diff --git a/quorum-vault-system/src/SUMMARY.md b/quorum-vault-system/src/SUMMARY.md index 932523a..d3f5d67 100644 --- a/quorum-vault-system/src/SUMMARY.md +++ b/quorum-vault-system/src/SUMMARY.md @@ -35,6 +35,11 @@ * [Decrypt Namespace Secret](generated-documents/level-2/fixed-location/operator/decrypt-namespace-secret.md) * [Encrypt Wallet To Namespace PGP Key](generated-documents/level-2/fixed-location/operator/encrypt-wallet-to-namespace-key.md) * [Export Namespace Mnemonic](generated-documents/level-2/fixed-location/operator/export-namespace-mnemonic.md) - * [Coins - SOL]() - * [SOL - Generate Address](generated-documents/level-2/fixed-location/operator/coins/sol/generate-address.md) - * [SOL - Transfer Token](generated-documents/level-2/fixed-location/operator/coins/sol/transfer-token.md) + * [Coins]() + * [Generate Address](generated-documents/level-2/fixed-location/operator/coins/generate-address.md) + * [Sign and Broadcast Transaction](generated-documents/level-2/fixed-location/operator/coins/sign-and-broadcast-transaction.md) + * [SOL]() + * [Generate Nonce Account](generated-documents/level-2/fixed-location/operator/coins/sol/generate-nonce-account.md) + * [Sign Transaction](generated-documents/level-2/fixed-location/operator/coins/sol/sign-transaction.md) + * [Cosmos]() + * [Sign Transaction](generated-documents/level-2/fixed-location/operator/coins/cosmos/sign-transaction.md) diff --git a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/cosmos/sign-transaction.md b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/cosmos/sign-transaction.md new file mode 100644 index 0000000..a81d7c1 --- /dev/null +++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/cosmos/sign-transaction.md @@ -0,0 +1 @@ +# Sign Transaction diff --git a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/generate-address.md b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/generate-address.md new file mode 100644 index 0000000..e8d3138 --- /dev/null +++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/generate-address.md @@ -0,0 +1,122 @@ +# Generate Address + + +## Requirements + +{{ #include ../../../operator-requirements.md:requirements }} + +{{ #include ../../../../../component-documents/linux-workstation.md:content }} + +* [High Visibility Storage](TODO): plastic container or bag that's used to keep items while not in use in a visible location like the middle of a desk. + +* [Quorum PGP key pairs](../../key-types.md#quorum-pgp-keypair) + +* [Ceremony SD card](../../ceremony-sd-card-provisioning.md) + +## Procedure + +1. Enter the designated location with the quorum of operators and all required equipment + +1. Lock access to the location - there should be no inflow or outflow of people during the ceremony + +1. Place Ceremony SD card in High Visibility Storage + +1. Retrieve sealed Air-Gapped bundle, polaroid of tamper evidence, and online laptop from locked storage + +{{ #include ../../../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}} + +1. Place all contents except for the laptop into High Visibility Storage + +### Offline Machine: Generate Address + +1. Retrieve AirgapOS SD card and plug it into the air-gapped machine + +1. Turn on air-gapped machine + +1. Unplug the AirgapOS SD card and place it in High Visibility Storage + +1. Retrieve Ceremony SD card from High Visibility Storage and plug it into the air-gapped machine + +1. Copy the `vaults` repository to the machine and switch to it + ``` + $ cp -r /media/vaults /root/ + $ cd /root/vaults + ``` + +1. Start Keyfork using the relevant Shardfile: + + 1. `keyfork recover shard --daemon /shardfile.asc` + + 1. Follow on screen prompts + +1. If the desired `` directory doesn't exist for the namespace, create it: + + * `mkdir -p /` + + * e.g `mkdir -p vault_1/sol/` + +1. Connect to the appropriate coin directory: + + * `cd //` + +1. Check what the latest address account is: + + * `ls -la .