Compare commits
4 Commits
feat/use-m
...
main
| Author | SHA1 | Date |
|---|---|---|
 Anton Livaja
|
1472b7c608
|
|
|
Anton Livaja
|
9ad10d3817
|
|
|
Anton Livaja
|
1b7ef27167
|
|
|
Anton Livaja
|
7c64592348
|
|
|
@ -1,6 +1,6 @@
|
|||
/* ANCHOR: all */
|
||||
// ANCHOR: content
|
||||
Look for your SD card device name (`<device_name>`) in the output of the `lsblk` command. It will typically be listed as `/dev/sdX`, where X is a letter (e.g., `/dev/sdb`, `/dev/sdc`). You can identify it by its size or by checking if it has a partition (like `/dev/sdX1`)
|
||||
Look for your SD card device name (`<device_name>`) in the output of the `lsblk` command. It will typically be listed as `/dev/sdX` or `/dev/mmcblk<num>`, where X is a letter (e.g., `/dev/sdb`, `/dev/sdc`). You can identify it by its size or by checking if it has a partition (like `/dev/sdX1`)
|
||||
* You may mount the device using: `sudo mount /dev/<your_device> media/`
|
||||
// ANCHOR_END: content
|
||||
/* ANCHOR_END: all */
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
/* ANCHOR: all */
|
||||
// ANCHOR: content
|
||||
1. Connect SD card to online machine
|
||||
|
||||
1. {{ #include finding-device-name.md:content }}
|
||||
|
||||
1. Copy files into designated location in a repository:
|
||||
|
||||
* e.g `cp /dev/<your_device> ~/<repository_name>/<path_to_location>`
|
||||
|
||||
1. Add all files to git stage:
|
||||
|
||||
* `git add .`
|
||||
|
||||
1. Review what files are staged:
|
||||
|
||||
* `git status`
|
||||
|
||||
1. Create a signed commit:
|
||||
|
||||
* `git commit -m -S "<message>"`
|
||||
|
||||
1. Push the changes to the branch you are on:
|
||||
|
||||
* `git push origin HEAD`
|
||||
// ANCHOR_END: content
|
||||
/* ANCHOR_END: all */
|
||||
|
|
@ -10,21 +10,7 @@
|
|||
|
||||
## Procedure
|
||||
|
||||
1. Enter the designated location with required personnel and equipment
|
||||
|
||||
1. Lock access to the location - there should be no inflow or outflow of people during the ceremony
|
||||
|
||||
1. Retrieve Air-Gapped Bundle and polaroid tamper evidence from locked storage
|
||||
|
||||
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}
|
||||
|
||||
1. Place all materials except for the laptop into High Visibility Storage
|
||||
|
||||
1. Retrieve AirgapOS SD card from High Visibility Storage and plug it into air-gapped laptop
|
||||
|
||||
1. Turn on the machine
|
||||
|
||||
1. Once booted, remove the AirgapOS SD card and place it into High Visibility Storage
|
||||
{{ #include template-ceremony-setup.md:content }}
|
||||
|
||||
1. Retrieve Ceremony SD Card from High Visibility Storage and plug it into the machine
|
||||
|
||||
|
|
@ -34,11 +20,11 @@
|
|||
|
||||
* Copy the contents of the card to machine:
|
||||
|
||||
* `cp -r /media/<device_name>/* ~`
|
||||
* `cp -r /media/<device_name>/vaults /root/`
|
||||
|
||||
1. Start `keyfork` using the relevant Shardfile:
|
||||
|
||||
* `keyfork recover shard --daemon /media/<device_name>/path/to/shardfile.asc`
|
||||
* `keyfork recover shard --daemon /root/vaults/<namespace>/shardfile.asc`
|
||||
|
||||
* Follow on screen prompts
|
||||
|
||||
|
|
@ -50,4 +36,14 @@
|
|||
|
||||
* `sq decrypt --recipient-file secret_key.asc < encrypted.asc --output decrypted`
|
||||
|
||||
1. Proceed to transfer the secret (`decrypted`) to desired location such as hardware wallet, power washed chromebook (via SD card) etc.
|
||||
1. Proceed to transfer the secret (`decrypted`) to desired location such as hardware wallet, power washed chromebook (via SD card) etc.
