docs/quorum-key-management/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md

Namespace Entropy Ceremony

This is a ceremony for generating and sharding entropy to a set of existing Quorum Keys.

Requirements

• Quorum PGP key pairs

{{ #include ../../operator-requirements.md:requirements }}

• Minimum of 2 fresh SD cards

• Ceremony SD Card

• Namespace Ceremony SD Card

• High Visibility Storage: plastic container or bag that's used to keep items while not in use in a visible location like the middle of a desk.

Procedure

1. Enter the designated location with the 2 operators and all required equipment

2. Lock access to the location - there should be no inflow or outflow of people during the ceremony

3. Retrieve Air-Gapped Bundle from locked storage

Unsealing Tamper Proofing

{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}

1. Place all materials except for the laptop into High Visibility Storage

Generating Entropy

1. Retrieve AirgapOS SD card from High Visibility Storage and plug it into air-gapped laptop

2. Turn on the machine

3. Once booted, remove the AirgapOS SD card and place it into High Visibility Storage

4. Plug in the Ceremony SD card

5. Run ceremony.sh from the SD card

6. Button mash to ensure adequate entropy on the OS

7. Back up the shardfile to any desired number of SD cards, and label each "Shardfile [date]"

8. Optionally write an autorun.sh file to the Shardfile SD card containing the following command:

   • keyfork recover shard --daemon

9. If an OpenPGP certificate was derived, store the public key on a SD card, separate from the shardfiles

Finalizing Ceremony

1. Gather all the original items that were in the air-gapped bundle:

   • Air-gapped computer

   • AirgapOS SD card

   • Shardfile SD card

   • Ceremony SD card

{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}}