From 997316f6b7e55ba107aca84e6dd6e996bf45c0e9 Mon Sep 17 00:00:00 2001
From: Anton Livaja <anton@livaja.me>
Date: Sun, 26 Jan 2025 06:28:18 -0500
Subject: [PATCH] clean up main ceremony commands

---
 quorum-key-management/src/SUMMARY.md          |  2 -
 .../operator/ceremony-template.md             | 56 -----------------
 .../coins/pyth-spl/sign-transaction.md        |  4 ++
 .../operator/namespace-entropy-ceremony.md    | 12 ++--
 .../operator/quorum-entropy-ceremony.md       | 16 +++--
 .../provision-namespace-ceremony-sd-card.md   | 62 -------------------
 .../provision-quorum-ceremony-sd-card.md      | 33 ----------
 7 files changed, 21 insertions(+), 164 deletions(-)
 delete mode 100644 quorum-key-management/src/generated-documents/level-2/fixed-location/operator/ceremony-template.md
 delete mode 100644 quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-namespace-ceremony-sd-card.md
 delete mode 100644 quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-quorum-ceremony-sd-card.md

diff --git a/quorum-key-management/src/SUMMARY.md b/quorum-key-management/src/SUMMARY.md
index c31b087..4f51de3 100644
--- a/quorum-key-management/src/SUMMARY.md
+++ b/quorum-key-management/src/SUMMARY.md
@@ -21,8 +21,6 @@
                 * [Provision Computer](generated-documents/level-2/fixed-location/provisioner/provision-computer.md)
                 * [Provision SD Card](generated-documents/level-2/fixed-location/provisioner/provision-sd-card.md)
                 * [Provision AirgapOS](generated-documents/level-2/fixed-location/provisioner/provision-airgapos.md)
-                * [Provision Namespace Ceremony SD Card](generated-documents/level-2/fixed-location/provisioner/provision-namespace-ceremony-sd-card.md)
-                * [Provision Quorum Ceremony SD Card](generated-documents/level-2/fixed-location/provisioner/provision-quorum-ceremony-sd-card.md)
                 * [Provision Ceremony SD Card](generated-documents/level-2/fixed-location/provisioner/provision-ceremony-sd-card.md)
                 * [Copy Shardfile SD Card](generated-documents/level-2/fixed-location/provisioner/copy-shardfile-sd-card.md)
                 * [Provision Air-Gapped Bundle](generated-documents/level-2/fixed-location/provisioner/air-gapped-bundle.md)
diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/ceremony-template.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/ceremony-template.md
deleted file mode 100644
index 1caac73..0000000
--- a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/ceremony-template.md
+++ /dev/null
@@ -1,56 +0,0 @@
-/* ANCHOR: all */
-// ANCHOR: content
-
-## Procedure 
-
-1. Enter the designated location with the 2 operators and all required equipment
-
-1. Lock access to the location - there should be no inflow or outflow of people during the ceremony
-
-1. Retrieve Air-Gapped Bundle from locked storage
-
-### Unsealing Tamper Proofing
-
-{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}
-
-1. Place all materials except for the laptop into High Visibility Storage
-
-### Generating Entropy
-
-1. Retrieve AirgapOS SD card from High Visibility Storage and plug it into air-gapped laptop 
-
-1. Turn on the machine
-
-1. Once booted, remove the AirgapOS SD card and place it into High Visibility Storage
-
-1. Plug in the Ceremony SD card 
-
-1. Run `ceremony.sh` from the SD card
-
-1. Button mash to ensure adequate entropy on the OS
-
-1. Back up the `shardfile` to any desired number of SD cards, and label each "Shardfile [date]"
-
-1. Optionally write an `autorun.sh` file to the Shardfile SD card containing the following command:
-
-    * `keyfork recover shard --daemon`
-
-1. If an OpenPGP certificate was derived, store the public key on a SD card, separate from the shardfiles
-
-### Finalizing Ceremony
-
-1. Gather all the original items that were in the air-gapped bundle:
-
-    * Air-gapped computer
-
-    * AirgapOS SD card
-
-    * Shardfile SD card
-
-    * Ceremony SD card
-
-{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}}
-
-// ANCHOR_END: content
-/* ANCHOR_END: all */
-
diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/coins/pyth-spl/sign-transaction.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/coins/pyth-spl/sign-transaction.md
index 0decf89..024dda6 100644
--- a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/coins/pyth-spl/sign-transaction.md
+++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/coins/pyth-spl/sign-transaction.md
@@ -10,6 +10,10 @@
 
