clean up docs

quorum-vault-system/src/component-documents/hardware-models.md

@@ -63,12 +63,8 @@ Some options include:
 
 * NitroKey 3 
 
-* Solo Key
-
 * YubiKey 5
 
-* Librem Key 
-
 // ANCHOR_END: smart-cards 
 
 ## Tamper Proofing 

quorum-vault-system/src/component-documents/linux-workstation.md

@@ -0,0 +1,7 @@
+/* ANCHOR: all */
+# Linux Workstation (Online Machine)
+// ANCHOR: content
+* Linux Workstation (online machine)
+  * Any internet connected computer with a Linux shell will suffice
+// ANCHOR_END: content
+/* ANCHOR_END: all */

quorum-vault-system/src/component-documents/openpgp-setup.md

@@ -23,7 +23,7 @@ as such need to be set up in a manner that minimizes exposure risks.
     ```
 	b. Test the variable was set correctly
     ```
-    $ echo $card_id` 
+    $ echo $card_id 
     ```
 
 1. Set the smart card to require touch for all operations
@@ -36,20 +36,26 @@ as such need to be set up in a manner that minimizes exposure risks.
     ```
     Note: default admin PIN is 12345678
 
-1. Generate a mnemonic, encrypting to a newly-generated key:
-        
-	  ```
-    $ keyfork mnemonic generate --encrypt-to-self public.asc,output=private.asc --provision openpgp-card,identifier="$card_id"
+1. Set expiry time via environment variable - you can update 2y to desired value:
+
+    ```
+    $ export KEYFORK_OPENPGP_EXPIRE=2y
     ```
 
-	  Note: The PIN can't use sequential numbers, characters or repeated patterns.
+1. Generate a mnemonic, encrypting to a newly-generated key:
+        
+    ```
+    $ keyfork mnemonic generate --encrypt-to-self public.asc,output=encrypted.asc --provision openpgp-card,identifier="$card_id"
+    ```
+
+	Note: The PIN can't use sequential numbers, characters or repeated patterns.
 
 1. Rename output to use key fingerprint:
 
     ```
     $ fingerprint="$(sq keyring cert.asc | awk '{ print $2 }')"
     $ mv public.asc "${fingerprint}.pub.asc"
-    $ mv private.asc "${fingerprint}.prv.asc"
+    $ mv encrypted.asc "${fingerprint}.enc.asc"
     ```
 
 1. Optional: Create duplicate smartcards.
@@ -58,7 +64,7 @@ as such need to be set up in a manner that minimizes exposure risks.
     
     ```
     $ gpg --import *.pub.asc
-    $ gpg --decrypt *.prv.asc | KEYFORK_PROMPT_TYPE=headless keyfork recover mnemonic --daemon
+    $ gpg --decrypt $fingerprint.enc.asc | KEYFORK_PROMPT_TYPE=headless keyfork recover mnemonic --daemon
     $ keyfork provision openpgp-card --identifier "$(oct list -i | head -1)" --account-id 0
     ```
 

quorum-vault-system/src/generated-documents/all-levels/pgp-key-provisioning.md

@@ -10,21 +10,20 @@
   * Provided by [AirGapped Bundle](../level-2/fixed-location/provisioner/air-gapped-bundle.md)
   * Alternative: Computer that can load AirgapOS ([compatibility reference](https://git.distrust.co/public/airgap#tested-models))
 
-* Linux Workstation
-  * Any internet connected Linux shell will suffice
+{{ #include ../../component-documents/linux-workstation.md:content }}
 
-* 1 New Smart Card
-  * Nitrokey Pro 3+ or Yubikey 5+
+* 1+ Smart Card
+  * At least 1 primary smart card
+  * Any number of backup smart cards
 
 * 1 Transfer SD card
-  * Document will assume volume label is TRANSFER
-  * Brand and size does not matter
+  * Document will assume the card is labelled as "TRANSFER"
 
