2.1 KiB
Namespace Entropy Ceremony
This is a ceremony for generating and sharding entropy to a set of existing Quorum Keys.
Requirements
{{ #include ../../operator-requirements.md:requirements }}
-
High Visibility Storage: plastic container or bag that's used to keep items while not in use in a visible location like the middle of a desk.
Procedure
{{ #include template-ceremony-setup.md:content }}
-
Plug the Ceremony SD card into the machine
-
Run the command to generate new entropy and shard it to quorum of public certificates of the input shardfile:
-
Replace the values: <path_to_input_shard>, <pgp_user_id>
-
`keyfork mnemonic generate --shard-to <path_to_input_shard>,output=shardfile.asc --derive='openpgp --public "<pgp_user_id>" --output certificate.asc'
-
-
Unseal an SD card pack
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}
-
Place all unsealed SD cards into High Visibility Storage
-
Plug in the Ceremony SD card
-
Back up the files
$ cp shardfile.asc /media/vaults/<namespace>/ $ cp certificate.asc /media/vaults/<namespace>/ $ cp -r /media/vaults /root/ -
To create additional backups of the updated
vaultsrepository, plug in SD cards one at a time and use following steps to back up ceremony artifacts-
Plug in fresh SD card
-
cp -r /root/vaults /media/ -
Unplug the SD card
-
Label the SD card "Ceremony [date]"
-
Place the SD caard in High Visibility Storage
-
-
Power down the air-gapped machine
-
Transfer the ceremony artifacts to an online machine using one of the SD cards and commit the changes made to the
vaultsrepository that's on the Ceremony SD card
{{ #include ../../../../component-documents/git-basics.md:content }}
-
Gather all the original items that were in the air-gapped bundle:
-
Air-gapped computer
-
AirgapOS SD card
-
{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}}