public
/
docs
5
0
Fork 0
Code Issues 9 Pull Requests 3 Packages Projects Releases Wiki Activity
docs/quorum-vault-system/src/generated-documents/level-2/fixed-location/approver/approve-transaction.md

2.8 KiB
Raw Blame History

Approver - Approve Transaction

The approver is responsible for verifying a transaction proposed by a proposer.

Requirements

  • Quorum PGP Key

  • Online Machine

  • SD Card Pack

  • Air-Gapped Bundle

    • The approver should print photographic evidence from digital cameras which is stored in a PGP signed repository. The photographs should be of the top and underside of the vacuum sealed object.

    • The approver should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys found in the vaults repo

  • Clone the Vaults Repository for your organization to the machine

Procedure

  1. Turn on online machine

  2. Pull the latest changes from the vaults repository

  3. Unseal the SD Card Pack

{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}

  1. Plug a fresh SD card into the online machine

  2. Save the vaults repository to the SD card, referred to as the Ceremony SD card

  3. Unplug the Ceremony SD card

  4. Unseal the tamper proofed bundle

{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}

  1. Insert the AirgapOS SD card into the airgapped machine and turn it on

  2. Once booted, unplug the AirgapOS SD card

  3. Plug in the Ceremony SD card

  4. {{ #include ../../../../component-documents/finding-device-name.md:content }}

  5. Copy the git repo locally from the Ceremony SD card

    • cp -r /media/vaults /root/vaults

  6. Change directory to vaults

    • cd /root/vaults

  7. Plug in the Operator smart card

  8. Verify the existing signatures and add your own signature:

    • icepick workflow --add-signature-to-quorum <namespace>/ceremonies/<date>/payload_<num>.json --shardfile <shardfile>.asc

  9. {{ #include ../../../../component-documents/finding-device-name.md:content }}

  10. Copy the updated vaults repo to the SD card

    • cp -r /root/vaults /media

  11. Unplug the SD card from the air-gapped machine

  12. Plug in the SD card into the online machine

  13. {{ #include ../../../../component-documents/finding-device-name.md:content }}

  14. Copy the updated repository locally:

    • cp -r /media/vaults ~/

  15. Change into locally copied directory

    • cd ~/vaults

  16. Stage the modified file:

    • git add <namespace>/ceremonies/<date>/payloads/*

  17. Create a signed git commit:

    • git commit -S -m "add payload signature for payload_<num>.json"

  18. Push the latest commit to the repository

    • git push origin main

  19. Tamper proof the AirgapOS and Air-gapped laptop

{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}}