 ##  Process
 
 **Note: Most steps will simplified to a single command in a future iteration**
 
-**See: [keyfork#73](https://git.distrust.co/public/keyfork/issues/73), [keyfork#74](https://git.distrust.co/public/keyfork/issues/74), [keyfork#76](https://git.distrust.co/public/keyfork/issues/76), [keyfork#77](https://git.distrust.co/public/keyfork/issues/77), [keyfork#78](https://git.distrust.co/public/keyfork/issues/78)**
+**See: [keyfork#73](https://git.distrust.co/public/keyfork/issues/73), [keyfork#74](https://git.distrust.co/public/keyfork/issues/74), [keyfork#77](https://git.distrust.co/public/keyfork/issues/77)**
 
 1. If using pre-sealed Cold Bundle unseal as follows:
 

quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/ceremony-sd-card-provisioning.md

@@ -6,7 +6,7 @@
 
 * [Personal PGP Keys](/key-types.html#personal-pgp-keypair)
 
-* Online computer
+{{ #include ../../../../component-documents/linux-workstation.md:content }}
 
 ## Procedure
 
@@ -14,7 +14,7 @@
 
 1. Open the SD Card Pack 
 
-{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}
+{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing }}
 
 1. Plug in a fresh SD card into computer
 

quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sol/generate-address.md

@@ -4,7 +4,7 @@
 
 {{ #include ../../../../operator-requirements.md:requirements }}
 
-* Online machine
+{{ #include ../../../../../../component-documents/linux-workstation.md:content }}
 
 * [High Visibility Storage](TODO): plastic container or bag that's used to keep items while not in use in a visible location like the middle of a desk.
 
@@ -75,6 +75,7 @@
 1. Generate a new address:
 
     * `icepick workflow sol generate-address --account $account_id | jq -r .pubkey > $account_id.txt`
+        * [38 removes need to use jq](https://git.distrust.co/public/icepick/issues/38)
 
 1. Sign the file using:
 
@@ -148,7 +149,8 @@
 
         * `export ICEPICK_CONFIG_FILE=<path_to_icepick_repositry>/icepick.toml`
 
-    * `icepick workflow sol generate-nonce-account --cluster <cluster> --authorization-address "$(cat $account_id.txt)" | jq -r .nonce_account > $account_id-na.txt`
+    * `icepick workflow sol generate-nonce-account  --authorization-address "$(cat $account_id.txt)" | jq -r .nonce_account > $account_id-na.txt`
+        * [38 removes he need to use jq and cat](https://git.distrust.co/public/icepick/issues/38)
 
     * Repeat command if returned message is "The transaction was possibly not received by the cluster."
 

quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/coins/sol/transfer-token.md

@@ -38,7 +38,7 @@
 
 	* Set the nonce address variable:
 
-		* `nonce_address=$"(cat vaults/<namespace>/<coin>/<account_id>-na.txt)"`
+		* `nonce_address="$(cat vaults/<namespace>/<coin>/<account_id>-na.txt)"`
 
 1. Set `ICEPICK_DATA_DIRECTORY`:
 
@@ -50,9 +50,7 @@
 
 	* `export ICEPICK_CONFIG_FILE=<path_to_icepick_repo>/icepick.toml`
 
-1. Run the command: `icepick workflow sol broadcast --cluster <cluster> --nonce-address=$nonce_address`
-
-	* Available clusters are `devnet`, `testnet` and `mainnet-beta`
+1. Run the command: `icepick workflow sol broadcast --nonce-address=$nonce_address`
 
 	* Await completion message before removing Ceremony SD card
 

quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/encrypt-wallet-to-namespace-key.md

@@ -16,7 +16,7 @@ Procedure for importing an arbitrary secret (raw key, mnemonic, state secrets) i
 
 1. Encrypt the secret to certificate:
 
-    * `sq encrypt --for-file <certificate> <file_to_encrypt> --output encrypted.asc` TODO: sq needs to be added to airgapOS
+    * `sq encrypt --for-file <certificate> <file_to_encrypt> --output encrypted.asc` 
 
 1. Once encrypted, name the file appropriately and add it to an `artifacts/` directory in the appropriate namespace subdirectory in the `vaults` repository
 

quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md

@@ -22,9 +22,7 @@ This is a ceremony for generating and sharding entropy to a set of existing Quor
 
