add step to plug in smart card and some additional context

2025-02-11 00:06:32 -05:00 · 2025-02-11 00:06:32 -05:00 · adcfad5a82
parent 1472b7c608
commit adcfad5a82
1 changed files with 6 additions and 3 deletions
--- a/quorum-vault-system/src/component-documents/openpgp-setup.md
+++ b/quorum-vault-system/src/component-documents/openpgp-setup.md
@ -11,20 +11,23 @@ as such need to be set up in a manner that minimizes exposure risks.
 1. Insert a smartcard into the system, and get its ID:

 	* `smart_card_id="$(oct list -i | head -1)"`
+	
+	* You may test the variable was set correctly using `echo $smart_card_id` (tapping tab for auto-completion is helpful here)

-1. Set the smart card to require touch for all operations:
+1. Set the smart card to require touch for all operations (defau admin PIN is 12345678):

 	* `oct admin --card $smart_card_id touch --key SIG --policy On`
 	* `oct admin --card $smart_card_id touch --key DEC --policy On`
 	* `oct admin --card $smart_card_id touch --key AUT --policy On`
 	* `oct admin --card $smart_card_id touch --key ATT --policy On`

+1. Plug in a fresh smart card
+
 1. Generate a mnemonic, encrypting to a newly-generated key:
        
 	* `keyfork mnemonic generate --size 256 --encrypt-to-self cert.asc,output=encrypted-mnemonic.asc --provision openpgp-card,identifier="$smart_card_id"`

-1. If additional keys are required, recover the Keyfork key from the encrypted
-	 mnemonic:
+1. If additional smart cards are required, recover the Keyfork key from the encrypted mnemonic:

 	* `gpg --import cert.asc`