public
/
docs
5
0
Fork 0
Code Issues 14 Pull Requests 1 Packages Projects Releases Wiki Activity

update personal pgp gen docs

This commit is contained in:
Anton Livaja 2025-01-27 23:42:28 -05:00
parent 6b1ad8db35
commit c0454d2818
Signed by: anton
GPG Key ID: 44A86CFF1FDF0E85
8 changed files with 33 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
quorum-key-management/src/SUMMARY.md
View File

@ -9,7 +9,7 @@
* [Glossary](glossary.md) * [Glossary](glossary.md)
* [Generated Documents]() * [Generated Documents]()
* [All Levels]() * [All Levels]()
* [Provision Personal PGP Signing Keys On-Board Smart Card](generated-documents/all-levels/provision-pgp-signing-keys-on-board-smart-card.md) * [Personal PGP Key Provisioning](generated-documents/all-levels/pgp-key-provisioning.md)
* [Level 2]() * [Level 2]()
* [Fixed-Location]() * [Fixed-Location]()
* [Procurer](generated-documents/level-2/fixed-location/procurer/index.md) * [Procurer](generated-documents/level-2/fixed-location/procurer/index.md)
@ -27,8 +27,7 @@
* [Approver](system-roles.md) * [Approver](system-roles.md)
* [Transaction Approval](generated-documents/level-2/fixed-location/approver/approve-transaction.md) * [Transaction Approval](generated-documents/level-2/fixed-location/approver/approve-transaction.md)
* [Operator](generated-documents/level-2/fixed-location/operator/index.md) * [Operator](generated-documents/level-2/fixed-location/operator/index.md)
* [PGP Key Provisioning](generated-documents/level-2/fixed-location/operator/pgp-key-provisioning.md)
* [Ceremony SD Card Provisioning](generated-documents/level-2/fixed-location/operator/ceremony-sd-card-provisioning.md)
* [Namespace Entropy Ceremony](generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md)
* [Quorum Entropy Ceremony](generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md) * [Quorum Entropy Ceremony](generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md)
* [Namespace Entropy Ceremony](generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md)
* [Ceremony SD Card Provisioning](generated-documents/level-2/fixed-location/operator/ceremony-sd-card-provisioning.md)
* [PYTH-SLN - Sign Transaction](generated-documents/level-2/fixed-location/operator/coins/pyth-spl/sign-transaction.md) * [PYTH-SLN - Sign Transaction](generated-documents/level-2/fixed-location/operator/coins/pyth-spl/sign-transaction.md)

25
quorum-key-management/src/generated-documents/all-levels/pgp-key-provisioning.md Normal file
View File

@ -0,0 +1,25 @@
# Personal PGP Key Provisioning
## Requirements
* 2 Operators, each with a [Personal PGP key pair](/key-types.md#personal-pgp-keypair)
* Computer that can load AirgapOS ([compatibility reference](https://git.distrust.co/public/airgap#tested-models))
* [AirgapOS SD card](../level-2/fixed-location/provisioner/provision-airgapos.md)
* 2+ new smart cards
* 2+ SD cards
## Procedure
1. Insert AirgapOS SD card into computer
1. Boot to AirgapOS
* Boot from the SD card by modifying the Boot Menu
* [Disabling secure boot](generated-documents/level-2/fixed-location/procurer/procure-tamper-proofing-equipment.html) may be necessary
{{ #include ../../component-documents/openpgp-setup.md:steps-keyfork}}

11
quorum-key-management/src/generated-documents/all-levels/provision-pgp-signing-keys-on-board-smart-card.md
View File

@ -1,11 +0,0 @@
# Provision Bootstrapping Personal PGP Keys On-Board Smart Card
## Requirements
* Smart card
* Any computer
## Procedure
{{ #include ../../component-documents/openpgp-setup.md:steps-on-key-gen }}

2
quorum-key-management/src/generated-documents/level-2/basic-requirements.md
View File

@ -6,7 +6,7 @@
* 2 individuals with appropriate role * 2 individuals with appropriate role
* [Personal PGP key pair](/key-types.md#personal-pgp-keypair) * Each needs a [Personal PGP key pair](/key-types.md#personal-pgp-keypair)
* [Tamper-proofing equipment](/generated-documents/level-2/fixed-location/procurer/procure-tamper-proofing-equipment.html) * [Tamper-proofing equipment](/generated-documents/level-2/fixed-location/procurer/procure-tamper-proofing-equipment.html)

2
quorum-key-management/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md
View File

@ -4,8 +4,6 @@ This is a ceremony for generating and sharding entropy to a set of existing Quor
## Requirements ## Requirements
* 2 or more Operators
{{ #include ../../operator-requirements.md:requirements }} {{ #include ../../operator-requirements.md:requirements }}
* [SD Card Booster Pack](../provisioner/provision-sd-card.md) * [SD Card Booster Pack](../provisioner/provision-sd-card.md)

43
quorum-key-management/src/generated-documents/level-2/fixed-location/operator/pgp-key-provisioning.md
View File

@ -1,43 +0,0 @@
# Quorum PGP Key Provisioning
## Requirements
* 2 Operators
* [Personal PGP key pairs](/key-types.md#personal-pgp-keypair)
* Air-gapped bundle
* Tamper-proofing equipment
* Both operators should print photographic evidence from digital cameras which is stored in a PGP signed repository. The photographs should be of the top and underside of the vacuum sealed object.
* The operators should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys found in the "ceremonies" repo
* For each new key to be provisioned:
* 2+ new smart cards
* 2+ new SD cards
## Procedure
1. Enter the facility with all personnel and required equipment
1. Lock access to the facility for the duration of the ceremony
1. Unseal the Air-Gapped bundle consisting of a air-gapped laptop, "AirgapOS" SD card and "Keychain" SD card
{{ #include ../../../../component-documents/openpgp-setup.md:steps-keyfork}}
#### Sealing
1. Gather all the original items that were in the air-gapped bundle:
* Air-gapped computer
* AirgapOS SD card
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}}

2
quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/provision-computer.md
View File

@ -12,7 +12,7 @@
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing }} {{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing }}
1. Follow a given model manual to remove all radio cards, storage drive, speakers, and microphone 1. Follow a given model manual to remove all radio cards, storage drive, speakers, and microphone using standard industry laptop repair tactics
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing }} {{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing }}

5
quorum-key-management/src/generated-documents/level-2/operator-requirements.md
View File

@ -4,11 +4,12 @@
## For Quorum Based Operations ## For Quorum Based Operations
// ANCHOR: requirements // ANCHOR: requirements
* [Personal PGP key pairs](/key-types.md#personal-pgp-keypair)
* [Air-gapped bundle](/generated-documents/level-2/fixed-location/provisioner/air-gapped-bundle.md) * [Air-gapped bundle](/generated-documents/level-2/fixed-location/provisioner/air-gapped-bundle.md)
* Adequate quorum of operators (M individuals of a M of N quorum) * Minimum of 2 [Operators](/system-roles.md#operator)
* [Personal PGP key pair](/key-types.md#personal-pgp-keypair) for each operator
* Tamper-proofing equipment * Tamper-proofing equipment