From a81363443270988b5304052a5c4d6f7560c2e91e Mon Sep 17 00:00:00 2001 From: Anton Livaja Date: Sat, 3 Aug 2024 19:02:38 -0400 Subject: [PATCH] fix: rename to Quorum Key Management (QKM) --- .../.gitignore | 0 .../README.md | 4 ++-- .../book.toml | 2 +- .../src/SUMMARY.md | 0 .../src/autorun-sh-setup.md | 0 .../src/ceremony-log-template.md | 0 .../src/core-key-ceremonies.md | 0 .../src/enable-pure-boot-restricted-boot.md | 0 .../src/flash-pureboot-firmware.md | 0 .../src/flashing-iso.md | 0 .../src/glossary.md | 6 +++--- .../src/hardware-destruction.md | 0 .../src/hardware.md | 4 ++-- .../src/hybrid-key-provisioning.md | 2 +- .../src/img/download-airgap-os.png | Bin .../src/initialize-pureboot-smart-card.md | 0 .../src/intro.md | 8 ++++---- .../src/local-key-provisioning.md | 2 +- .../src/location-key-provisioning.md | 2 +- .../src/locations.md | 0 .../src/one-time-repository-setup.md | 0 .../src/one-time-use-airgapos.md | 0 .../src/one-time-use-hardware-procurement.md | 0 .../src/one-time-use-locations.md | 0 .../src/operator-key-provisioning.md | 0 .../src/physical-artifact-storage.md | 2 +- .../src/public-ceremony-artifact-storage.md | 2 +- .../src/quorum-team.md | 4 ++-- .../src/remote-key-provisioning.md | 0 .../src/repeat-use-airgapos.md | 0 .../src/secure-boot-sequence.md | 0 .../src/selecting-quorum.md | 0 .../src/setting-smart-card-pins.md | 0 .../src/software.md | 4 ++-- .../src/storage-device-management.md | 0 .../src/threat-model.md | 6 +++--- 36 files changed, 24 insertions(+), 24 deletions(-) rename {quorum-key-management-system => quorum-key-management}/.gitignore (100%) rename {quorum-key-management-system => quorum-key-management}/README.md (70%) rename {quorum-key-management-system => quorum-key-management}/book.toml (71%) rename {quorum-key-management-system => quorum-key-management}/src/SUMMARY.md (100%) rename {quorum-key-management-system => quorum-key-management}/src/autorun-sh-setup.md (100%) rename {quorum-key-management-system => quorum-key-management}/src/ceremony-log-template.md (100%) rename {quorum-key-management-system => quorum-key-management}/src/core-key-ceremonies.md (100%) rename {quorum-key-management-system => quorum-key-management}/src/enable-pure-boot-restricted-boot.md (100%) rename {quorum-key-management-system => quorum-key-management}/src/flash-pureboot-firmware.md (100%) rename {quorum-key-management-system => quorum-key-management}/src/flashing-iso.md (100%) rename {quorum-key-management-system => quorum-key-management}/src/glossary.md (96%) rename {quorum-key-management-system => quorum-key-management}/src/hardware-destruction.md (100%) rename {quorum-key-management-system => quorum-key-management}/src/hardware.md (96%) rename {quorum-key-management-system => quorum-key-management}/src/hybrid-key-provisioning.md (97%) rename {quorum-key-management-system => quorum-key-management}/src/img/download-airgap-os.png (100%) rename {quorum-key-management-system => quorum-key-management}/src/initialize-pureboot-smart-card.md (100%) rename {quorum-key-management-system => quorum-key-management}/src/intro.md (89%) rename {quorum-key-management-system => quorum-key-management}/src/local-key-provisioning.md (96%) rename {quorum-key-management-system => quorum-key-management}/src/location-key-provisioning.md (96%) rename {quorum-key-management-system => quorum-key-management}/src/locations.md (100%) rename {quorum-key-management-system => quorum-key-management}/src/one-time-repository-setup.md (100%) rename {quorum-key-management-system => quorum-key-management}/src/one-time-use-airgapos.md (100%) rename {quorum-key-management-system => quorum-key-management}/src/one-time-use-hardware-procurement.md (100%) rename {quorum-key-management-system => quorum-key-management}/src/one-time-use-locations.md (100%) rename {quorum-key-management-system => quorum-key-management}/src/operator-key-provisioning.md (100%) rename {quorum-key-management-system => quorum-key-management}/src/physical-artifact-storage.md (94%) rename {quorum-key-management-system => quorum-key-management}/src/public-ceremony-artifact-storage.md (95%) rename {quorum-key-management-system => quorum-key-management}/src/quorum-team.md (89%) rename {quorum-key-management-system => quorum-key-management}/src/remote-key-provisioning.md (100%) rename {quorum-key-management-system => quorum-key-management}/src/repeat-use-airgapos.md (100%) rename {quorum-key-management-system => quorum-key-management}/src/secure-boot-sequence.md (100%) rename {quorum-key-management-system => quorum-key-management}/src/selecting-quorum.md (100%) rename {quorum-key-management-system => quorum-key-management}/src/setting-smart-card-pins.md (100%) rename {quorum-key-management-system => quorum-key-management}/src/software.md (92%) rename {quorum-key-management-system => quorum-key-management}/src/storage-device-management.md (100%) rename {quorum-key-management-system => quorum-key-management}/src/threat-model.md (94%) diff --git a/quorum-key-management-system/.gitignore b/quorum-key-management/.gitignore similarity index 100% rename from quorum-key-management-system/.gitignore rename to quorum-key-management/.gitignore diff --git a/quorum-key-management-system/README.md b/quorum-key-management/README.md similarity index 70% rename from quorum-key-management-system/README.md rename to quorum-key-management/README.md index abb2b05..700b397 100644 --- a/quorum-key-management-system/README.md +++ b/quorum-key-management/README.md @@ -1,6 +1,6 @@ -# Quorum Key Management System (QKMS) +# Quorum Key Management (QKM) -Quorum Key Management System (QKMS) is an open source system of playbooks and tooling which +Quorum Key Management (QKM) is an open source system of playbooks and tooling which facilitates the creation and maintenance of highly resilient Quorum-based Key Management Systems based on a strict threat model which can be used for a variety of different cryptographic algorithms. diff --git a/quorum-key-management-system/book.toml b/quorum-key-management/book.toml similarity index 71% rename from quorum-key-management-system/book.toml rename to quorum-key-management/book.toml index 35d8a9e..118e4ea 100644 --- a/quorum-key-management-system/book.toml +++ b/quorum-key-management/book.toml @@ -3,4 +3,4 @@ authors = ["Anton Livaja", "Lance R. Vick", "Ryan Heywood"] language = "en" multilingual = false src = "src" -title = "Quorum Key Management System (QKMS)" +title = "Quorum Key Management (QKM)" diff --git a/quorum-key-management-system/src/SUMMARY.md b/quorum-key-management/src/SUMMARY.md similarity index 100% rename from quorum-key-management-system/src/SUMMARY.md rename to quorum-key-management/src/SUMMARY.md diff --git a/quorum-key-management-system/src/autorun-sh-setup.md b/quorum-key-management/src/autorun-sh-setup.md similarity index 100% rename from quorum-key-management-system/src/autorun-sh-setup.md rename to quorum-key-management/src/autorun-sh-setup.md diff --git a/quorum-key-management-system/src/ceremony-log-template.md b/quorum-key-management/src/ceremony-log-template.md similarity index 100% rename from quorum-key-management-system/src/ceremony-log-template.md rename to quorum-key-management/src/ceremony-log-template.md diff --git a/quorum-key-management-system/src/core-key-ceremonies.md b/quorum-key-management/src/core-key-ceremonies.md similarity index 100% rename from quorum-key-management-system/src/core-key-ceremonies.md rename to quorum-key-management/src/core-key-ceremonies.md diff --git a/quorum-key-management-system/src/enable-pure-boot-restricted-boot.md b/quorum-key-management/src/enable-pure-boot-restricted-boot.md similarity index 100% rename from quorum-key-management-system/src/enable-pure-boot-restricted-boot.md rename to quorum-key-management/src/enable-pure-boot-restricted-boot.md diff --git a/quorum-key-management-system/src/flash-pureboot-firmware.md b/quorum-key-management/src/flash-pureboot-firmware.md similarity index 100% rename from quorum-key-management-system/src/flash-pureboot-firmware.md rename to quorum-key-management/src/flash-pureboot-firmware.md diff --git a/quorum-key-management-system/src/flashing-iso.md b/quorum-key-management/src/flashing-iso.md similarity index 100% rename from quorum-key-management-system/src/flashing-iso.md rename to quorum-key-management/src/flashing-iso.md diff --git a/quorum-key-management-system/src/glossary.md b/quorum-key-management/src/glossary.md similarity index 96% rename from quorum-key-management-system/src/glossary.md rename to quorum-key-management/src/glossary.md index 5e1f70d..5696524 100644 --- a/quorum-key-management-system/src/glossary.md +++ b/quorum-key-management/src/glossary.md @@ -4,14 +4,14 @@ In cryptography, ciphertext is the result of encryption performed on plaintext using an algorithm, called a cipher. -## Quorum Key Management System (QKMS) +## Quorum Key Management (QKM) A set of highly specified processes and tooling used for setting up a highly resilient quorum-based key management system. ## Operator An individual who manages an [Operator Key](#operator-key) which is used for protecting the passphrase of a Location key and participates in different -aspects of the lifecycle management of the QKMS system. +aspects of the lifecycle management of the QKM system. ## Operator Key An asymmetric key used for protecting the passphrase of a Location key @@ -85,7 +85,7 @@ M is the minimum number of shards required to reassemble the secret, and N is th total number of shards that exist. The minimum recommended threshold is 2-of-3. ## Organization -An organization which owns the QKMS and is responsible for funding the setup and +An organization which owns the QKM and is responsible for funding the setup and maintenance. The organization is also responsible for ensuring that the [Warehouse](#warehouse) is properly maintained in order to ensure that the ciphertext blobs associated with the system are redundantly stored and diff --git a/quorum-key-management-system/src/hardware-destruction.md b/quorum-key-management/src/hardware-destruction.md similarity index 100% rename from quorum-key-management-system/src/hardware-destruction.md rename to quorum-key-management/src/hardware-destruction.md diff --git a/quorum-key-management-system/src/hardware.md b/quorum-key-management/src/hardware.md similarity index 96% rename from quorum-key-management-system/src/hardware.md rename to quorum-key-management/src/hardware.md index 8fbaa7d..990bf92 100644 --- a/quorum-key-management-system/src/hardware.md +++ b/quorum-key-management/src/hardware.md @@ -8,7 +8,7 @@ kind of hardware supply chain compromise, has the same vulnerability present, or has the same type of hardware failure issue. Based on the decided upon [Quorum](selecting-quorum.md), the amount of equipment -required to set up a [QKMS](glossary.md#quroum-kms-qkms) will +required to set up a [QKM](glossary.md#quroum-kms-QKM) will vary. In order to figure out what equipment is required, decide on a Quorum, which is expressed as "N of M". Once you know your M, the required equipment list is the following: @@ -57,7 +57,7 @@ security and verifiable software ## Air-Gapped Computer [Air-Gapped](glossary.md#Air-Gapped) computers are used for the lifecycle management -of cryptographic material that is part of QKMS. +of cryptographic material that is part of QKM. The primary hardware recommendation for a Air-Gapped Computer is the [Librem 14](https://puri.sm/products/librem-14/), manufactured by [Purism](puri.sm). Purism specializes in reducing hardware and firmware security risks, especially via their [Anti-Interdiction Service](https://puri.sm/posts/anti-interdiction-services/) and [PureBoot](https://docs.puri.sm/PureBoot.html) diff --git a/quorum-key-management-system/src/hybrid-key-provisioning.md b/quorum-key-management/src/hybrid-key-provisioning.md similarity index 97% rename from quorum-key-management-system/src/hybrid-key-provisioning.md rename to quorum-key-management/src/hybrid-key-provisioning.md index 4a3a2d3..b6df96c 100644 --- a/quorum-key-management-system/src/hybrid-key-provisioning.md +++ b/quorum-key-management/src/hybrid-key-provisioning.md @@ -1,7 +1,7 @@ # Hybrid Key Provisioning This document contains instructions on how Operators collaborate to set up -QKMS where the Operator Keys and Location Keys were generated before this +QKM where the Operator Keys and Location Keys were generated before this ceremony and only the PGP Public Certificates of the Location keys are brought to the ceremony which are used to shard the Root Entropy. This is useful when conducting the ceremony in a lower trust environment, and where not all diff --git a/quorum-key-management-system/src/img/download-airgap-os.png b/quorum-key-management/src/img/download-airgap-os.png similarity index 100% rename from quorum-key-management-system/src/img/download-airgap-os.png rename to quorum-key-management/src/img/download-airgap-os.png diff --git a/quorum-key-management-system/src/initialize-pureboot-smart-card.md b/quorum-key-management/src/initialize-pureboot-smart-card.md