     * Replace the values: <path_to_input_shard>
 
-    * `keyfork mnemonic generate --shard-to <path_to_input_shard>,output=shardfile.asc`
-
-      * TODO - NOT IMPLEMENTED: `--derive-openpgp-cert encryption_cert.new.asc,userid=<user_id>`
+    * `keyfork mnemonic generate --shard-to <path_to_input_shard>,output=shardfile.asc --encrypto-to-self encryption_certificate.asc,userid=<namespace>`
 
 1. Unseal an SD card pack
 
@@ -42,7 +40,7 @@ This is a ceremony for generating and sharding entropy to a set of existing Quor
 
         * Back up the root OpenPGP certificate
 
-        * `cp encryption_cert.asc /media/vaults/<namespace>/`
+        * `cp encryption_certificate.asc /media/vaults/<namespace>/`
 
     1. Copy the contents of Ceremony SD card to machine
 

quorum-vault-system/src/generated-documents/level-2/fixed-location/proposer/create-transaction-payload.md

@@ -30,7 +30,7 @@ The proposer must combine these values into a JSON file, such as:
 
 	* The proposer should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys found in the `vaults` repo
 
-* Online Machine
+{{ #include ../../../../component-documents/linux-workstation.md:content }}
 
 * Clone the [Vaults Repository](../../../all-levels/create-vaults-repository.md) for your organization to the machine
 
@@ -95,7 +95,7 @@ The proposer must combine these values into a JSON file, such as:
 
 	* e.g `icepick workflow cosmos withdraw-rewards --delegate-address kyve1q9w3nar74up6mxnwd428wpr5nffcw3360tkxer --validator-address kyvevaloper1ghpmzfuggm7vcruyhfzrczl4aczy8gas8guslh --chain-name korellia --export-for-quorum --sign > <namespace>/ceremonies/<date>/payloads/payload_<num>.json`
 
-	* e.g `icepick workflow sol transfer --from-address "$(cat <namespace>/<coin>/0.txt)" --to-address "$(cat to_address.txt) --amount <amount> --export-for-quorum --sign > <namespace>/ceremonies/<date>/payloads/payload_<num>.json`
+	* e.g `icepick workflow sol transfer --from-address "$(cat <namespace>/<coin>/0.txt)" --to-address "$(cat to_address.txt)" --amount <amount> --export-for-quorum --sign > <namespace>/ceremonies/<date>/payloads/payload_<num>.json`
 
 1. Copy the updated ceremonies repo to the SD card
 

quorum-vault-system/src/generated-documents/level-2/hardware.md

@@ -23,8 +23,6 @@
 
 * Computers which are compatible which can be verified via [this guide](https://git.distrust.co/public/airgap#hardware-compatibility)
 
-* Online Use: Chromebook or QubesOS laptop
-
 // ANCHOR_END: computer-models
 
 ## Digital Camera

quorum-vault-system/src/generated-documents/level-2/operator-requirements.md

@@ -8,9 +8,15 @@
 
     * The operators should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys found in the "ceremonies" repo
 
-* [Air-gapped bundle](/generated-documents/level-2/fixed-location/provisioner/air-gapped-bundle.md)
+* [AirgapOS SD card](/generated-documents/level-2/fixed-location/provisioner/provision-airgapos.md)
+  * Provided by [AirGapped Bundle](/generated-documents/level-2/fixed-location/provisioner/air-gapped-bundle.md)
+  * Alternative: Create your own from documentation in [AirgapOS Repository](https://git.distrust.co/public/airgap)
 
-* Minimum of 2 [Operators](/system-roles.md#operator)
+* AirgapOS Laptop
+  * Provided by [AirGapped Bundle](/generated-documents/level-2/fixed-location/provisioner/air-gapped-bundle.md)
+  * Alternative: Computer that can load AirgapOS ([compatibility reference](https://git.distrust.co/public/airgap#tested-models))
+
+* Minimum of 1 [Operator](/system-roles.md#operator) and 1 [Witness](/system-roles.md#witness)
 
     * [Personal PGP key pair](/key-types.md#personal-pgp-keypair) for each operator