 {{ #include ../../../../operator-requirements.md:requirements }}
 
+* Ceremony SD card
+
+* Transaction SD card (with workflow payloads)
+
 ## Procedure
 
 1. Verify all transactions for the ceremony in the `ceremonies` repository, ensuring that all the transactions are properly signed by the proposer and the approver using PGP keys which have been checked into ceremonies repository.
diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md
index dcf539e..8c21866 100644
--- a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md
+++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md
@@ -10,7 +10,7 @@ This is a ceremony for generating and sharding entropy to a set of existing Quor
 
 * [SD Card Booster Pack](../provisioner/provision-sd-card.md)
 
-* [Namespace Ceremony SD Card](../provisioner/provision-namespace-ceremony-sd-card.md)
+* [Shardfile SD Card](../provisioner/copy-shardfile-sd-card.md)
 
 * [High Visibility Storage](TODO): plastic container or bag that's used to keep items while not in use in a visible location like the middle of a desk.
 
@@ -36,13 +36,15 @@ This is a ceremony for generating and sharding entropy to a set of existing Quor
 
 1. Once booted, remove the AirgapOS SD card and place it into High Visibility Storage
 
-1. Retrieve Namespace Ceremony SD card from High Visibility Storage and plug it into air-gapped laptop 
+1. Retrieve Shardfile SD card from High Visibility Storage and plug it into air-gapped laptop 
 
-1. Run `ceremony.sh` from the SD card
+1. Run the command to generate new entropy and shard it to quorum of public certificates of the input shardfile:
 
-1. Button mash to ensure adequate entropy on the OS
+    * `keyfork mnemonic generate --size 256 --shard-to <path_to_input_shard>,<output_shard>`
 
-1. Back up the `shardfile` to any desired number of SD cards, and label each "Shardfile [date]"
+        * NOT IMPLEMENTED YET
+
+1. Back up the `<output_shardfile>` to any desired number of SD cards, and label each "Shardfile [unique_id] [date]"
 
 1. Optionally write an `autorun.sh` file to the Shardfile SD card containing the following command:
 
diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md
index 1702c4a..a4a4bdf 100644
--- a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md
+++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md
@@ -10,7 +10,7 @@ This is a ceremony for generating entropy which is used to derive Quorum PGP key
 
 *  `N` SD cards in the chosen `M of N` quorum
 
-* [Quorum Entropy Ceremony SD Card](../provisioner/provision-quorum-ceremony-sd-card.md)
+* [Shardfile SD Card](../provisioner/copy-shardfile-sd-card.md)
 
 * [High Visibility Storage](TODO): plastic container or bag that's used to keep items while not in use in a visible location like the middle of a desk.
 
@@ -36,19 +36,23 @@ This is a ceremony for generating entropy which is used to derive Quorum PGP key
 
 1. Once booted, remove the AirgapOS SD card and place it into High Visibility Storage
 
-1. Retrieve Quorum Entropy Ceremony SD card from High Visibility Storage and plug it into air-gapped laptop 
+1. Retrieve Shardfile SD card from High Visibility Storage and plug it into air-gapped laptop 
 
-1. Run `ceremony.sh` from the SD card
+1. Run the keyfork wizard to generate entropy, derive OpenPGP certs, load them into smart cards, and shard the secret to the generated OpenPGP keys
 
-1. Button mash to ensure adequate entropy on the OS
+    * `keyfork wizard generate-shard-secret --threshold <M> --max <N> --keys-per-shard=2 --output shardfile.asc --cert-output keyring.asc`
 
