update keyfork commands for namespace and quorum entropy gen docs

2025-01-30 00:57:06 -05:00 · 2025-01-30 00:57:06 -05:00 · de872d6f7a
parent ed5a18a4f5
commit de872d6f7a
2 changed files with 17 additions and 18 deletions
--- a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md
+++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md
@ -34,7 +34,7 @@ This is a ceremony for generating and sharding entropy to a set of existing Quor

    * Replace the values: <path_to_input_shard>, <pgp_cert_id>

-	* `keyfork mnemonic generate --size 256 --shard-to <path_to_input_shard>,output=output_shardfile.asc --output-cert root_pgp_cert.asc --user-id <pgp_cert_id>`
+	* `keyfork wizard generate-shard-secret --shard-to shardfile.asc --output shardfile.new.asc --cert-output keyring.new.asc --derive-openpgp-cert encryption_cert.new.asc,userid=<user_id>` TODO: NOT IMPLEMENTED

 1. Unseal an SD card pack

@ -42,27 +42,27 @@ This is a ceremony for generating and sharding entropy to a set of existing Quor

 1. Place all unsealed SD cards into High Visibility Storage

-1. Back up the `output_shardfile.asc` to any desired number of SD cards, and label each "Shardfile [unique_name] [date]"
+1. Back up the newly generated artifacts to any desired number of SD cards, and label each "Shardfile [unique_name] [date]"

    1. `lsblk` to find media name

    1. Back up the output shardfile: 
-        * `cp output_shardfile.asc /media/<media_name>/`
+        * `cp shardfile.new.asc /media/<media_name>/`
+
+    1. Back up the new keyring file:
+
+        * `cp keyring.new.asc /media/<media_name>/`

    1. Back up the root PGP certificate:
        * `cp root_pgp_cert.asc /media/<media_name>/`

    1. Each backup should be placed into High Visibility Storage after it's made

-<!--
-1. Optionally write an `autorun.sh` file to the Shardfile SD card containing the following command:
+    1. Unplug the SD card and place it in High Visibility Storage

-    * `keyfork recover shard --daemon /media/external/<shard_file_name>`
-->
+    1. Label the SD card "Shardfile [date] [namespace]"

-1. Unplug the SD card and place it in High Visibility Storage
-
-1. Label the SD card "Shardfile \[date\] \[namespace\]"
+1. Upload the newly generated artifacts into the ceremonies repository

 1. Gather all the original items that were in the air-gapped bundle:

@ -71,3 +71,4 @@ This is a ceremony for generating and sharding entropy to a set of existing Quor
    * AirgapOS SD card

 {{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}}
+
--- a/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md
+++ b/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/quorum-entropy-ceremony.md
@ -34,7 +34,9 @@ This is a ceremony for generating entropy which is used to derive Quorum PGP key

    * Replace the following values: <M>, <N>, <number_of_smart_cards_per_operator>, <pgp_cert_id>

-	* `keyfork wizard generate-shard-secret --threshold <M> --max <N> --keys-per-shard=<number_of_smart_cards_per_operator> --output shardfile.asc --cert-output keyring.asc --output-cert root_pgp_cert.asc --user-id <pgp_cert_id>` 
+
+    * `keyfork wizard generate-shard-secret --threshold <M> --max <N> --keys-per-shard=<number_of_smartcards_per_operator> --output shardfile.asc --cert-output keyring.asc --derive-openpgp-cert encryption_cert.asc,userid=<pgp_cert_id>` TODO: NOT IMPLEMENTED
+

 1. Unseal an SD card pack

@ -48,7 +50,7 @@ This is a ceremony for generating entropy which is used to derive Quorum PGP key

    1. Back up the root OpenPGP certificate

-        * `cp root_pgp_cert.asc /media/<media_name>/`
+        * `cp encryption_cert.asc /media/<media_name>/`

    1. Back up the `shardfile.asc`     

@ -58,16 +60,12 @@ This is a ceremony for generating entropy which is used to derive Quorum PGP key

        * `cp keyring.asc /media/<media_name>/`

-<!--
-    1. Optionally write an `autorun.sh` file to the Shardfile SD card containing the following command:
-
-        * `echo -e '#!/bin/bash\nkeyfork recover shard --daemon' > /media/<media_name>/autorun.sh`
-->
-
    1. Unplug the SD card and place it in High Visibility Storage

    1. Label the SD card "Shardfile [date]"

+1. Upload the newly generated artifacts into the ceremonies repository
+
 1. Gather all the original items that were in the air-gapped bundle:

    * Air-gapped computer