similarity index 100% rename from quorum-key-management-system/src/initialize-pureboot-smart-card.md rename to quorum-key-management/src/initialize-pureboot-smart-card.md diff --git a/quorum-key-management-system/src/intro.md b/quorum-key-management/src/intro.md similarity index 89% rename from quorum-key-management-system/src/intro.md rename to quorum-key-management/src/intro.md index 8ac5d78..c9d318e 100644 --- a/quorum-key-management-system/src/intro.md +++ b/quorum-key-management/src/intro.md @@ -1,13 +1,13 @@ # Introduction -Quorum Key Management System (QKMS) is an open source system of playbooks and +Quorum Key Management (QKM) is an open source system of playbooks and tooling which facilitates the creation and maintenance of highly resilient Quorum-based Key Management Systems based on a strict [threat model](threat-model.md) which can be used for a variety of different cryptographic algorithms. The system was designed and developed by [Distrust](https://distrust.co), with the generous support of the following sponsors: TODO. -The basic premise of QKMS is that primary cryptographic material akin to a root +The basic premise of QKM is that primary cryptographic material akin to a root certificate, called Root Entropy, is derived during a secure key derivation ceremony, and then used to derive chosen cryptographic material via different algorithms such as PGP keys, digital asset wallets, web certificates and more. @@ -21,7 +21,7 @@ secret material, namely the Root Entropy. ## Use Cases -QKMS can be used for a wide range of use-cases which span but are not limited +QKM can be used for a wide range of use-cases which span but are not limited to: * Deriving a PGP key pair whose public key can be used as a "one-way deposit @@ -40,7 +40,7 @@ a cold signing setup. ## Playbooks -QKMS can be set up by using a set of highly opinionated playbooks which outline +QKM can be set up by using a set of highly opinionated playbooks which outline the process. The documentation should be read in its entirety by all participants in the ceremony in order to ensure that the system is well understood by all in order to ensure that the integrity of the process is diff --git a/quorum-key-management-system/src/local-key-provisioning.md b/quorum-key-management/src/local-key-provisioning.md similarity index 96% rename from quorum-key-management-system/src/local-key-provisioning.md rename to quorum-key-management/src/local-key-provisioning.md index 911f6ae..9c531f2 100644 --- a/quorum-key-management-system/src/local-key-provisioning.md +++ b/quorum-key-management/src/local-key-provisioning.md @@ -1,7 +1,7 @@ # Local Key Provisioning This document contains instructions on how Operators collaborate to set up -QKMS which requires an N-of-M quorum to be reconstituted. The encrypted shards +QKM which requires an N-of-M quorum to be reconstituted. The encrypted shards which result from this ceremony are stored in separate physical [Locations](locations.md) which contain [Location Keys](glossary.md#location-key) to which shards are encrypted, and whose passphrases are protected using diff --git a/quorum-key-management-system/src/location-key-provisioning.md b/quorum-key-management/src/location-key-provisioning.md similarity index 96% rename from quorum-key-management-system/src/location-key-provisioning.md rename to quorum-key-management/src/location-key-provisioning.md index 0731fe8..73bc126 100644 --- a/quorum-key-management-system/src/location-key-provisioning.md +++ b/quorum-key-management/src/location-key-provisioning.md @@ -3,7 +3,7 @@ ## Description This ceremony is for generating Location Keys. Location Keys are typically stored in vaults as prescribed in the [Secure Storage Guidelines](secure-storage-guidelines.md). -Location Keys are keypairs to which the Root Entropy of a QKMS is sharded. The +Location Keys are keypairs to which the Root Entropy of a QKM is sharded. The keypairs are stored exclusively on Smart Cards, and the PINs which protect the Smart Cards are encrypted to Operator Keys. diff --git a/quorum-key-management-system/src/locations.md b/quorum-key-management/src/locations.md similarity index 100% rename from quorum-key-management-system/src/locations.md rename to quorum-key-management/src/locations.md diff --git a/quorum-key-management-system/src/one-time-repository-setup.md