docs/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md

Namespace Entropy Ceremony

This is a ceremony for generating and sharding entropy to a set of existing Quorum Keys.

Requirements

{{ #include ../../operator-requirements.md:requirements }}

• SD Card Pack

• Ceremony SD Card

• High Visibility Storage: plastic container or bag that's used to keep items while not in use in a visible location like the middle of a desk.

Procedure

{{ #include template-ceremony-setup.md:content }}

1. Plug the Ceremony SD card into the machine

2. Run the command to generate new entropy and shard it to quorum of public certificates of the input shardfile:

   • Replace the values: <path_to_input_shard>, <pgp_cert_id>

   • keyfork wizard generate-shard-secret --shard-to shardfile.asc --output shardfile.new.asc --cert-output keyring.new.asc

   • TODO - NOT IMPLEMENTED: --derive-openpgp-cert encryption_cert.new.asc,userid=<user_id>

3. Unseal an SD card pack

{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}

1. Place all unsealed SD cards into High Visibility Storage

2. Plug in the Ceremony SD card

   1. Back up the shardfile.asc

      • cp shardfile.asc /media/vaults/<namespace>/

   2. Back up the keyring.asc

      • cp keyring.asc /media/vaults/<namespace>/

   3. TODO - NOT IMPLEMENTED:

      • Back up the root OpenPGP certificate

      • cp encryption_cert.asc /media/vaults/<namespace>/

   4. Copy the contents of Ceremony SD card to machine

      • cp -r /media/vaults /root/

3. To create additional backups of the updated vaults repository, plug in SD cards one at a time and use following steps to back up ceremony artifacts

   1. Plug in fresh SD card

   2. cp -r /root/vaults /media/

   3. Unplug the SD card

   4. Label the SD card "Ceremony [date]"

   5. Place the SD caard in High Visibility Storage

4. Power down the air-gapped machine

5. Transfer the ceremony artifacts to an online machine using one of the SD cards and commit the changes made to the vaults repository that's on the Ceremony SD card

{{ #include ../../../../component-documents/git-basics.md:content }}

1. Gather all the original items that were in the air-gapped bundle:

   • Air-gapped computer

   • AirgapOS SD card

{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}}