diff --git a/quorum-key-management/src/SUMMARY.md b/quorum-key-management/src/SUMMARY.md index 0224508..b0a983b 100644 --- a/quorum-key-management/src/SUMMARY.md +++ b/quorum-key-management/src/SUMMARY.md @@ -9,7 +9,7 @@ * [Glossary](glossary.md) * [Generated Documents]() * [All Levels]() - * [Provision Personal PGP Signing Keys On-Board Smart Card](generated-documents/all-levels/provision-pgp-signing-keys-on-board-smart-card.md) + * [Personal PGP Key Provisioning](generated-documents/all-levels/pgp-key-provisioning.md) * [Level 2]() * [Fixed-Location]() * [Procurer](generated-documents/level-2/fixed-location/procurer/index.md) @@ -27,8 +27,7 @@ * [Approver](system-roles.md) * [Transaction Approval](generated-documents/level-2/fixed-location/approver/approve-transaction.md) * [Operator](generated-documents/level-2/fixed-location/operator/index.md) - * [PGP Key Provisioning](generated-documents/level-2/fixed-location/operator/pgp-key-provisioning.md) - * [Ceremony SD Card Provisioning](generated-documents/level-2/fixed-location/operator/ceremony-sd-card-provisioning.md) - * [Namespace Entropy Ceremony](generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md) * [Quorum Entropy Ceremony](generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md) + * [Namespace Entropy Ceremony](generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md) + * [Ceremony SD Card Provisioning](generated-documents/level-2/fixed-location/operator/ceremony-sd-card-provisioning.md) * [PYTH-SLN - Sign Transaction](generated-documents/level-2/fixed-location/operator/coins/pyth-spl/sign-transaction.md) \ No newline at end of file diff --git a/quorum-key-management/src/generated-documents/all-levels/pgp-key-provisioning.md b/quorum-key-management/src/generated-documents/all-levels/pgp-key-provisioning.md new file mode 100644 index 0000000..9a16af4 --- /dev/null +++ b/quorum-key-management/src/generated-documents/all-levels/pgp-key-provisioning.md @@ -0,0 +1,25 @@ +# Personal PGP Key Provisioning + +## Requirements + +* 2 Operators, each with a [Personal PGP key pair](/key-types.md#personal-pgp-keypair) + +* Computer that can load AirgapOS ([compatibility reference](https://git.distrust.co/public/airgap#tested-models)) + +* [AirgapOS SD card](../level-2/fixed-location/provisioner/provision-airgapos.md) + +* 2+ new smart cards + +* 2+ SD cards + +## Procedure + +1. Insert AirgapOS SD card into computer + +1. Boot to AirgapOS + + * Boot from the SD card by modifying the Boot Menu + + * [Disabling secure boot](generated-documents/level-2/fixed-location/procurer/procure-tamper-proofing-equipment.html) may be necessary + +{{ #include ../../component-documents/openpgp-setup.md:steps-keyfork}} diff --git a/quorum-key-management/src/generated-documents/all-levels/provision-pgp-signing-keys-on-board-smart-card.md b/quorum-key-management/src/generated-documents/all-levels/provision-pgp-signing-keys-on-board-smart-card.md deleted file mode 100644 index fb8578b..0000000 --- a/quorum-key-management/src/generated-documents/all-levels/provision-pgp-signing-keys-on-board-smart-card.md +++ /dev/null @@ -1,11 +0,0 @@ -# Provision Bootstrapping Personal PGP Keys On-Board Smart Card - -## Requirements - -* Smart card - -* Any computer - -## Procedure - -{{ #include ../../component-documents/openpgp-setup.md:steps-on-key-gen }} diff --git a/quorum-key-management/src/generated-documents/level-2/basic-requirements.md b/quorum-key-management/src/generated-documents/level-2/basic-requirements.md index c8bfee7..8d9ded2 100644 --- a/quorum-key-management/src/generated-documents/level-2/basic-requirements.md +++ b/quorum-key-management/src/generated-documents/level-2/basic-requirements.md @@ -6,7 +6,7 @@ * 2 individuals with appropriate role -* [Personal PGP key pair](/key-types.md#personal-pgp-keypair) + * Each needs a [Personal PGP key pair](/key-types.md#personal-pgp-keypair) * [Tamper-proofing equipment](/generated-documents/level-2/fixed-location/procurer/procure-tamper-proofing-equipment.html) diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md index fdc7019..7682b05 100644 --- a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md +++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md @@ -4,8 +4,6 @@ This is a ceremony for generating and sharding entropy to a set of existing Quor ## Requirements -* 2 or more Operators - {{ #include ../../operator-requirements.md:requirements }} * [SD Card Booster Pack](../provisioner/provision-sd-card.md) diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/pgp-key-provisioning.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/pgp-key-provisioning.md deleted file mode 100644 index 48ab15c..0000000 --- a/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/pgp-key-provisioning.md +++ /dev/null @@ -1,43 +0,0 @@ -# Quorum PGP Key Provisioning - -## Requirements - -* 2 Operators - -* [Personal PGP key pairs](/key-types.md#personal-pgp-keypair) - -* Air-gapped bundle - -* Tamper-proofing equipment - -* Both operators should print photographic evidence from digital cameras which is stored in a PGP signed repository. The photographs should be of the top and underside of the vacuum sealed object. - - * The operators should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys found in the "ceremonies" repo - -* For each new key to be provisioned: - - * 2+ new smart cards - - * 2+ new SD cards - -## Procedure - -1. Enter the facility with all personnel and required equipment - -1. Lock access to the facility for the duration of the ceremony - -1. Unseal the Air-Gapped bundle consisting of a air-gapped laptop, "AirgapOS" SD card and "Keychain" SD card - -{{ #include ../../../../component-documents/openpgp-setup.md:steps-keyfork}} - -#### Sealing - -1. Gather all the original items that were in the air-gapped bundle: - - * Air-gapped computer - - * AirgapOS SD card - -{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}} - - diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-computer.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-computer.md index 97d6d3e..9ef275f 100644 --- a/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-computer.md +++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-computer.md @@ -12,7 +12,7 @@ {{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing }} -1. Follow a given model manual to remove all radio cards, storage drive, speakers, and microphone +1. Follow a given model manual to remove all radio cards, storage drive, speakers, and microphone using standard industry laptop repair tactics {{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing }} diff --git a/quorum-key-management/src/generated-documents/level-2/operator-requirements.md b/quorum-key-management/src/generated-documents/level-2/operator-requirements.md index 9f70dbc..36685cb 100644 --- a/quorum-key-management/src/generated-documents/level-2/operator-requirements.md +++ b/quorum-key-management/src/generated-documents/level-2/operator-requirements.md @@ -4,11 +4,12 @@ ## For Quorum Based Operations // ANCHOR: requirements -* [Personal PGP key pairs](/key-types.md#personal-pgp-keypair) * [Air-gapped bundle](/generated-documents/level-2/fixed-location/provisioner/air-gapped-bundle.md) -* Adequate quorum of operators (M individuals of a M of N quorum) +* Minimum of 2 [Operators](/system-roles.md#operator) + + * [Personal PGP key pair](/key-types.md#personal-pgp-keypair) for each operator * Tamper-proofing equipment