From d4f0c39174eeb2354271990ef0e23395b9fdc9e7 Mon Sep 17 00:00:00 2001 From: Anton Livaja Date: Mon, 19 Aug 2024 10:40:31 -0400 Subject: [PATCH] add location key artifacts --- .../582CC40F8A9BB54E/2024-08-06/ceremony.yml | 67 ++++++++++++++++++ .../2024-08-06/images/inside_of_laptop_1.jpeg | 3 + .../2024-08-06/images/inside_of_laptop_2.jpeg | 3 + .../2024-08-06/images/inside_of_laptop_3.jpeg | 3 + .../2024-08-06/images/screw-1.jpeg | 3 + .../2024-08-06/images/screw-2.jpeg | 3 + .../2024-08-06/images/screw-3.jpeg | 3 + .../2024-08-06/images/screw-4.jpeg | 3 + .../2024-08-06/images/screw-5.jpeg | 3 + .../2024-08-06/images/screw-6.jpeg | 3 + .../2024-08-06/images/screw-7.jpeg | 3 + .../2024-08-06/images/sealed-package-1.jpeg | 3 + .../2024-08-06/images/sealed-package-2.jpeg | 3 + .../shard-keys/582CC40F8A9BB54E/shard.pub.asc | 68 +++++++++++++++++++ 14 files changed, 171 insertions(+) create mode 100644 cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/ceremony.yml create mode 100644 cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/inside_of_laptop_1.jpeg create mode 100644 cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/inside_of_laptop_2.jpeg create mode 100644 cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/inside_of_laptop_3.jpeg create mode 100644 cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/screw-1.jpeg create mode 100644 cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/screw-2.jpeg create mode 100644 cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/screw-3.jpeg create mode 100644 cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/screw-4.jpeg create mode 100644 cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/screw-5.jpeg create mode 100644 cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/screw-6.jpeg create mode 100644 cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/screw-7.jpeg create mode 100644 cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/sealed-package-1.jpeg create mode 100644 cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/sealed-package-2.jpeg create mode 100755 cold/v1/shard-keys/582CC40F8A9BB54E/shard.pub.asc diff --git a/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/ceremony.yml b/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/ceremony.yml new file mode 100644 index 0000000..9c26cbc --- /dev/null +++ b/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/ceremony.yml @@ -0,0 +1,67 @@ +usage: Location Key +officiant: Anton Livaja +location: Private Home (Address Redacted) +witnesses: N/A +hardware: +- Dell XPS 13 9630 +firmware: BIOS 2.13.0 +laptop_modifications: +- Removed WLAN Card +- Removed speakers +- Removed microphone +- Removed all drives +boot_media: Kingston Type 2 SD Card 1GB +backup_media: TeamGroup High Endurance Micro SDXC 128GB +smart_cards: Yubikey 5 NFC +software: +- name: Airgap OS + repo: https://git.distrust.co/public/airgap + ref: 485fc58bfb1b4dc75a81138d93948385cc5bf600 +playbooks: +- name: location-key-provisioning.md + repo: https://git.distrust.co/public/docs + ref: 5438f99c9c8a174334cd45623a9b09143ead79c3 +inputs: +- name: operator.pub.asc + identifier: F4BF5C81EC78A5DD341C91EEDC4B7D1F52E0BA4D +outputs: +- name: location.pub.asc + identifier: BBDEC472E16A7D11830B07F7582CC40F8A9BB54E +log: +- 2024-08-05:1723: >- + Selected a room in residence which has no electronics in it and closed window + and window blinds. +- 2024-08-05:1727: >- + Booted the laptop with AirgapOS of an SD card using the built in card reader. +- 2024-08-05:1730: >- + Plugged in SanDisk Ultra 32GB with operator PGP pub key and imported it into + the local GPG keychain using a USB card reader. Then the SD card was + disconnected from the computer. +- 2024-08-05:1752: >- + Followed the ceremony guide to generate artifacts. +- 2024-08-05:1813: >- + Plugged in one of the backup SD cards using the USB reader and copied over + public artifacts, repeated with second SD card. +- 2024-08-05:1832: >- + Plugged in a new smart card and seeded it with the Location Key PGP private + key and repeated with the second smart card. +- 2024-08-05:1840: >- + Deleted all plaintext data from the laptop. +- 2024-08-05:1848: >- + Placed the Location Key PGP pub cert onto the SanDisk Ultra 32GB which was + used to bring the Operator Key cert to the air-gapped machine, so that it can + be brought to the ceremony. +- 2024-08-05:1855: >- + Deleted the remaining data and shut down the computer. +- 2024-08-05:1949: >- + Created two packages, each consisting of a YubiKey that was seeded, and backup + SD card, inside of a static proof bag, then both inside of a faraday bag. +- 2024-08-06:1622: >- + Put the laptop and backup SD cards and smart cards into a plastic roll, filled + it with confetti and vacuum sealed it. +general_notes: +- Nobody entered the part of the house where the ceremony was conducted for + the duration of the ceremony, up to the point