-1. Unplug the Quorum Entropy Ceremony SD card and place it into High Visibility Storage
+        * NOT IMPLEMENTED YET
+
+1. Unplug the Shardfile SD card and place it into High Visibility Storage
 
 1. Open the SD Card Booster Pack, and place all cards into High Visibility Storage
 
 1. Plug in SD cards one at a time and use following steps to back up ceremony artifacts
 
-    1. Back up the `shardfile`     
+    1. Back up the `shardfile.asc`     
+
+    1. Back up the `keyring.asc`
     
     1. Optionally write an `autorun.sh` file to the Shardfile SD card containing the following command:
 
diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-namespace-ceremony-sd-card.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-namespace-ceremony-sd-card.md
deleted file mode 100644
index a2ecf81..0000000
--- a/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-namespace-ceremony-sd-card.md
+++ /dev/null
@@ -1,62 +0,0 @@
-# Provision Namespace Ceremony SD Card
-
-## Requirements
-
-* Personal PGP Keys
-
-* SD Card Booster Pack
-
-## Procedure
-
-1. Plug in a fresh formatted SD card into the computer
-
-1. Create a directory called `public_certificates` on the SD card
-
-1. Copy the desired OpenPGP public certificates you wish to shard to during the ceremony into the `public_certificates` directory on the SD card. The number of public certificates in this directory corresponds to the `N` value in a `M of N` quorum.
-
-1. Write the following script to a file called `ceremony.sh`
-
-    * `<threshold_value>` should be replaced with the desired `M` value in a `M of N` quorum
-
-    * If you would like to generate an OpenPGP public certificate, add `--output-cert /media/cert` and `--user-id <name>` to the command
-
-    ```sh
-    #!/bin/sh
-
-    script_dir="$(dirname "$(realpath "$0")")"
-
-    read -p "Provide the path to PGP certificates which will be used for the ceremony: " relative_path
-
-    directory_path="$script_dir/$relative_path"
-
-    if [ ! -d "$directory_path" ]; then
-        echo "Directory does not exist. Please enter a valid directory path."
-        exit 1
-    fi
-
-    for file in "$directory_path"/*; do
-    if [ -f "$file" ]; then
-        echo "Processing file: $file"
-        gpg --import --import-options import-show $file
-    fi
-    done
-
-    read -p "Do the PGP key IDs match what you expect? (y/n): " matches_expectation
-
-    if [ $matches_expectation != "y" ]; then
-        echo "Ceasing ceremony as PGP key IDs don't match"
-        exit 1
-    fi
-
-    keyfork bottoms-up --threshold <threshold_value> --output-shardfile /media/shardfile /media/public-certificates/
-    ```
-
-1. Write the `ceremony.sh` script to the SD card
-
-1. Burn the SD card contents to the SD card using `sdtool`
-
-{{ #include ../../../../sdtool-instructions.md:steps }}
-
-1. Label the SD card "Namespace Ceremony [date]"
-
-{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing }}
\ No newline at end of file
diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-quorum-ceremony-sd-card.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-quorum-ceremony-sd-card.md
deleted file mode 100644
index 57f9f2a..0000000
--- a/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-quorum-ceremony-sd-card.md
+++ /dev/null
@@ -1,33 +0,0 @@
-# Provision Quorum Ceremony SD Card
-
-## Requirements
-
-* Personal PGP Keys
-
-* SD Card Booster Pack
-
-## Procedure
-
-1. Plug in a fresh formatted SD card into the computer
-
-1. Write the following script to a file called `ceremony.sh`
-
-    * `<threshold_value>` should be replaced with the desired `M` value in a `M of N` quorum
-
-    * If you would like to generate an OpenPGP public certificate, add `--output-cert /media/cert` and `--user-id <name>` to the command
-
-    ```sh
-    #!/bin/sh
-
-    TODO: add keyfork command
-    ```
-
-1. Write the `ceremony.sh` script to the SD card
-
-1. Burn the SD card contents to the SD card using `sdtool`
-
-{{ #include ../../../../sdtool-instructions.md:steps }}
-
-1. Label the SD card "Quorum Ceremony [date]"
-
-{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing }}
\ No newline at end of file