp-signing-keys-on-board-smart-card.md)
* [Procure Tamper Proofing Equipment](generated-documents/level-2/fixed-location/procurer/procure-tamper-proofing-equipment.md) * [Procure Tamper Proofing Equipment](generated-documents/level-2/fixed-location/procurer/procure-tamper-proofing-equipment.md)
* [Procure Hardware](generated-documents/level-2/fixed-location/procurer/procure-hardware.md) * [Procure Hardware](generated-documents/level-2/fixed-location/procurer/procure-hardware.md)
* [Provisioner](generated-documents/level-2/fixed-location/provisioner/index.md) * [Provisioner](generated-documents/level-2/fixed-location/provisioner/index.md)

2
quorum-key-management/src/generated-documents/level-2/fixed-location/procurer/provision-pgp-signing-keys-on-board-smart-card.md → quorum-key-management/src/generated-documents/all-levels/provision-pgp-signing-keys-on-board-smart-card.md
View File

@ -8,4 +8,4 @@
## Procedure ## Procedure
{{ #include ../../../../component-documents/openpgp-setup.md:steps-on-key-gen }} {{ #include ../../component-documents/openpgp-setup.md:steps-on-key-gen }}

20
quorum-key-management/src/generated-documents/level-2/fixed-location/operator/coins/pyth-spl/sign-transaction.md
View File

@ -2,28 +2,12 @@
## Requirements ## Requirements
* 2 Operators * [Operator PGP key pairs](../../key-types.md#operator-pgp-keypair)
* Ensure both primary operators have their [Shard-Bearer Keys](../../pgp-key-provisioning.md) {{ #include ../../../../operator-requirements.md:requirements }}
* Both operators should print photographic evidence from digital cameras which is stored in a PGP signed repository. The photographs should be of the top and underside of the vacuum sealed object.
* The operators should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys (found in ceremonies repo)
* Shardfile on SD card
* Keychain SD card
* Air-gapped bundle * Air-gapped bundle
* Tamper proofing equipment
* Ceremony notes
* AirgapOS hash
* Trusted PGP key fingeprints IDs
## Procedure ## Procedure
1. Verify all transactions for the ceremony in the `ceremonies` repository, ensuring that all the transactions are properly signed by the proposer and the approver using PGP keys which have been checked into ceremonies repository. 1. Verify all transactions for the ceremony in the `ceremonies` repository, ensuring that all the transactions are properly signed by the proposer and the approver using PGP keys which have been checked into ceremonies repository.

30
quorum-key-management/src/generated-documents/level-2/fixed-location/operator/pgp-key-provisioning.md
View File

@ -2,7 +2,17 @@
## Requirements ## Requirements
{{ #include ../../operator-requirements.md:requirements }} * 2 Operators
* [Personal PGP key pairs](../../key-types.md#personal-pgp-keypair)
* Air-gapped bundle
* Tamper-proofing equipment
* Both operators should print photographic evidence from digital cameras which is stored in a PGP signed repository. The photographs should be of the top and underside of the vacuum sealed object.
* The operators should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys found in the "ceremonies" repo
* For each new key to be provisioned: * For each new key to be provisioned:
@ -18,4 +28,20 @@
1. Unseal the Air-Gapped bundle consisting of a air-gapped laptop, "AirgapOS" SD card and "Keychain" SD card 1. Unseal the Air-Gapped bundle consisting of a air-gapped laptop, "AirgapOS" SD card and "Keychain" SD card
{{ #include ../../../../component-documents/openpgp-setup.md:steps-keyfork}} {{ #include ../../../../component-documents/openpgp-setup.md:steps-keyfork}}
#### Sealing
1. Gather all the original items that were in the air-gapped bundle:
* Air-gapped computer
* AirgapOS SD card
* Shardfile SD card
* Keychain SD card
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}}

3
quorum-key-management/src/generated-documents/level-2/fixed-location/operator/root-entropy-generation.md
View File

@ -4,8 +4,9 @@ This is a ceremony for generating root entropy.
## Requirements ## Requirements
{{ #include ../../operator-requirements.md:requirements }} * [Operator PGP key pairs](../../key-types.md#operator-pgp-keypair)
{{ #include ../../operator-requirements.md:requirements }}
* Each member needs to bring their: * Each member needs to bring their:

2
quorum-key-management/src/generated-documents/level-2/fixed-location/procurer/index.md
View File

@ -18,7 +18,7 @@ The procurer is responsible for:
## Order of Operations ## Order of Operations
1. Provisioning [Signing PGP Keys](./provision-pgp-signing-keys-on-board-smart-card.md) 1. Provisioning [Personal PGP Keys](./provision-pgp-signing-keys-on-board-smart-card.md)
1. Procuring a [facility](./procure-facility.md) 1. Procuring a [facility](./procure-facility.md)

6
quorum-key-management/src/generated-documents/level-2/operator-requirements.md
View File

@ -4,9 +4,11 @@
## For Quorum Based Operations ## For Quorum Based Operations
// ANCHOR: requirements // ANCHOR: requirements
* Adequate quorum (M individuals of a M of N quorum) * [Personal PGP key pairs](../../key-types.md#personal-pgp-keypair)
* [Operator PGP key pairs](../../key-types.md#operator-pgp-keypair) * Air-gapped bundle
* Adequate quorum (M individuals of a M of N quorum)
* Tamper-proofing equipment * Tamper-proofing equipment

2
quorum-key-management/src/key-types.md
View File

@ -4,6 +4,8 @@
Used for day to day operations such as signing keys being added to keychain, signing tamper evidence, signing transaction requests and approvals etc. Used for day to day operations such as signing keys being added to keychain, signing tamper evidence, signing transaction requests and approvals etc.
When bootstrapping a system, the initial PGP keys can be generated on-board a smart card using [this guide](./generated-documents/all-levels/provision-pgp-signing-keys-on-board-smart-card.md).
### Requirements ### Requirements
* MUST not be transferred * MUST not be transferred