update tranaction signing flow

This commit is contained in:
Anton Livaja 2025-01-17 03:21:51 -05:00
parent 17bc691cf6
commit 656e141fe9
Signed by: anton
GPG Key ID: 44A86CFF1FDF0E85
2 changed files with 43 additions and 46 deletions

View File

@ -2,19 +2,19 @@
## Requirements
* Online machine
* [Operator PGP key pairs](../../key-types.md#operator-pgp-keypair)
{{ #include ../../../../operator-requirements.md:requirements }}
* Air-gapped bundle
## Procedure
1. Verify all transactions for the ceremony in the `ceremonies` repository, ensuring that all the transactions are properly signed by the proposer and the approver using PGP keys which have been checked into ceremonies repository.
1. Copy the transactions and signatures to an SD card
1. Enter the designated location with the 2 operators and all required equipment
1. Enter the designated location with the quorum of operators and all required equipment
1. Lock access to the location - there should be no inflow or outflow of people during the ceremony
@ -26,69 +26,66 @@
### Ceremony
1. Turn on online machine
1. Once booted, run `icepick workflow sol broadcast --nonce-address=<nonce_address>` command
- [ ] TODO find a place for the nonce_address in the ceremony repo
* Plug in "Transaction" SD card
* Await completion message before removing "Transaction" SD card
* This command will set the computer into "awaiting mode", which will broadcast the signed transaction from the SD card once it's plugged back in
1. Plug in SD card labelled "AirgapOS" into the air-gapped machine
1. Boot the computer and verify the hash of the version of AirgapOS that's booted
1. Boot the computer
1. Unplug the "AirgapOS" SD card
1. Plug in SD card labelled "Keychain"
* Load well known PGP keys of proposer and approver along with detached signatures of the keys
* Load well known PGP keys of proposer and approver
* `gpg --import <keyfile_name>`
1. Plug in the SD card with transactions and signatures
1. Use detached signatures of the keys on the SD cards to verify the pub certs
- [ ] write bash script that for each pub cert, looks for 2 detached sigs made by two other certs
1. Unplug the "Keychain" SD card
1. Insert SD card labelled "Shardfile"
1. [ ] in root entropy ceremony add step to write an autorun.sh script to shardfile sd card that runs `keyfork recover shard --daemon`
* Follow on screen prompts
1. Unplug SD card labelled "Shardfile"
1. Plug in the "Transaction" SD card
1. For each transaction, verify that the signature is made by trusted keys that are loaded in the gpg keyring:
* `gpg --verify <detached_signature>`
1. Insert SD card labelled "Shardfile"
- [ ] todo write a script for this
1. `keyfork recover shard --daemon`
1. Run the `icepick` command with the transaction payload
* `icepick workflow sol transfer-token --input-file=<payload.json>`
* Follow on screen prompts
1. As a last step, run the `icepick` command which is awaiting the transaction payload
* `icepick workflow sol-transfer`
* Follow on screen prompts
1. Run `icepick workflow sol-broadcast` command
* Wait for prompt and plug in fresh SD card
* Await completion message before removing SD card
* This command will set the computer into "awaiting mode", which will broadcast the signed transaction from the SD card once it's plugged back in
1. Unplug the SD card and pass it to the air-gapped machine operators
### Sign Transaction
1. Plug in SD card with transaction payload
1. Wait for the screen to display the transaction information. (NOT IMPLEMENTED)
* In the background:
* The transaction is constructed
* Signatures of tx data are verified against well known keys which were loaded by operators into local GPG keychain and signed by operators (NOT IMPLEMENTED)
1. If any issues are detected with data you will be prompted and should initiate [incident response (todo)](todo)
1. Wait for the "completed" message
1. Unplug and give the SD card back to the online machine operator
1. Unplug the "Transaction" SD card
### Broadcast Transaction
1. Online machine operator takes the SD card to online machine and plugs it in
1. Plug the "Transaction" SD card into online machine
1. The still running process from running the command to create the transaction in [Obtain Transaction Request](#obtain-transaction-request) will broadcast the transaction automatically
1. The still running broadcast command on the online machine will broadcast the transaction automatically
1. Await the "completed" message
1. The url that's found in the response after a successful broadcast should be reviewed and committed to the ceremony repository
### Finalization

View File

@ -8,7 +8,7 @@
* Air-gapped bundle
* Adequate quorum (M individuals of a M of N quorum)
* Adequate quorum of operators (M individuals of a M of N quorum)
* Tamper-proofing equipment