From d6b52a8f0a5fa3ca313855e7a485090f24245d48 Mon Sep 17 00:00:00 2001 From: ryan Date: Sun, 4 Feb 2024 23:06:30 -0500 Subject: [PATCH] docs/shard: fixup documentation for new QR code scanning system --- docs/src/shard.md | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/docs/src/shard.md b/docs/src/shard.md index 547738c..3b9cd5f 100644 --- a/docs/src/shard.md +++ b/docs/src/shard.md @@ -35,24 +35,31 @@ to be entered. Once the shard is decrypted, the Keyfork server will start. ## Starting Keyfork using remote systems A line of communication should be established with the shardholders, but can be -public and/or insecure. On the system intended to run the Keyfork server, the +public and/or recorded. On the system intended to run the Keyfork server, the following command can be run: ```sh keyfork recover remote-shard ``` -This command will continuously prompt 33 words followed by a QR code containing -the words, and read in 72 words until all necessary shards are recovered. +The command will continuously prompt a QR code, followed by 33 words, to be +sent to the remote operator. The operator must then perform their operations +and send back their own QR code, optionally followed by 72 words. The QR code +must be scanned by Keyfork, else the 72 words will be required. -Shardholders should run the following command to transport their shards: +### Shard Transport + +Upon receiving the QR code and/or the 33 words, Shardholders should run the +following command to transport their shards: ```sh keyfork shard transport < shards.pgp ``` -This command will read in 33 words, prompt for a smartcard PIN, and prompt 72 -words, followed by a QR code containing the words. +The QR code must be scanned by Keyfork, else the 33 words will be required. +Once entered, Keyfork will prompt with a new QR code and 72 words. A picture of +the QR code and (if requested by the lead operator) 72 words should be sent +back. ## Example: Deriving an OpenPGP key for Encryption