public
/
docs
5
0
Fork 0
Code Issues 8 Pull Requests 1 Packages Projects Releases Wiki Activity

add doc for decrypting namespace secret

This commit is contained in:
Anton Livaja 2025-01-29 08:30:46 -05:00
parent bd3cc8c118
commit 9617d6dd9d
Signed by: anton
GPG Key ID: 44A86CFF1FDF0E85
2 changed files with 54 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
quorum-vault-system/src/SUMMARY.md
View File

@ -31,3 +31,4 @@
* [Namespace Entropy Ceremony](generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md)
* [Ceremony SD Card Provisioning](generated-documents/level-2/fixed-location/operator/ceremony-sd-card-provisioning.md)
* [SOL - Transfer Token](generated-documents/level-2/fixed-location/operator/coins/sol/transfer-token.md)
* [Decrypt Namespace Secret](generated-documents/level-2/fixed-location/operator/decrypt-namespace-secret.md)

53
quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/decrypt-namespace-secret.md Normal file
View File

@ -0,0 +1,53 @@
# Decrypt Namespace Secret
## Requirements
{{ #include ../../operator-requirements.md:requirements }}
* [Ceremony SD Card](../operator/ceremony-sd-card-provisioning.md)
* [High Visibility Storage](TODO): plastic container or bag that's used to keep items while not in use in a visible location like the middle of a desk.
## Procedure
1. Enter the designated location with required personnel and equipment
1. Lock access to the location - there should be no inflow or outflow of people during the ceremony
1. Retrieve Air-Gapped Bundle and polaroid tamper evidence from locked storage
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}
1. Place all materials except for the laptop into High Visibility Storage
1. Retrieve AirgapOS SD card from High Visibility Storage and plug it into air-gapped laptop
1. Turn on the machine
1. Once booted, remove the AirgapOS SD card and place it into High Visibility Storage
1. Retrieve Ceremony SD Card from High Visibility Storage and plug it into the machine
1. Copy the Ceremony SD Card contents to machine
* Find device name using `lsblk`
* Copy the contents of the card to machine:
* `cp -r /media/<device_name>/* ~`
1. Start `keyfork` using the relevant Shardfile:
* `keyfork recover shard --daemon /media/<media_name>/path/to/shardfile.asc`
* Follow on screen prompts
1. Derive the OpenPGP root certificate:
* TODO
1. Decrypt the secret material:
* `gpg --decrypt <path_to_encrypted_file>`
1. Proceed to transfer the secret to desired location such as hardware wallet, power washed chromebook (via SD card) etc.