# Approver - Approve Transaction

The approver is responsible for verifying a transaction proposed by a [proposer](../../../../system-roles.md).

## Requirements

* [Quorum PGP Key](../operator/quorum-entropy-ceremony.md)

* [Online Machine](TODO)

* [SD Card Pack](../provisioner/provision-sd-card.md)

* [Air-Gapped Bundle](../provisioner/air-gapped-bundle.md)

	* The approver should print photographic evidence from digital cameras which is stored in a PGP signed repository. The photographs should be of the top and underside of the vacuum sealed object.

	* The approver should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys found in the "ceremonies" repo

* Ensure that the computer is configured to sign commits with the desired key. Refer to the [Appendix: Git Commit Signing Configuration](#git-commit-signing-configuration)

* Clone the [Ceremonies Repository](../provisioner/provision-ceremonies-repository.md) for your organization to the machine

## Procedure

1. Turn on online machine 

1. Pull the latest changes from the `ceremonies` repository

1. Unseal the SD Card Pack

{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}

1. Plug a fresh SD card into the online machine

1. Save the ceremonies repo to the SD card, referred to as the Ceremony SD card

1. Unplug the Ceremony SD card

1. Unseal the tamper proofed bundle

{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}

1. Insert the AirgapOS SD card into the airgapped machine and turn it on

1. Once booted, unplug the AirgapOS SD card 

1. Plug in the Ceremony SD card

1. Copy the git repo locally from the Ceremony SD card

	* `cp -r /media/external/ceremonies /root/ceremonies; cd /root/ceremonies`

1. Verify the detached signature for the payload

	* `gpg --verify <filename> <filename>.1.sig`

	* The filename will be of format: `keys/ceremonies/<date>/payloads/payload_<number>.json`

1. Verify the key is authenticated:

	* `sq-wot --gpg list "<their@email.co>"`

	* Ensure the output of the command includes "fully authenticated"

1. Sign the transaction payload:

    * `gpg --detach-sign <filename> > <filename>.2.sig`

1. Create a signed git commit:

	* `git commit -S -m "add <name> pgp key"`

1. Copy the updated ceremonies repo to the SD card

	* `cp -r . /media/external/ceremonies`

1. Unplug the SD card from the air-gapped machine

1. Plug in the SD card into the online machine

1. Push the latest commit to the repository

1. Tamper proof the AirgapOS and Air-gapped laptop

{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}}

## Appendix

### Git Commit Signing Configuration

{{ #include ../../../../component-documents/git-commit-signing.md:steps }}