update tranaction signing flow
This commit is contained in:
parent
17bc691cf6
commit
656e141fe9
|
@ -2,19 +2,19 @@
|
|||
|
||||
## Requirements
|
||||
|
||||
* Online machine
|
||||
|
||||
* [Operator PGP key pairs](../../key-types.md#operator-pgp-keypair)
|
||||
|
||||
{{ #include ../../../../operator-requirements.md:requirements }}
|
||||
|
||||
* Air-gapped bundle
|
||||
|
||||
## Procedure
|
||||
|
||||
1. Verify all transactions for the ceremony in the `ceremonies` repository, ensuring that all the transactions are properly signed by the proposer and the approver using PGP keys which have been checked into ceremonies repository.
|
||||
|
||||
1. Copy the transactions and signatures to an SD card
|
||||
|
||||
1. Enter the designated location with the 2 operators and all required equipment
|
||||
1. Enter the designated location with the quorum of operators and all required equipment
|
||||
|
||||
1. Lock access to the location - there should be no inflow or outflow of people during the ceremony
|
||||
|
||||
|
@ -26,69 +26,66 @@
|
|||
|
||||
### Ceremony
|
||||
|
||||
1. Turn on online machine
|
||||
|
||||
1. Once booted, run `icepick workflow sol broadcast --nonce-address=<nonce_address>` command
|
||||
|
||||
- [ ] TODO find a place for the nonce_address in the ceremony repo
|
||||
|
||||
* Plug in "Transaction" SD card
|
||||
|
||||
* Await completion message before removing "Transaction" SD card
|
||||
|
||||
* This command will set the computer into "awaiting mode", which will broadcast the signed transaction from the SD card once it's plugged back in
|
||||
|
||||
1. Plug in SD card labelled "AirgapOS" into the air-gapped machine
|
||||
|
||||
1. Boot the computer and verify the hash of the version of AirgapOS that's booted
|
||||
1. Boot the computer
|
||||
|
||||
1. Unplug the "AirgapOS" SD card
|
||||
|
||||
1. Plug in SD card labelled "Keychain"
|
||||
|
||||
* Load well known PGP keys of proposer and approver along with detached signatures of the keys
|
||||
|
||||
* Load well known PGP keys of proposer and approver
|
||||
* `gpg --import <keyfile_name>`
|
||||
|
||||
1. Plug in the SD card with transactions and signatures
|
||||
1. Use detached signatures of the keys on the SD cards to verify the pub certs
|
||||
|
||||
- [ ] write bash script that for each pub cert, looks for 2 detached sigs made by two other certs
|
||||
|
||||
1. Unplug the "Keychain" SD card
|
||||
|
||||
1. Insert SD card labelled "Shardfile"
|
||||
|
||||
1. [ ] in root entropy ceremony add step to write an autorun.sh script to shardfile sd card that runs `keyfork recover shard --daemon`
|
||||
|
||||
* Follow on screen prompts
|
||||
|
||||
1. Unplug SD card labelled "Shardfile"
|
||||
|
||||
1. Plug in the "Transaction" SD card
|
||||
|
||||
1. For each transaction, verify that the signature is made by trusted keys that are loaded in the gpg keyring:
|
||||
|
||||
* `gpg --verify <detached_signature>`
|
||||
|
||||
1. Insert SD card labelled "Shardfile"
|
||||
- [ ] todo write a script for this
|
||||
|
||||
1. `keyfork recover shard --daemon`
|
||||
1. Run the `icepick` command with the transaction payload
|
||||
|
||||
* `icepick workflow sol transfer-token --input-file=<payload.json>`
|
||||
|
||||
* Follow on screen prompts
|
||||
|
||||
1. As a last step, run the `icepick` command which is awaiting the transaction payload
|
||||
|
||||
* `icepick workflow sol-transfer`
|
||||
|
||||
* Follow on screen prompts
|
||||
|
||||
1. Run `icepick workflow sol-broadcast` command
|
||||
|
||||
* Wait for prompt and plug in fresh SD card
|
||||
|
||||
* Await completion message before removing SD card
|
||||
|
||||
* This command will set the computer into "awaiting mode", which will broadcast the signed transaction from the SD card once it's plugged back in
|
||||
|
||||
1. Unplug the SD card and pass it to the air-gapped machine operators
|
||||
|
||||
### Sign Transaction
|
||||
|
||||
1. Plug in SD card with transaction payload
|
||||
|
||||
1. Wait for the screen to display the transaction information. (NOT IMPLEMENTED)
|
||||
|
||||
* In the background:
|
||||
|
||||
* The transaction is constructed
|
||||
|
||||
* Signatures of tx data are verified against well known keys which were loaded by operators into local GPG keychain and signed by operators (NOT IMPLEMENTED)
|
||||
|
||||
1. If any issues are detected with data you will be prompted and should initiate [incident response (todo)](todo)
|
||||
|
||||
1. Wait for the "completed" message
|
||||
|
||||
1. Unplug and give the SD card back to the online machine operator
|
||||
1. Unplug the "Transaction" SD card
|
||||
|
||||
### Broadcast Transaction
|
||||
|
||||
1. Online machine operator takes the SD card to online machine and plugs it in
|
||||
1. Plug the "Transaction" SD card into online machine
|
||||
|
||||
1. The still running process from running the command to create the transaction in [Obtain Transaction Request](#obtain-transaction-request) will broadcast the transaction automatically
|
||||
1. The still running broadcast command on the online machine will broadcast the transaction automatically
|
||||
|
||||
1. Await the "completed" message
|
||||
1. The url that's found in the response after a successful broadcast should be reviewed and committed to the ceremony repository
|
||||
|
||||
### Finalization
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
|
||||
* Air-gapped bundle
|
||||
|
||||
* Adequate quorum (M individuals of a M of N quorum)
|
||||
* Adequate quorum of operators (M individuals of a M of N quorum)
|
||||
|
||||
* Tamper-proofing equipment
|
||||
|
||||
|
|
Loading…
Reference in New Issue