docs/quorum-vault-system/src/generated-documents/level-2/fixed-location/operator/namespace-entropy-ceremony.md

Namespace Entropy Ceremony

This is a ceremony for generating and sharding entropy to a set of existing Quorum Keys.

Requirements

{{ #include ../../operator-requirements.md:requirements }}

• SD Card Pack

• Ceremony SD Card

• High Visibility Storage: plastic container or bag that's used to keep items while not in use in a visible location like the middle of a desk.

Procedure

1. Enter the designated location with the operators and all required equipment

2. Lock access to the location - there should be no inflow or outflow of people during the ceremony

3. Retrieve Air-Gapped Bundle and polaroid tamper evidence from locked storage

{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}

1. Plug the AirgapOS SD card into the laptop

2. Turn on the machine

3. Once booted, remove the AirgapOS SD card and place it into High Visibility Storage

4. Plug the Ceremony SD card into the machine

5. Run the command to generate new entropy and shard it to quorum of public certificates of the input shardfile:

   • Replace the values: <path_to_input_shard>, <pgp_cert_id>

   • keyfork wizard generate-shard-secret --shard-to shardfile.asc --output shardfile.new.asc --cert-output keyring.new.asc --derive-openpgp-cert encryption_cert.new.asc,userid=<user_id> TODO: NOT IMPLEMENTED

6. Unseal an SD card pack

{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-unsealing}}

1. Place all unsealed SD cards into High Visibility Storage

2. Back up the newly generated artifacts to any desired number of SD cards, and label each "Shardfile [unique_name] [date]"

   1. lsblk to find media name

   2. Back up the output shardfile:

      • cp shardfile.new.asc /media/<media_name>/

   3. Back up the new keyring file:

      • cp keyring.new.asc /media/<media_name>/

   4. Back up the root PGP certificate:

      • cp root_pgp_cert.asc /media/<media_name>/

   5. Each backup should be placed into High Visibility Storage after it's made

   6. Unplug the SD card and place it in High Visibility Storage

   7. Label the SD card "Shardfile [date] [namespace]"

3. Upload the newly generated artifacts into the ceremonies repository

4. Gather all the original items that were in the air-gapped bundle:

   • Air-gapped computer

   • AirgapOS SD card

{{ #include ../../../../component-documents/tamper-evidence-methods.md:vsbwf-procedure-sealing}}