public
/
docs
5
0
Fork 0
Code Issues 8 Pull Requests 1 Packages Projects Releases Wiki Activity

add instructions for generating encryption keys

This commit is contained in:
Anton Livaja 2025-01-29 05:38:31 -05:00
parent bd3cc8c118
commit 536eae4493
Signed by: anton
GPG Key ID: 44A86CFF1FDF0E85
3 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md
View File

@ -32,7 +32,9 @@ This is a ceremony for generating and sharding entropy to a set of existing Quor
1. Run the command to generate new entropy and shard it to quorum of public certificates of the input shardfile: 1. Run the command to generate new entropy and shard it to quorum of public certificates of the input shardfile:
* `keyfork mnemonic generate --size 256 --shard-to <path_to_input_shard>,output=<output_shardfile>` * Replace the values: <path_to_input_shard>, <output_shardfile>, <output_pgp_cert_path>, <pgp_cert_id>
* `keyfork mnemonic generate --size 256 --shard-to <path_to_input_shard>,output=<output_shardfile> --output-cert <output_pgp_cert_path> --user-id <pgp_cert_id>`
1. Unseal an SD card pack 1. Unseal an SD card pack
@ -46,6 +48,8 @@ This is a ceremony for generating and sharding entropy to a set of existing Quor
1. `cp <shard_file_name> /media/<media_name>` 1. `cp <shard_file_name> /media/<media_name>`
1. `cp <output_pgp_cert_path> /media/cert.asc`
1. Each backup should be placed into High Visibility Storage after it's made 1. Each backup should be placed into High Visibility Storage after it's made
<!-- <!--

4
quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md
View File

@ -32,7 +32,9 @@ This is a ceremony for generating entropy which is used to derive Quorum PGP key
1. Run the relevant keyfork wizard to perform the ceremony: 1. Run the relevant keyfork wizard to perform the ceremony:
* `keyfork wizard generate-shard-secret --threshold <M> --max <N> --keys-per-shard=<number_of_smart_cards_per_operator> --output shardfile.asc --cert-output keyring.asc` * Replace the following values: <M>, <N>, <number_of_smart_cards_per_operator>, <output_pgp_cert_path>, <pgp_cert_id>
* `keyfork wizard generate-shard-secret --threshold <M> --max <N> --keys-per-shard=<number_of_smart_cards_per_operator> --output shardfile.asc --cert-output keyring.asc --output-cert <output_pgp_cert_path> --user-id <pgp_cert_id>`
1. Unseal an SD card pack 1. Unseal an SD card pack

1
quorum-vault-system/src/generated-documents/level-2/operator-requirements.md
View File

@ -4,7 +4,6 @@
## For Quorum Based Operations ## For Quorum Based Operations
// ANCHOR: requirements // ANCHOR: requirements
* [Air-gapped bundle](/generated-documents/level-2/fixed-location/provisioner/air-gapped-bundle.md) * [Air-gapped bundle](/generated-documents/level-2/fixed-location/provisioner/air-gapped-bundle.md)
* Minimum of 2 [Operators](/system-roles.md#operator) * Minimum of 2 [Operators](/system-roles.md#operator)