quorum-vault-system: use new mnemonic generation system

2025-02-25 22:52:14 -05:00 · 2025-02-25 22:52:14 -05:00 · 2237d0cd21
parent c49352a622
commit 2237d0cd21
4 changed files with 18 additions and 20 deletions
--- a/quorum-vault-system/src/component-documents/autorun-sh-setup.md
+++ b/quorum-vault-system/src/component-documents/autorun-sh-setup.md
@ -9,14 +9,14 @@ This setup can be done on any machine.
    * In your Terminal use this command: `vi autorun.sh`

    * Once you are in the editor press "i" to enter "insert mode"
-    
-    * Type in the contents, replacing <N> and <M> with your chosen threshold numbers according to your [Quorum](selecting-quorum.md):
-    
+
+    * Type in the contents, replacing <M>, <N>, <number_of_smart_cards_per_operator>, <pgp_user_id> with your chosen threshold numbers according to your [Quorum](selecting-quorum.md):
+
    ```sh
    #!/bin/sh
-    keyfork wizard generate-shard-secret --threshold <M> --max <N> --output shards.pgp
+    keyfork mnemonic generate --shard-to-self shardfile.asc,threshold=<M>,max=<N>,cards_per_shard=<number_of_smart_cards_per_operator>,cert_output=keyring.asc --derive='openpgp --public "<pgp_user_id>" --output certificate.asc'
    ```
-    
+
    * Press "esc"
    * Press ":"
    * Press "x"
@ -38,4 +38,4 @@ This setup can be done on any machine.

    c. Copy the `autorun.sh` file to the Storage Device

-1. Make note of this hash on a piece of paper or print it as you will need it to verify the file during Ceremonies.
+1. Make note of this hash on a piece of paper or print it as you will need it to verify the file during Ceremonies.
--- a/quorum-vault-system/src/component-documents/openpgp-setup.md
+++ b/quorum-vault-system/src/component-documents/openpgp-setup.md
@ -28,12 +28,12 @@ as such need to be set up in a manner that minimizes exposure risks.
 	Ensure the User ID is your name and your email.

    ```
-    $ keyfork mnemonic generate --encrypt-to-self output=encrypted.asc --provision openpgp-card,userid="Your Name <your@email.co>"
+	$ keyfork mnemonic generate --encrypt-to-self encrypted.asc --provision openpgp-card --derive='openpgp --public "Your Name <your@email.co>"'
    ```

-	The `count=` variable can be provided to `provision` to ensure the correct
-	amount of smartcards is provisioned - the program will error if the amount
-	of smartcards available is not equal to the count requested.
+	The `--provision-count` option can be provided to ensure the correct amount
+	of smartcards is provisioned - the program will error if the amount of
+	smartcards available is not equal to the count requested.

 	Note: The PIN can't use sequential numbers, characters or repeated patterns.

--- a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md
+++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md
@ -20,9 +20,9 @@ This is a ceremony for generating and sharding entropy to a set of existing Quor

 1. Run the command to generate new entropy and shard it to quorum of public certificates of the input shardfile:

-    * Replace the values: <path_to_input_shard>
+    * Replace the values: <path_to_input_shard>, <pgp_user_id>

-    * `keyfork mnemonic generate --shard-to <path_to_input_shard>,output=shardfile.asc --encrypto-to-self encryption_certificate.asc,userid=<namespace>`
+    * `keyfork mnemonic generate --shard-to <path_to_input_shard>,output=shardfile.asc --derive='openpgp --public "<pgp_user_id>" --output certificate.asc'

 1. Unseal an SD card pack

@ -35,9 +35,10 @@ This is a ceremony for generating and sharding entropy to a set of existing Quor
 1. Back up the files     
    ```
    $ cp shardfile.asc /media/vaults/<namespace>/
-    TODO (NOT IMPLEMENTED): $ cp encryption_certificate.asc /media/vaults/<namespace>/
+    $ cp certificate.asc /media/vaults/<namespace>/
    $ cp -r /media/vaults /root/
    ```
+
 1. To create additional backups of the updated `vaults` repository, plug in SD cards one at a time and use following steps to back up ceremony artifacts

    1. Plug in fresh SD card
--- a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md
+++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md
@ -18,15 +18,12 @@ This is a ceremony for generating entropy which is used to derive Quorum PGP key

 {{ #include template-ceremony-setup.md:content }}

-1. Run the relevant keyfork wizard to perform the ceremony:
+1. Run the relevant keyfork operation to perform the ceremony:

-    * Replace the following values: \<M>, \<N>, <number_of_smart_cards_per_operator>, <pgp_cert_id> with appropriate values 
+    * Replace the following values: \<M>, \<N>, <number_of_smart_cards_per_operator>, <pgp_user_id> with appropriate values 

-    * `keyfork wizard generate-shard-secret --threshold <M> --max <N> --keys-per-shard=<number_of_smartcards_per_operator> --output shardfile.asc --cert-output keyring.asc`
+	* `keyfork mnemonic generate --shard-to-self shardfile.asc,threshold=<M>,max=<N>,cards_per_shard=<number_of_smartcards_per_operator>,cert_output=keyring.asc --derive='openpgp --public "<pgp_user_id>" --output certificate.asc'`
    
-    * TODO - NOT IMPLEMENTED:
-        `--derive-openpgp-cert encryption_cert.asc,userid=<pgp_cert_id>`
-
 1. Unseal an SD card pack by following tamper proofing steps:

 {{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}
@ -39,7 +36,7 @@ This is a ceremony for generating entropy which is used to derive Quorum PGP key
    ```
    $ cp shardfile.asc /media/vaults/<namespace>/ 
    $ cp keyring.asc /media/vaults/<namespace>/
-    TODO (NOT IMPLEMENTED): $ cp encryption_cert.asc /media/vaults/<namespace>/
+    $ cp certificate.asc /media/vaults/<namespace>/
    $ cp -r /media/vaults /root/
    ```