` + +1. Find what the latest number for the address is, and add 1 to it. This will be the new address account. + + * For example if the latest address file is 42, the new account_id would be 43. The addresses should start at `0` + + * Set an environment variable with the new account_id: + + * `account_id=`, e.g `account_id=43` + +1. Generate a new address (replace `` with desired coin (`sol`, `cosmos`)): + + * `icepick workflow generate-address --account $account_id | jq -r .pubkey > $account_id.txt` + * [38 removes need to use jq](https://git.distrust.co/public/icepick/issues/38) + +1. Sign the file using: + + * Import OpenPGP keys: + + * `gpg --import /media//vaults/keys/all/*.asc` + + * `gpg --detach-sign $account_id.txt` + +1. You may repeat the previous steps, starting at the step where the `account_id` is set. + +1. Once finished, copy the updated repository back to the Ceremony SD card: + + * `cp -rf /root/vaults /media/` + +1. Shut down the air gapped machine + +1. Unplug the Ceremony SD card and place it into High Visibility Storage + +1. Transfer the SD card from the air-gapped machine to the online machine + +1. {{ #include ../../../../component-documents/finding-device-name.md:content }} + +1. Copy the updated repository locally and switch to it: + ``` + $ cp -r /media/vaults ~/ + $ cd ~/vaults + ``` +1. Stage, sign, commit and push the changes to the ceremonies repository: + ``` + $ git add /ceremonies//payloads/* + $ git commit -S -m "add payload signature for payload_.json" + $ git push origin main + ``` + +### Sealing + +1. Gather all the original items that were in the air-gapped bundle: + + * Air-gapped computer + + * AirgapOS SD card + +{{ #include ../../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}} + diff --git a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sol/transfer-token.md b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sign-and-broadcast-transaction.md similarity index 79% rename from quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sol/transfer-token.md rename to quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sign-and-broadcast-transaction.md index 6c83e65..846d94e 100644 --- a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sol/transfer-token.md +++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sign-and-broadcast-transaction.md @@ -1,16 +1,16 @@ -# Operator - SPL Token Transfer +# Sign and Broadcast Transaction ## Requirements -{{ #include ../../../../operator-requirements.md:requirements }} +{{ #include ../../../operator-requirements.md:requirements }} * Online machine * [High Visibility Storage](TODO): plastic container or bag that's used to keep items while not in use in a visible location like the middle of a desk. -* [Quorum PGP key pairs](../../key-types.md#quorum-pgp-keypair) +* [Quorum PGP key pairs](../key-types.md#quorum-pgp-keypair) -* [Ceremony SD card](../../ceremony-sd-card-provisioning.md) +* [Ceremony SD card](../ceremony-sd-card-provisioning.md) ## Procedure @@ -22,7 +22,7 @@ 1. Retrieve sealed Air-Gapped bundle, polaroid of tamper evidence, and online laptop from locked storage -{{ #include ../../../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}} +{{ #include ../../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}} 1. Place all contents except for the laptop into High Visibility Storage @@ -36,13 +36,9 @@ * e.g `vaults///0-na.txt` - * Set the nonce address variable: - - * `nonce_address="$(cat vaults///-na.txt)"` - 1. Set `ICEPICK_DATA_DIRECTORY`: - {{ #include ../../../../../../component-documents/finding-device-name.md:content }} + {{ #include ../../../../../component-documents/finding-device-name.md:content }} * `export ICEPICK_DATA_DIRECTORY=/media/external/` @@ -50,7 +46,11 @@ * `export ICEPICK_CONFIG_FILE=/icepick.toml` -1. Run the command: `icepick workflow sol broadcast --nonce-address=$nonce_address` +1. Run the command: `icepick workflow broadcast` + + * For `` add `--nonce-address=$nonce-address` if using durable transactions + * Set the nonce address variable: + * `nonce_address="$(cat vaults///-na.txt)"` * Await completion message before removing Ceremony SD card @@ -66,7 +66,7 @@ 1. Retrieve Ceremony SD card from High Visibility Storage and plug it into the air-gapped machine -1. {{ #include ../../../../../../component-documents/finding-device-name.md:content }} +1. {{ #include ../../../../../component-documents/finding-device-name.md:content }} 1. Start Keyfork using the relevant Shardfile: @@ -122,4 +122,5 @@ * AirgapOS SD card -{{ #include ../../../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}} +{{ #include ../../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}} + diff --git a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sol/generate-address.md b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sol/generate-address.md deleted file mode 100644 index 5a3dafe..0000000 --- a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sol/generate-address.md +++ /dev/null @@ -1,174 +0,0 @@ -# SOL - Generate Address - -## Requirements - -{{ #include ../../../../operator-requirements.md:requirements }} - -{{ #include ../../../../../../component-documents/linux-workstation.md:content }} - -* [High Visibility Storage](TODO): plastic container or bag that's used to keep items while not in use in a visible location like the middle of a desk. - -* [Quorum PGP key pairs](../../key-types.md#quorum-pgp-keypair) - -* [Ceremony SD card](../../ceremony-sd-card-provisioning.md) - -## Procedure - -1. Enter the designated location with the quorum of operators and all required equipment - -1. Lock access to the location - there should be no inflow or outflow of people during the ceremony - -1. Place Ceremony SD card in High Visibility Storage - -1. Retrieve sealed Air-Gapped bundle, polaroid of tamper evidence, and online laptop from locked storage - -{{ #include ../../../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}} - -1. Place all contents except for the laptop into High Visibility Storage - -### Offline Machine: Generate Address - -1. Retrieve AirgapOS SD card and plug it into the air-gapped machine - -1. Turn on air-gapped machine - -1. Unplug the AirgapOS SD card and place it in High Visibility Storage - -1. Retrieve Ceremony SD card from High Visibility Storage and plug it into the air-gapped machine - -1. Copy the `vaults` repository to the machine and switch to it - ``` - $ cp -r /media/vaults /root/ - $ cd /root/vaults - ``` - -1. Start Keyfork using the relevant Shardfile: - - 1. `keyfork recover shard --daemon /shardfile.asc` - - 1. Follow on screen prompts - -1. If the desired `` directory doesn't exist for the namespace, create it: - - * `mkdir -p /` - - * e.g `mkdir -p vault_1/sol/` - -1. Connect to the appropriate coin directory: - - * `cd //` - -1. Check what the latest address account is: - - * `ls -la .` - -1. Find what the latest number for the address is, and add 1 to it. This will be the new address account. - - * For example if the latest address file is 42, the new account_id would be 43. The addresses should start at `0` - - * Set an environment variable with the new account_id: - - * `account_id=`, e.g `account_id=43` - -1. Generate a new address: - - * `icepick workflow sol generate-address --account $account_id | jq -r .pubkey > $account_id.txt` - * [38 removes need to use jq](https://git.distrust.co/public/icepick/issues/38) - -1. Sign the file using: - - * Import OpenPGP keys: - - * `gpg --import /media//vaults/keys/all/*.asc` - - * `gpg --detach-sign $account_id.txt` - -1. You may repeat the previous steps, starting at the step where the `account_id` is set. - -1. Once finished, copy the updated repository back to the Ceremony SD card: - - * `cp -rf /root/vaults /media/` - -1. Shut down the air gapped machine - -1. Unplug the Ceremony SD card and place it into High Visibility Storage - -### Online Machine: Generate Nonce Account - -1. Turn on online machine - -1. Make sure `jq` is installed: - - * `sudo apt install jq` - -1. Retrieve the Ceremony SD card from High Visibility Storage and plug it into the computer - -1. {{ #include ../../../../../../component-documents/finding-device-name.md:content }} - -1. Copy the `vaults` repository from the Ceremony SD card: - - * `cp -r /media/vaults ~/` - - * If the `~/vaults/` repository already exists, ensure it doesn't have any changes that haven't been committed, then remove it using `sudo rm -rf ~/vaults` before re-running the previous step - -1. Ensure `keyfork` is available on the system: - - * Follow steps from [installation guide](https://git.distrust.co/public/keyfork#install) - -1. Ensure `icepick` is available on system - - * Follow steps from [installation guide](TODO) - -1. Set unsafe `keyfork` usage variable: - - * `export SHOOT_SELF_IN_FOOT=1` - -1. Generate throwaway mnemonic to generate address which will be used for funding the creation of nonce account: - - * `keyfork mnemonic generate | KEYFORK_PROMPT_TYPE=headless keyfork recover mnemonic --daemon` - -1. Change directory into the desired \/\ directory: - - * `cd ~/vaults//` - -1. Select which account you are creating the delegate address by viewing the appropriate \/\/ directory: - - * `ls -la .