public
/
docs
5
0
Fork 0
Code Issues 14 Pull Requests 1 Packages Projects Releases Wiki Activity

update keyfork commands for namespace and quorum entropy gen docs

This commit is contained in:
Anton Livaja 2025-01-30 00:57:06 -05:00
parent ed5a18a4f5
commit de872d6f7a
Signed by: anton
GPG Key ID: 44A86CFF1FDF0E85
2 changed files with 17 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md
View File

@ -34,7 +34,7 @@ This is a ceremony for generating and sharding entropy to a set of existing Quor
* Replace the values: <path_to_input_shard>, <pgp_cert_id> * Replace the values: <path_to_input_shard>, <pgp_cert_id>
* `keyfork mnemonic generate --size 256 --shard-to <path_to_input_shard>,output=output_shardfile.asc --output-cert root_pgp_cert.asc --user-id <pgp_cert_id>` * `keyfork wizard generate-shard-secret --shard-to shardfile.asc --output shardfile.new.asc --cert-output keyring.new.asc --derive-openpgp-cert encryption_cert.new.asc,userid=<user_id>` TODO: NOT IMPLEMENTED
1. Unseal an SD card pack 1. Unseal an SD card pack
@ -42,27 +42,27 @@ This is a ceremony for generating and sharding entropy to a set of existing Quor
1. Place all unsealed SD cards into High Visibility Storage 1. Place all unsealed SD cards into High Visibility Storage
1. Back up the `output_shardfile.asc` to any desired number of SD cards, and label each "Shardfile [unique_name] [date]" 1. Back up the newly generated artifacts to any desired number of SD cards, and label each "Shardfile [unique_name] [date]"
1. `lsblk` to find media name 1. `lsblk` to find media name
1. Back up the output shardfile: 1. Back up the output shardfile:
* `cp output_shardfile.asc /media/<media_name>/` * `cp shardfile.new.asc /media/<media_name>/`
1. Back up the new keyring file:
* `cp keyring.new.asc /media/<media_name>/`
1. Back up the root PGP certificate: 1. Back up the root PGP certificate:
* `cp root_pgp_cert.asc /media/<media_name>/` * `cp root_pgp_cert.asc /media/<media_name>/`
1. Each backup should be placed into High Visibility Storage after it's made 1. Each backup should be placed into High Visibility Storage after it's made
<!-- 1. Unplug the SD card and place it in High Visibility Storage
1. Optionally write an `autorun.sh` file to the Shardfile SD card containing the following command:
* `keyfork recover shard --daemon /media/external/<shard_file_name>` 1. Label the SD card "Shardfile [date] [namespace]"
-->
1. Unplug the SD card and place it in High Visibility Storage 1. Upload the newly generated artifacts into the ceremonies repository
1. Label the SD card "Shardfile \[date\] \[namespace\]"
1. Gather all the original items that were in the air-gapped bundle: 1. Gather all the original items that were in the air-gapped bundle:
@ -71,3 +71,4 @@ This is a ceremony for generating and sharding entropy to a set of existing Quor
* AirgapOS SD card * AirgapOS SD card
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}} {{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}}

14
quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md
View File

@ -34,7 +34,9 @@ This is a ceremony for generating entropy which is used to derive Quorum PGP key
* Replace the following values: <M>, <N>, <number_of_smart_cards_per_operator>, <pgp_cert_id> * Replace the following values: <M>, <N>, <number_of_smart_cards_per_operator>, <pgp_cert_id>
* `keyfork wizard generate-shard-secret --threshold <M> --max <N> --keys-per-shard=<number_of_smart_cards_per_operator> --output shardfile.asc --cert-output keyring.asc --output-cert root_pgp_cert.asc --user-id <pgp_cert_id>`
* `keyfork wizard generate-shard-secret --threshold <M> --max <N> --keys-per-shard=<number_of_smartcards_per_operator> --output shardfile.asc --cert-output keyring.asc --derive-openpgp-cert encryption_cert.asc,userid=<pgp_cert_id>` TODO: NOT IMPLEMENTED
1. Unseal an SD card pack 1. Unseal an SD card pack
@ -48,7 +50,7 @@ This is a ceremony for generating entropy which is used to derive Quorum PGP key
1. Back up the root OpenPGP certificate 1. Back up the root OpenPGP certificate
* `cp root_pgp_cert.asc /media/<media_name>/` * `cp encryption_cert.asc /media/<media_name>/`
1. Back up the `shardfile.asc` 1. Back up the `shardfile.asc`
@ -58,16 +60,12 @@ This is a ceremony for generating entropy which is used to derive Quorum PGP key
* `cp keyring.asc /media/<media_name>/` * `cp keyring.asc /media/<media_name>/`
<!--
1. Optionally write an `autorun.sh` file to the Shardfile SD card containing the following command:
* `echo -e '#!/bin/bash\nkeyfork recover shard --daemon' > /media/<media_name>/autorun.sh`
-->
1. Unplug the SD card and place it in High Visibility Storage 1. Unplug the SD card and place it in High Visibility Storage
1. Label the SD card "Shardfile [date]" 1. Label the SD card "Shardfile [date]"
1. Upload the newly generated artifacts into the ceremonies repository
1. Gather all the original items that were in the air-gapped bundle: 1. Gather all the original items that were in the air-gapped bundle:
* Air-gapped computer * Air-gapped computer