.editorconfig

@@ -10,8 +10,8 @@ indent_style = tab
 indent_size = 2
 
 [*.md]
-indent_style = tab
+indent_style = space
-indent_size = 4
+indent_size = 2
 
 [*]
 end_of_line = lf

quorum-vault-system/src/component-documents/openpgp-setup.md

@@ -5,7 +5,7 @@ Setting up a personal PGP key pair is necessary for a number of different
 aspects while bootstrapping QVS. The keys are a fundamental building block, and
 as such need to be set up in a manner that minimizes exposure risks.
 
-## Generating Keys using `keyfork`
+## Generating Keys using `keyfork` and `oct`
 // ANCHOR: steps-keyfork
 
 1. Insert an SD card into the system
@@ -15,7 +15,26 @@ as such need to be set up in a manner that minimizes exposure risks.
     $ cd /media/TRANSFER
     ```
 
-1. Insert all smartcards to be provisioned into the system.
+1. Insert a smartcard into the system, and get its ID:
+
+	a. Set variable with card ID
+    ```
+    $ card_id="$(oct list -i | head -1)"`
+    ```
+	b. Test the variable was set correctly
+    ```
+    $ echo $card_id 
+    ```
+
+1. Set the smart card to require touch for all operations
+
+    ```
+    $ oct admin --card $card_id touch --key SIG --policy On
+    $ oct admin --card $card_id touch --key DEC --policy On
+    $ oct admin --card $card_id touch --key AUT --policy On
+    $ oct admin --card $card_id touch --key ATT --policy On
+    ```
+    Note: default admin PIN is 12345678
 
 1. Set expiry time via environment variable - you can update 2y to desired value:
 
@@ -24,19 +43,31 @@ as such need to be set up in a manner that minimizes exposure risks.
     ```
 
 1. Generate a mnemonic, encrypting to a newly-generated key:
-
+        
-	Ensure the User ID is your name and your email.
-
     ```
-    $ keyfork mnemonic generate --encrypt-to-self output=encrypted.asc --provision openpgp-card,userid="Your Name <your@email.co>"
+    $ keyfork mnemonic generate --encrypt-to-self public.asc,output=encrypted.asc --provision openpgp-card,identifier="$card_id"
     ```
 
-	The `count=` variable can be provided to `provision` to ensure the correct
-	amount of smartcards is provisioned - the program will error if the amount
-	of smartcards available is not equal to the count requested.
-
 	Note: The PIN can't use sequential numbers, characters or repeated patterns.
 
+1. Rename output to use key fingerprint:
+
+    ```
+    $ fingerprint="$(sq keyring cert.asc | awk '{ print $2 }')"
+    $ mv public.asc "${fingerprint}.pub.asc"
+    $ mv encrypted.asc "${fingerprint}.enc.asc"
+    ```
+
+1. Optional: Create duplicate smartcards.
+
+    You can insert new smartcards and perform the following steps as needed:
+    
+    ```
+    $ gpg --import *.pub.asc
+    $ gpg --decrypt $fingerprint.enc.asc | KEYFORK_PROMPT_TYPE=headless keyfork recover mnemonic --daemon
+    $ keyfork provision openpgp-card --identifier "$(oct list -i | head -1)" --account-id 0
+    ```
+
 // ANCHOR_END: steps-keyfork
 
 ## Generating Keys on Smartcard