|
||||
|
||||
1. Shut down the air gapped machine
|
||||
|
||||
1. Gather all the original items that were in the air-gapped bundle:
|
||||
|
||||
* Air-gapped computer
|
||||
|
||||
* AirgapOS SD card
|
||||
|
||||
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}}
|
||||
|
|
@ -14,11 +14,11 @@ Procedure for importing an arbitrary secret (raw key, mnemonic, state secrets) i
|
|||
|
||||
* If not on a computer, but a hardware wallet or otherwise, perform the steps on a air-gapped machine
|
||||
|
||||
1. Load the OpenPGP certificate:
|
||||
|
||||
1. Encrypt the secret to certificate:
|
||||
|
||||
* `sq encrypt --for-file <certificate> <file_to_encrypt> --output encrypted.asc` TODO: sq needs to be added to airgapOS
|
||||
|
||||
1. Once encrypted, name the file appropriately and add it to an `artifacts/` directory in the appropriate namespace subdirectory in the `vaults` repository
|
||||
|
||||
{{ #include ../../../../component-documents/git-basics.md:content }}
|
||||
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@
|
|||
|
||||
* {{ #include ../../../../component-documents/finding-device-name.md:content }}
|
||||
|
||||
* `keyfork shard combine /media/<device_name>/shard.asc | keyfork-mnemonic-from-seed`
|
||||
* `keyfork shard combine /media/<device_name>/shard.asc | keyfork-mnemonic-from-seed > mnemonic.txt`
|
||||
|
||||
1. Follow on screen prompts
|
||||
|
||||
|
|
@ -48,6 +48,8 @@
|
|||
|
||||
1. Put the mnemonic on an SD card for transport or use `cat` command to output it in the terminal for entry into a hardware wallet or otherwise
|
||||
|
||||
* WARNING: if displaying on screen, ensure nothing else can see the mnemonic. It is recommended to cover the operator and the machine with a blanket to obstruct the view of the screen.
|
||||
|
||||
1. Shut down the air gapped machine
|
||||
|
||||
1. Gather all the original items that were in the air-gapped bundle:
|
||||
|
|
|
|||
|
|
@ -14,19 +14,7 @@ This is a ceremony for generating and sharding entropy to a set of existing Quor
|
|||
|
||||
## Procedure
|
||||
|
||||
1. Enter the designated location with the operators and all required equipment
|
||||
|
||||
1. Lock access to the location - there should be no inflow or outflow of people during the ceremony
|
||||
|
||||
1. Retrieve Air-Gapped Bundle and polaroid tamper evidence from locked storage
|
||||
|
||||
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}
|
||||
|
||||
1. Plug the AirgapOS SD card into the laptop
|
||||
|
||||
1. Turn on the machine
|
||||
|
||||
1. Once booted, remove the AirgapOS SD card and place it into High Visibility Storage
|
||||
{{ #include template-ceremony-setup.md:content }}
|
||||
|
||||
1. Plug the Ceremony SD card into the machine
|
||||
|
||||
|
|
@ -64,6 +52,8 @@ This is a ceremony for generating and sharding entropy to a set of existing Quor
|
|||
|
||||
1. Upload the newly generated artifacts into the `vaults` repository
|
||||
|
||||
{{ #include ../../../../component-documents/git-basics.md:content }}
|
||||
|
||||
1. Gather all the original items that were in the air-gapped bundle:
|
||||
|
||||
* Air-gapped computer
|
||||
|
|
|
|||
|
|
@ -14,21 +14,7 @@ This is a ceremony for generating entropy which is used to derive Quorum PGP key
|
|||
|
||||
## Procedure
|
||||
|
||||
1. Enter the designated location with required personnel and equipment
|
||||
|
||||
1. Lock access to the location - there should be no inflow or outflow of people during the ceremony
|
||||
|
||||
1. Retrieve Air-Gapped Bundle and polaroid tamper evidence from locked storage
|
||||
|
||||
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}
|
||||
|
||||
1. Place all materials except for the laptop into High Visibility Storage
|
||||
|
||||
1. Retrieve AirgapOS SD card from High Visibility Storage and plug it into air-gapped laptop
|
||||
|
||||
1. Turn on the machine
|
||||
|
||||
1. Once booted, remove the AirgapOS SD card and place it into High Visibility Storage
|
||||
{{ #include template-ceremony-setup.md:content }}
|
||||
|
||||
1. Run the relevant keyfork wizard to perform the ceremony:
|
||||
|
||||
|
|
@ -67,6 +53,8 @@ This is a ceremony for generating entropy which is used to derive Quorum PGP key
|
|||
|
||||
1. Transfer the ceremony artifacts to an online machine using one of the SD cards and upload the newly generated artifacts into the `vaults` repository in the appropriate `<namespace>` sub directory using an online machine
|
||||
|
||||
{{ #include ../../../../component-documents/git-basics.md:content }}
|
||||
|
||||
1. Gather all the original items that were in the air-gapped bundle:
|
||||
|
||||
* Air-gapped computer
|
||||
|
|
|
|||
|
|
@ -0,0 +1,19 @@
|
|||
/* ANCHOR: all */
|
||||
// ANCHOR: content
|
||||
1. Enter the designated location with required personnel and equipment
|
||||
|
||||
1. Lock access to the location - there should be no inflow or outflow of people during the ceremony
|
||||
|
||||
1. Retrieve Air-Gapped Bundle and polaroid tamper evidence from locked storage
|
||||
|
||||
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}
|
||||
|
||||
1. Place all materials except for the laptop into High Visibility Storage
|
||||
|
||||
1. Retrieve AirgapOS SD card from High Visibility Storage and plug it into air-gapped laptop
|
||||
|
||||
1. Turn on the machine
|
||||
|
||||
1. Once booted, remove the AirgapOS SD card and place it into High Visibility Storage
|
||||
// ANCHOR_END: content
|
||||
/* ANCHOR_END: all */
|
||||
Loading…
Reference in New Issue