b/quorum-key-management/src/one-time-repository-setup.md similarity index 100% rename from quorum-key-management-system/src/one-time-repository-setup.md rename to quorum-key-management/src/one-time-repository-setup.md diff --git a/quorum-key-management-system/src/one-time-use-airgapos.md b/quorum-key-management/src/one-time-use-airgapos.md similarity index 100% rename from quorum-key-management-system/src/one-time-use-airgapos.md rename to quorum-key-management/src/one-time-use-airgapos.md diff --git a/quorum-key-management-system/src/one-time-use-hardware-procurement.md b/quorum-key-management/src/one-time-use-hardware-procurement.md similarity index 100% rename from quorum-key-management-system/src/one-time-use-hardware-procurement.md rename to quorum-key-management/src/one-time-use-hardware-procurement.md diff --git a/quorum-key-management-system/src/one-time-use-locations.md b/quorum-key-management/src/one-time-use-locations.md similarity index 100% rename from quorum-key-management-system/src/one-time-use-locations.md rename to quorum-key-management/src/one-time-use-locations.md diff --git a/quorum-key-management-system/src/operator-key-provisioning.md b/quorum-key-management/src/operator-key-provisioning.md similarity index 100% rename from quorum-key-management-system/src/operator-key-provisioning.md rename to quorum-key-management/src/operator-key-provisioning.md diff --git a/quorum-key-management-system/src/physical-artifact-storage.md b/quorum-key-management/src/physical-artifact-storage.md similarity index 94% rename from quorum-key-management-system/src/physical-artifact-storage.md rename to quorum-key-management/src/physical-artifact-storage.md index 5168886..78ee34a 100644 --- a/quorum-key-management-system/src/physical-artifact-storage.md +++ b/quorum-key-management/src/physical-artifact-storage.md @@ -1,6 +1,6 @@ # Physical Artifact Storage -QKMS requires that some of the hardware containing cryptographic material be +QKM requires that some of the hardware containing cryptographic material be securely stored in physical locations. The two primary cases where physical storage is necessary are the storage of Location Key Smart Cards, and Operator Key Smart Cards. These Smart Cards are necessary to successfully execute a diff --git a/quorum-key-management-system/src/public-ceremony-artifact-storage.md b/quorum-key-management/src/public-ceremony-artifact-storage.md similarity index 95% rename from quorum-key-management-system/src/public-ceremony-artifact-storage.md rename to quorum-key-management/src/public-ceremony-artifact-storage.md index 78c19ae..8333d19 100644 --- a/quorum-key-management-system/src/public-ceremony-artifact-storage.md +++ b/quorum-key-management/src/public-ceremony-artifact-storage.md @@ -1,7 +1,7 @@ # Redundant Storage of Ceremony Artifacts Ceremony Artifacts consist of data which is not sensitive in nature, but -essential to ongoing operation of a QKMS. +essential to ongoing operation of a QKM. The primary artifacts which are produced during the ceremony are: diff --git a/quorum-key-management-system/src/quorum-team.md b/quorum-key-management/src/quorum-team.md similarity index 89% rename from quorum-key-management-system/src/quorum-team.md rename to quorum-key-management/src/quorum-team.md index cd24e2f..e903fa1 100644 --- a/quorum-key-management-system/src/quorum-team.md +++ b/quorum-key-management/src/quorum-team.md @@ -1,7 +1,7 @@ # Quorum Team The Quorum Team is a team of individuals who are selected to perform different -roles related to a QKMS. Some of the Quorum Team members have ongoing roles, +roles related to a QKM. Some of the Quorum Team members have ongoing roles, while others may participate in a partial manner. Depending on the type of actions performed, some or all of the members of the @@ -28,7 +28,7 @@ Controllers may be used to protect access to physical locations - according to risk appetite. ## Witness -Witnesses are individuals who are familiar with the QKMS specification, and can +Witnesses are individuals who are familiar with the QKM specification, and can ensure that the different aspects of the system are set up correctly, and processes carried out as they should be. The main objective of the witnesses is to monitor and attest that processes such as the ceremonies are done according diff --git