# Decrypt Namespace Secret

## Requirements

{{ #include ../../operator-requirements.md:requirements }}

* [Ceremony SD Card](../operator/ceremony-sd-card-provisioning.md) 

* [High Visibility Storage](TODO): plastic container or bag that's used to keep items while not in use in a visible location like the middle of a desk.

## Procedure

1. Enter the designated location with required personnel and equipment

1. Lock access to the location - there should be no inflow or outflow of people during the ceremony

1. Retrieve Air-Gapped Bundle and polaroid tamper evidence from locked storage

{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}

1. Place all materials except for the laptop into High Visibility Storage

1. Retrieve AirgapOS SD card from High Visibility Storage and plug it into air-gapped laptop 

1. Turn on the machine

1. Once booted, remove the AirgapOS SD card and place it into High Visibility Storage

1. Retrieve Ceremony SD Card from High Visibility Storage and plug it into the machine

1. Copy the Ceremony SD Card contents to machine

    * {{ #include ../../../../component-documents/finding-device-name.md:content }}

    * Copy the contents of the card to machine:

        * `cp -r /media/<device_name>/* ~`

1. Start `keyfork` using the relevant Shardfile:

	* `keyfork recover shard --daemon /media/<device_name>/path/to/shardfile.asc`

    * Follow on screen prompts

1. Derive the OpenPGP root certificate:

    * `keyfork derive openpgp > secret_key.asc`

1. Decrypt the secret material:

    * `sq decrypt --recipient-file secret_key.asc < encrypted.asc --output decrypted`

1. Proceed to transfer the secret (`decrypted`) to desired location such as hardware wallet, power washed chromebook (via SD card) etc.