From 8ce53c2b7b6a954d4ea983ba66cc0a2a6678d680 Mon Sep 17 00:00:00 2001 From: Anton Livaja Date: Sat, 3 Aug 2024 18:59:25 -0400 Subject: [PATCH] fix links --- quorum-key-management-system/src/SUMMARY.md | 2 +- quorum-key-management-system/src/glossary.md | 2 +- .../src/hardware-procurement.md | 86 ------------------- ...g-hardware-and-firmware.md => hardware.md} | 4 +- .../src/local-key-provisioning.md | 10 +-- .../src/location-key-provisioning.md | 2 +- .../src/operator-key-provisioning.md | 8 +- .../src/physical-artifact-storage.md | 2 +- 8 files changed, 15 insertions(+), 101 deletions(-) delete mode 100644 quorum-key-management-system/src/hardware-procurement.md rename quorum-key-management-system/src/{provisioning-hardware-and-firmware.md => hardware.md} (97%) diff --git a/quorum-key-management-system/src/SUMMARY.md b/quorum-key-management-system/src/SUMMARY.md index f6a9d0c..077a3cb 100644 --- a/quorum-key-management-system/src/SUMMARY.md +++ b/quorum-key-management-system/src/SUMMARY.md @@ -3,7 +3,7 @@ * [Threat Model](threat-model.md) * [Selecting a Quorum](selecting-quorum.md) * [Software](software.md) - * [Hardware](provisioning-hardware-and-firmware.md) + * [Hardware](hardware.md) * [Glossary](glossary.md) * [Preparations]() diff --git a/quorum-key-management-system/src/glossary.md b/quorum-key-management-system/src/glossary.md index bdf452f..5e1f70d 100644 --- a/quorum-key-management-system/src/glossary.md +++ b/quorum-key-management-system/src/glossary.md @@ -75,7 +75,7 @@ carefully planned, and executed accordingly. ## Location Key Is a asymmetric key pair which is used for encrypting shards which are used to -re-assemble the Root Entropy. Location Keys are stored in [Locations](location.md) +re-assemble the Root Entropy. Location Keys are stored in [Locations](locations.md) which adhere to a strict set of criteria to maximize their security. The location smart card passphrase is encrypted to a Operator Key in order to secure access to it. diff --git a/quorum-key-management-system/src/hardware-procurement.md b/quorum-key-management-system/src/hardware-procurement.md deleted file mode 100644 index 7b42520..0000000 --- a/quorum-key-management-system/src/hardware-procurement.md +++ /dev/null @@ -1,86 +0,0 @@ -# Equipment - -This page describes different equipment which is required, and makes opinionated -recommendations as well as alternatives. One may improve the overall security -of their system by using a variety of hardware in order to benefit from their -diversity, by reducing the likelihood that all hardware has suffered the same -kind of hardware supply chain compromise, has the same vulnerability present, or -has the same type of hardware failure issue. - -Based on the decided upon [Quorum](selecting-quorum.md), the amount of equipment -required to set up a [QKMS](glossary.md#quorum-key-management-system-qkms) will -vary. In order to figure out what equipment is required, decide on a Quorum, -which is expressed as "N of M". Once you know your M, the required equipment list -is the following: - -* M x 4 Smart Cards - - * It is recommended to use two Smart Cards for storing each key pair - - * Ideally two different types of hardware are used in order to reduce the - risk of simultaneous failure - - * At least 1 Smart Card is required for each Operator Key and 1 Smart Card - for each Location Key - - * The number of Operator Keys is M, and the number of Location Keys is also - M, hence the minimum of 2 x M Smart Cards, with the recommendation of using - two smart cards for each, resulting in 4 x M Smart Cards - -* 2 + X Storage Devices - - * 1 Storage Device for [AirgapOS](repeat-use-airgapos.md) - - * 1 Storage Device for storing [Public Ceremony Artifacts](public-ceremony-artifact-storage) - - * X, or *any* number of additional Storage Devices to duplicate the data, a - good measure would be to have at least 3 Storage Devices for the ceremony - -* Librem 14 Laptop - - * Get as many laptops as desired to satisfy your operational needs - - * For each Librem 14, get a Librem Smart Card used for [PureBoot](initialize-pureboot-smart-card.md) - -## Smart Cards -Smart Cards are primarily used for storing OpenPGP cryptographic keys which are -used as a building block for security controls. These smart cards hold OpenPGP -keys which are derived in secure environments. FIPS 140-2 is required but the -end user may choose their manufacturer. - -* NitroKey 3 - because of its open source approach which helps improve the -overall security of the products -* YubiKey 5 - because of the widespread use and battle-tested reliability -* Librem Key - because of the manufacturer's approach to hardware supply chain -security and verifiable software - -## Air-Gapped Computer -[Air-Gapped](glossary.md#Air-Gapped) computers are used for the lifecycle management -of cryptographic material that is part of the QKMS. - -The primary hardware recommendation for a Air-Gapped Cmputer is the [Librem 14](https://puri.sm/products/librem-14/), manufactured by [Purism](puri.sm). Purism specializes in reducing hardware and -firmware security risks, especially via their [Anti-Interdiction Service](https://puri.sm/posts/anti-interdiction-services/) and [PureBoot](https://docs.puri.sm/PureBoot.html) -and as such is an excellent choice for hardware which high integrity assurance is -required for. - -#### Alternative - -An alternative approach is to use an off-the-shelf computer that is randomly -selected right before the ceremony, removing the radio cards from it, using it -to conduct a Ceremony, and then destroying the laptop using sufficiently -adequate method to ensure that no data forensics can be used to recover the data -from the drive, or memory. This can be achieved by using a combination of -incineration, degaussing, shredding and drilling. Special care should be taken -to completely destroy all components of the computer that are able to store data, -even if it's only in ephemeral form as some forensic methods all extraction of -data from components with "temporary memory". - -Three letter agencies are known to collect and exploit physical destroyed drives, -as data can still be extracted from them using methods such as electron -microscopy, therefore a combination of degaussing, shredding and burning should -be used, and the remaining debris should be spread out across multiple disposal -locations. - -## Storage Device -Can be an SD Card or USB Drive but should be procured from a vendor with -a good reputation, and ideally hardware of industrial grade should be prioritized. diff --git a/quorum-key-management-system/src/provisioning-hardware-and-firmware.md b/quorum-key-management-system/src/hardware.md similarity index 97% rename from quorum-key-management-system/src/provisioning-hardware-and-firmware.md rename to quorum-key-management-system/src/hardware.md index 10b8702..8fbaa7d 100644 --- a/quorum-key-management-system/src/provisioning-hardware-and-firmware.md +++ b/quorum-key-management-system/src/hardware.md @@ -1,4 +1,4 @@ -# Provisioning Hardware and Firmware +# Hardware This page describes different equipment which is required, and makes opinionated recommendations as well as alternatives. One may improve the overall security @@ -31,7 +31,7 @@ is the following: * 1 Storage Device for [AirgapOS](repeat-use-airgapos.md) - * 1 Storage Device for storing [Public Ceremony Artifacts](public-ceremony-artifact-storage) + * 1 Storage Device for storing [Public Ceremony Artifacts](public-ceremony-artifact-storage.md) * X, or *any* number of additional Storage Devices to duplicate the data, a good measure would be to have at least 3 Storage Devices for the ceremony diff --git a/quorum-key-management-system/src/local-key-provisioning.md b/quorum-key-management-system/src/local-key-provisioning.md index d45ee59..911f6ae 100644 --- a/quorum-key-management-system/src/local-key-provisioning.md +++ b/quorum-key-management-system/src/local-key-provisioning.md @@ -3,23 +3,23 @@ This document contains instructions on how Operators collaborate to set up QKMS which requires an N-of-M quorum to be reconstituted. The encrypted shards which result from this ceremony are stored in separate physical -[Locations](location.md) which contain [Location Keys](glossary.md#location-key) +[Locations](locations.md) which contain [Location Keys](glossary.md#location-key) to which shards are encrypted, and whose passphrases are protected using [Operator Keys](glossary#operator-key). ### Requirements -* [Smart Card](hardware-procurement.md#smart-cards): whatever number of smart +* [Smart Card](hardware.md#smart-cards): whatever number of smart cards you would like to have seeded for each Operator, usually 2 per Operator is recommended - one NitroKey 3 and 1 YubiKey Series 5. -* [Storage Devices](hardware-procurement.md#storage-device): as many storage +* [Storage Devices](hardware.md#storage-device): as many storage devices as you would like for backing up [Public Ceremony Artifacts](public-ceremony-artifact-storage.md) * Storage Device loaded with * [airgap.iso](repeat-use-airgapos.md) - * [airgap.iso.asc](airgap-setup.md) + * [airgap.iso.asc](repeat-use-airgapos.md) * [autorun.sh](autorun-sh-setup.md) * All participants need Ceremony Notes which contain a record of which they @@ -30,7 +30,7 @@ verified and wrote down themselves: ### Steps 1. Bring the Ceremony Machine and [Quorum Team](quorum-team.md) into the -established [Location](location.md) +established [Location](locations.md) 2. Ensure that no participants have brought digital devices other than ones necessary for the ceremony. A faraday bag may be used to hold any such devices diff --git a/quorum-key-management-system/src/location-key-provisioning.md b/quorum-key-management-system/src/location-key-provisioning.md index 0b44cfd..0731fe8 100644 --- a/quorum-key-management-system/src/location-key-provisioning.md +++ b/quorum-key-management-system/src/location-key-provisioning.md @@ -18,7 +18,7 @@ would like for backing up [Public Ceremony Artifacts](public-ceremony-artifact-s ## Steps 1. Bring the Ceremony Machine and [Quorum Team](quorum-team.md) into the -established [Location](location.md) +established [Location](locations.md) 2. Boot your Ceremony Machine using [Secure Boot Sequence](secure-boot-sequence.md) or the [One Time Use Airgap-OS](one-time-use-airgapos.md) diff --git a/quorum-key-management-system/src/operator-key-provisioning.md b/quorum-key-management-system/src/operator-key-provisioning.md index f6e8ed9..bacc63c 100644 --- a/quorum-key-management-system/src/operator-key-provisioning.md +++ b/quorum-key-management-system/src/operator-key-provisioning.md @@ -12,7 +12,7 @@ the ceremony is a set of the following for each Operator: for each Operator, usually 2 per Operator is recommended - one NitroKey 3 and 1 YubiKey Series 5. -* [Storage Devices](equipment.md#storage-device): as many storage devices as you +* [Storage Devices](hardware.md#storage-device): as many storage devices as you would like for backing up [Public Ceremony Artifacts](public-ceremony-artifact-storage.md) ## Playbook @@ -21,8 +21,8 @@ would like for backing up [Public Ceremony Artifacts](public-ceremony-artifact-s This playbook allows the setup of any number of Operator Keys. For each Operator, the steps that follow need to be repeated. -1. Bring the Ceremony Machine and [Quorum Team](quorum-team.md) into the -established [Location](location.md) +1. Bring the Ceremony Machine and [Quorum](selecting-quorum.md) team into the +established [Location](locations.md) 2. Boot your Ceremony Machine using [Secure Boot Sequence](secure-boot-sequence.md) @@ -38,7 +38,7 @@ from Step 3 as desired. 7. Follow the [Physical Artifact Storage](physical-artifact-storage.md) guide for storage of the Operator Smart Cards and Location Smart Cards -8. Follow the [Public Ceremony Artifacts Storage](public-ceremony-artifact-storage.md) +8. Follow the [Online Artifacts Storage](public-ceremony-artifact-storage.md) guide for all public artifacts produced during the ceremony diff --git a/quorum-key-management-system/src/physical-artifact-storage.md b/quorum-key-management-system/src/physical-artifact-storage.md index db74742..5168886 100644 --- a/quorum-key-management-system/src/physical-artifact-storage.md +++ b/quorum-key-management-system/src/physical-artifact-storage.md @@ -21,7 +21,7 @@ private vaulting provider. ## Location Smart Cards These cards should only be stored in secure vaults which meet the criteria -outliened for Storage Locations in the [Location](location.md) document. +outliened for Storage Locations in the [Location](locations.md) document. ## Additional Criteria