From adcfad5a82497dac095ad6fffe696cf2f209184b Mon Sep 17 00:00:00 2001 From: Anton Livaja Date: Tue, 11 Feb 2025 00:06:32 -0500 Subject: [PATCH] add step to plug in smart card and some additional context --- .../src/component-documents/openpgp-setup.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/quorum-vault-system/src/component-documents/openpgp-setup.md b/quorum-vault-system/src/component-documents/openpgp-setup.md index 7218412..31a73de 100644 --- a/quorum-vault-system/src/component-documents/openpgp-setup.md +++ b/quorum-vault-system/src/component-documents/openpgp-setup.md @@ -11,20 +11,23 @@ as such need to be set up in a manner that minimizes exposure risks. 1. Insert a smartcard into the system, and get its ID: * `smart_card_id="$(oct list -i | head -1)"` + + * You may test the variable was set correctly using `echo $smart_card_id` (tapping tab for auto-completion is helpful here) -1. Set the smart card to require touch for all operations: +1. Set the smart card to require touch for all operations (defau admin PIN is 12345678): * `oct admin --card $smart_card_id touch --key SIG --policy On` * `oct admin --card $smart_card_id touch --key DEC --policy On` * `oct admin --card $smart_card_id touch --key AUT --policy On` * `oct admin --card $smart_card_id touch --key ATT --policy On` +1. Plug in a fresh smart card + 1. Generate a mnemonic, encrypting to a newly-generated key: * `keyfork mnemonic generate --size 256 --encrypt-to-self cert.asc,output=encrypted-mnemonic.asc --provision openpgp-card,identifier="$smart_card_id"` -1. If additional keys are required, recover the Keyfork key from the encrypted - mnemonic: +1. If additional smart cards are required, recover the Keyfork key from the encrypted mnemonic: * `gpg --import cert.asc`