From 9617d6dd9d2f6e7f073755f61248375916f82a3b Mon Sep 17 00:00:00 2001 From: Anton Livaja Date: Wed, 29 Jan 2025 08:30:46 -0500 Subject: [PATCH] add doc for decrypting namespace secret --- quorum-vault-system/src/SUMMARY.md | 1 + .../operator/decrypt-namespace-secret.md | 53 +++++++++++++++++++ 2 files changed, 54 insertions(+) create mode 100644 quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/decrypt-namespace-secret.md diff --git a/quorum-vault-system/src/SUMMARY.md b/quorum-vault-system/src/SUMMARY.md index 190640f..0ad5da0 100644 --- a/quorum-vault-system/src/SUMMARY.md +++ b/quorum-vault-system/src/SUMMARY.md @@ -31,3 +31,4 @@ * [Namespace Entropy Ceremony](generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md) * [Ceremony SD Card Provisioning](generated-documents/level-2/fixed-location/operator/ceremony-sd-card-provisioning.md) * [SOL - Transfer Token](generated-documents/level-2/fixed-location/operator/coins/sol/transfer-token.md) + * [Decrypt Namespace Secret](generated-documents/level-2/fixed-location/operator/decrypt-namespace-secret.md) diff --git a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/decrypt-namespace-secret.md b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/decrypt-namespace-secret.md new file mode 100644 index 0000000..299b31e --- /dev/null +++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/decrypt-namespace-secret.md @@ -0,0 +1,53 @@ +# Decrypt Namespace Secret + +## Requirements + +{{ #include ../../operator-requirements.md:requirements }} + +* [Ceremony SD Card](../operator/ceremony-sd-card-provisioning.md) + +* [High Visibility Storage](TODO): plastic container or bag that's used to keep items while not in use in a visible location like the middle of a desk. + +## Procedure + +1. Enter the designated location with required personnel and equipment + +1. Lock access to the location - there should be no inflow or outflow of people during the ceremony + +1. Retrieve Air-Gapped Bundle and polaroid tamper evidence from locked storage + +{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}} + +1. Place all materials except for the laptop into High Visibility Storage + +1. Retrieve AirgapOS SD card from High Visibility Storage and plug it into air-gapped laptop + +1. Turn on the machine + +1. Once booted, remove the AirgapOS SD card and place it into High Visibility Storage + +1. Retrieve Ceremony SD Card from High Visibility Storage and plug it into the machine + +1. Copy the Ceremony SD Card contents to machine + + * Find device name using `lsblk` + + * Copy the contents of the card to machine: + + * `cp -r /media//* ~` + +1. Start `keyfork` using the relevant Shardfile: + + * `keyfork recover shard --daemon /media//path/to/shardfile.asc` + + * Follow on screen prompts + +1. Derive the OpenPGP root certificate: + + * TODO + +1. Decrypt the secret material: + + * `gpg --decrypt ` + +1. Proceed to transfer the secret to desired location such as hardware wallet, power washed chromebook (via SD card) etc. \ No newline at end of file