` - -1. Once you have selected the appropriate account, set the account_id variable: - - * `account_id=` - -1. Use `icepick` to generate nonce account: - - * The following command will need to be updated to use the appropriate \, which can be `devnet`, `testnet` or `mainnet-beta` - - * Set `icepick` config file: - - * `export ICEPICK_CONFIG_FILE=/icepick.toml` - - * `icepick workflow sol generate-nonce-account --authorization-address "$(cat $account_id.txt)" | jq -r .nonce_account > $account_id-na.txt` - * [38 removes he need to use jq and cat](https://git.distrust.co/public/icepick/issues/38) - - * Repeat command if returned message is "The transaction was possibly not received by the cluster." - -1. Airdrop the wallet displayed on-screen with 0.01 SOL - - * Once the airdrop is done, nonce account will be created - -1. Stage, commit, sign and push the changes: - ``` - $ git add . - $ git commit -m -S "" - $ git push origin HEAD - ``` -### Sealing - -1. Gather all the original items that were in the air-gapped bundle: - - * Air-gapped computer - - * AirgapOS SD card - -{{ #include ../../../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}} - diff --git a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sol/generate-nonce-account.md b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sol/generate-nonce-account.md new file mode 100644 index 0000000..2e17516 --- /dev/null +++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sol/generate-nonce-account.md @@ -0,0 +1,90 @@ +# Generate Nonce Account + +## Requirements + +{{ #include ../../../../operator-requirements.md:requirements }} + +{{ #include ../../../../../../component-documents/linux-workstation.md:content }} + +* [High Visibility Storage](TODO): plastic container or bag that's used to keep items while not in use in a visible location like the middle of a desk. + +* [Quorum PGP key pairs](../../key-types.md#quorum-pgp-keypair) + +* [Ceremony SD card](../../ceremony-sd-card-provisioning.md) + +## Procedure + +1. Turn on online machine + +1. Make sure `jq` is installed: + + * `sudo apt install jq` + +1. Clone the `vaults` repository if it's not available locally and get the latest changes: + ``` + $ cd ~ + $ git clone + $ git pull origin main + ``` + +1. Ensure `keyfork` is available on the system: + + * Follow steps from [installation guide](https://git.distrust.co/public/keyfork#install) + +1. Ensure `icepick` is available on system + + * Follow steps from [installation guide](TODO) + +1. Set unsafe `keyfork` usage variable: + + * `export SHOOT_SELF_IN_FOOT=1` + +1. Generate throwaway mnemonic to generate address which will be used for funding the creation of nonce account: + + * `keyfork mnemonic generate | KEYFORK_PROMPT_TYPE=headless keyfork recover mnemonic --daemon` + +1. Change directory into the desired \/\ directory: + + * `cd ~/vaults//` + +1. Select which account you are creating the delegate address by viewing the appropriate \/\/ directory: + + * `ls -la .` + +1. Once you have selected the appropriate account, set the account_id variable: + + * `account_id=` + +1. Use `icepick` to generate nonce account: + + * The following command will need to be updated to use the appropriate \, which can be `devnet`, `testnet` or `mainnet-beta` + + * Set `icepick` config file: + + * `export ICEPICK_CONFIG_FILE=/icepick.toml` + + * `icepick workflow sol generate-nonce-account --authorization-address "$(cat $account_id.txt)" | jq -r .nonce_account > $account_id-na.txt` + * [38 removes he need to use jq and cat](https://git.distrust.co/public/icepick/issues/38) + + * Repeat command if returned message is "The transaction was possibly not received by the cluster." + +1. Airdrop the wallet displayed on-screen with 0.01 SOL + + * Once the airdrop is done, nonce account will be created + +1. Stage, commit, sign and push the changes: + ``` + $ git add . + $ git commit -m -S "" + $ git push origin HEAD + ``` +### Sealing + +1. Gather all the original items that were in the air-gapped bundle: + + * Air-gapped computer + + * AirgapOS SD card + +{{ #include ../../../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}} + diff --git a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sol/sign-transaction.md b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sol/sign-transaction.md new file mode 100644 index 0000000..a81d7c1 --- /dev/null +++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sol/sign-transaction.md @@ -0,0 +1 @@ +# Sign Transaction