diff --git a/quorum-vault-system/src/SUMMARY.md b/quorum-vault-system/src/SUMMARY.md index 1722736..0e1c931 100644 --- a/quorum-vault-system/src/SUMMARY.md +++ b/quorum-vault-system/src/SUMMARY.md @@ -32,6 +32,7 @@ * [Namespace Entropy Ceremony](generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md) * [Ceremony SD Card Provisioning](generated-documents/level-2/fixed-location/operator/ceremony-sd-card-provisioning.md) * [SOL - Transfer Token](generated-documents/level-2/fixed-location/operator/coins/sol/transfer-token.md) + * [SOL - Generate Address](generated-documents/level-2/fixed-location/operator/coins/sol/generate-address.md) * [Decrypt Namespace Secret](generated-documents/level-2/fixed-location/operator/decrypt-namespace-secret.md) * [Encrypt Wallet To Namespace PGP Key](generated-documents/level-2/fixed-location/operator/encrypt-wallet-to-namespace-key.md) * [Export Namespace Mnemonic](generated-documents/level-2/fixed-location/operator/export-namespace-mnemonic.md) diff --git a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sol/generate-address.md b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sol/generate-address.md new file mode 100644 index 0000000..73e69cf --- /dev/null +++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sol/generate-address.md @@ -0,0 +1,170 @@ +# SOL - Generate Address + +## Requirements + +{{ #include ../../../../operator-requirements.md:requirements }} + +* Online machine + +* [High Visibility Storage](TODO): plastic container or bag that's used to keep items while not in use in a visible location like the middle of a desk. + +* [Quorum PGP key pairs](../../key-types.md#quorum-pgp-keypair) + +* [Ceremony SD card](../../ceremony-sd-card-provisioning.md) + +## Procedure + +1. Enter the designated location with the quorum of operators and all required equipment + +1. Lock access to the location - there should be no inflow or outflow of people during the ceremony + +1. Place Ceremony SD card in High Visibility Storage + +1. Retrieve sealed Air-Gapped bundle, polaroid of tamper evidence, and online laptop from locked storage + +{{ #include ../../../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}} + +1. Place all contents except for the laptop into High Visibility Storage + +### Offline Machine: Generate Address + +1. Retrieve AirgapOS SD card and plug it into the air-gapped machine + +1. Turn on air-gapped machine + +1. Unplug the AirgapOS SD card and place it in High Visibility Storage + +1. Retrieve Ceremony SD card from High Visibility Storage and plug it into the air-gapped machine + +1. Copy the `vaults` repository to the machine + + * `cp -r /media/vaults /root/` + +1. Change directory to `vaults`: + + * `cd /root/vaults` + +1. Start Keyfork using the relevant Shardfile: + + 1. `keyfork recover shard --daemon /shardfile.asc` + + 1. Follow on screen prompts + +1. If the desired `` directory doesn't exist for the namespace, create it: + + * `mkdir -p /` + + * e.g `mkdir -p vault_1/sol/` + +1. Connect to the appropriate coin directory: + + * `cd //` + +1. Check what the latest address account is: + + * `ls -la .` + +1. Find what the latest number for the address is, and add 1 to it. This will be the new address account. + + * For example if the latest address file is 42, the new account_id would be 43. The addresses should start at `0` + + * Set an environment variable with the new account_id: + + * `account_id=`, e.g `account_id=43` + +1. Generate a new address: + + * `icepick workflow sol generate-address --account $account_id | jq -r .pubkey > $account_id.txt` + +1. Sign the file using: + + * `gpg --detach-sign $account_id.txt` + +1. You may repeat the previous steps, starting at the step where the `account_id` is set. + +1. Once finished, copy the updated repository back to the Ceremony SD card: + + * `cp -rf /root/vaults /media/` + +1. Shut down the air gapped machine + +1. Unplug the Ceremony SD card and place it into High Visibility Storage + +### Online Machine: Generate Nonce Account + +1. Turn on online machine + +1. Retrieve the Ceremony SD card from High Visibility Storage and plug it into the computer + +1. {{ #include ../../../../component-documents/finding-device-name.md:content }} + +1. Copy the `vaults` repository from the Ceremony SD card: + + * `cp -r /media/vaults ~/` + + * If the `~/vaults/` repository already exists, ensure it doesn't have any changes that haven't been committed, then remove it using `sudo rm -rf ~/vaults` before re-running the previous step + +1. Ensure `keyfork` is available on the system: + + * Follow steps from [installation guide](https://git.distrust.co/public/keyfork#install) + +1. Ensure `icepick` is available on system + + * Follow steps from [installation guide](TODO) + +1. Set unsafe `keyfork` usage variable: + + * `export SHOOT_SELF_IN_FOOT=1` + +1. Generate throwaway mnemonic to generate address which will be used for funding the creation of nonce account: + + * `keyfork mnemonic generate | KEYFORK_PROMPT_TYPE=headless keyfork recover mnemonic --daemon` + +1. Change directory into the desired \/\ directory: + + * `cd ~/vaults//` + +1. Select which account you are creating the delegate address by viewing the appropriate \/\/ directory: + + * `ls -la .` + +1. Once you have selected the appropriate account, set the account_id variable: + + * `account_id=` + +1. Use `icepick` to generate nonce account: + + * The following command will need to be updated to use the appropriate \, which can be `devnet`, `testnet` or `mainnet-beta` + + * `icepick workflow sol generate-nonce-account --cluster --authorization-address $"(cat $account_id.txt)" | jq -r .nonce_account > $account_id-na.txt` + +1. Airdrop the wallet displayed on-screen with 0.01 SOL + + * Once the airdrop is done, nonce account will be created + +1. Add all files to git stage: + + * `git add .` + +1. Review what files are staged: + + * `git status` + +1. Create a signed commit: + + * `git commit -m -S ""` + +1. Push the changes to the branch you are on: + + * `git push origin HEAD` + +### Sealing + +1. Gather all the original items that were in the air-gapped bundle: + + * Air-gapped computer + + * AirgapOS SD card + +{{ #include ../../../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}} +