a/quorum-key-management-system/src/remote-key-provisioning.md b/quorum-key-management/src/remote-key-provisioning.md similarity index 100% rename from quorum-key-management-system/src/remote-key-provisioning.md rename to quorum-key-management/src/remote-key-provisioning.md diff --git a/quorum-key-management-system/src/repeat-use-airgapos.md b/quorum-key-management/src/repeat-use-airgapos.md similarity index 100% rename from quorum-key-management-system/src/repeat-use-airgapos.md rename to quorum-key-management/src/repeat-use-airgapos.md diff --git a/quorum-key-management-system/src/secure-boot-sequence.md b/quorum-key-management/src/secure-boot-sequence.md similarity index 100% rename from quorum-key-management-system/src/secure-boot-sequence.md rename to quorum-key-management/src/secure-boot-sequence.md diff --git a/quorum-key-management-system/src/selecting-quorum.md b/quorum-key-management/src/selecting-quorum.md similarity index 100% rename from quorum-key-management-system/src/selecting-quorum.md rename to quorum-key-management/src/selecting-quorum.md diff --git a/quorum-key-management-system/src/setting-smart-card-pins.md b/quorum-key-management/src/setting-smart-card-pins.md similarity index 100% rename from quorum-key-management-system/src/setting-smart-card-pins.md rename to quorum-key-management/src/setting-smart-card-pins.md diff --git a/quorum-key-management-system/src/software.md b/quorum-key-management/src/software.md similarity index 92% rename from quorum-key-management-system/src/software.md rename to quorum-key-management/src/software.md index a994af7..4d005e8 100644 --- a/quorum-key-management-system/src/software.md +++ b/quorum-key-management/src/software.md @@ -1,5 +1,5 @@ # Software -This page outlines the software used for setting up a QKMS. All software used in +This page outlines the software used for setting up a QKM. All software used in the setup is open source and audited by security firms in order to ensure their security. Furthermore, all software is built in a deterministic manner and reproduced by multiple individuals on diverse hardware to minimize the risks @@ -33,6 +33,6 @@ BIP-0039 mnemonic phrase. BIP-0039 phrases are used to calculate a BIP-0032 seed, which is used for hierarchical deterministic key derivation. This software is the backbone for all cryptographic actions performed as part -of QKMS. It was developed by [Distrust](https://distrust.co) and is included +of QKM. It was developed by [Distrust](https://distrust.co) and is included with AirgapOS and has been audited by two firms, NCC and Cure53 with no significant vulnerabilities found. diff --git a/quorum-key-management-system/src/storage-device-management.md b/quorum-key-management/src/storage-device-management.md similarity index 100% rename from quorum-key-management-system/src/storage-device-management.md rename to quorum-key-management/src/storage-device-management.md diff --git a/quorum-key-management-system/src/threat-model.md b/quorum-key-management/src/threat-model.md similarity index 94% rename from quorum-key-management-system/src/threat-model.md rename to quorum-key-management/src/threat-model.md index 0ce386e..f24cce5 100644 --- a/quorum-key-management-system/src/threat-model.md +++ b/quorum-key-management/src/threat-model.md @@ -1,10 +1,10 @@ # Threat Model -QKMS is designed according to a high-assurance threat model which ers on the +QKM is designed according to a high-assurance threat model which ers on the side of making exaggerated, rather than conservative assumptions in order to build a resilient system. -The assumption is made that attackers who target QKMS are extremely +The assumption is made that attackers who target QKM are extremely sophisticated, well funded and patient attackers, and as such, the full arsenal of attacks is on the table. This means that the attacker can purchase and weaponize multiple 0day vulnerabilities, execute physical attacks or deploy @@ -18,7 +18,7 @@ whether it's maintainers of software used in the system, the firmware that's used, or the individuals or locations that hold secret material which is the backbone of the system. -To achieve this, the QKMS focuses on reducing the risk by: +To achieve this, the QKM focuses on reducing the risk by: * Only using fully open source software and firmware to allow full verification of their security