where all data was securely + stored and destroyed where applicable. +- While away from the private residence to procure seal bag, the laptop was + stored inside of a locked room. diff --git a/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/inside_of_laptop_1.jpeg b/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/inside_of_laptop_1.jpeg new file mode 100644 index 0000000..a9379a0 --- /dev/null +++ b/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/inside_of_laptop_1.jpeg @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:50ad33d0fcecd75f74363dff560965716c311c089133bd72f6f71129f0796773 +size 5935712 diff --git a/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/inside_of_laptop_2.jpeg b/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/inside_of_laptop_2.jpeg new file mode 100644 index 0000000..7f618f3 --- /dev/null +++ b/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/inside_of_laptop_2.jpeg @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c76728eb47187aa892a85c1b1d4d89096380bbcb9ff413e185ac0911a74dd342 +size 5662408 diff --git a/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/inside_of_laptop_3.jpeg b/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/inside_of_laptop_3.jpeg new file mode 100644 index 0000000..91967a8 --- /dev/null +++ b/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/inside_of_laptop_3.jpeg @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:460bf71473e2996162aa04195cd3a9315cef3485764c33d5ab9ddbcb49091548 +size 5354177 diff --git a/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/screw-1.jpeg b/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/screw-1.jpeg new file mode 100644 index 0000000..bb1d512 --- /dev/null +++ b/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/screw-1.jpeg @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:bf40c761c1ac3e7379ea8bcf14abb883bc915cafc6d7ffc1f83bfc73e3c55857 +size 11743190 diff --git a/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/screw-2.jpeg b/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/screw-2.jpeg new file mode 100644 index 0000000..2a9a961 --- /dev/null +++ b/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/screw-2.jpeg @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e351266387089c8bef3909d4d96ff2335c6701bd0dd3db75ab259bade28d8381 +size 481803 diff --git a/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/screw-3.jpeg b/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/screw-3.jpeg new file mode 100644 index 0000000..809273a --- /dev/null +++ b/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/screw-3.jpeg @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d08e64c9f2601d7b86f86f0e149d19c7dd371dbfe1452da7ea5d77327c60397a +size 576588 diff --git a/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/screw-4.jpeg b/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/screw-4.jpeg new file mode 100644 index 0000000..85e88a1 --- /dev/null +++ b/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/screw-4.jpeg @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:10b81d89e41b2f2f333aa8996a89690c80acd887d46dcda777271ebf5d159980 +size 419786 diff --git a/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/screw-5.jpeg b/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/screw-5.jpeg new file mode 100644 index 0000000..8698a72 --- /dev/null +++ b/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/screw-5.jpeg @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1601d25914fa9632a71d74e38c4f1a74891bd399318489c64640ced5219753cb +size 549893 diff --git a/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/screw-6.jpeg b/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/screw-6.jpeg new file mode 100644 index 0000000..2f02c7f --- /dev/null +++ b/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/screw-6.jpeg @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:eb354c9761b1846ce2d024630b9ef3eb47b4b99dcd611ac8addb43bf9a90d522 +size 691308 diff --git a/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/screw-7.jpeg b/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/screw-7.jpeg new file mode 100644 index 0000000..5e3cc2f --- /dev/null +++ b/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/screw-7.jpeg @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:50c62d9c8bad70063469d04fae8c32c611e89c52b60bb99b7e7504feeba55499 +size 666094 diff --git a/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/sealed-package-1.jpeg b/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/sealed-package-1.jpeg new file mode 100644 index 0000000..0207a0b --- /dev/null +++ b/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/sealed-package-1.jpeg @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a8b12508a48785e37059c63c9b35ed0a5dc6d6c528230f68ecc7ec05a3932efc +size 6390994 diff --git a/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/sealed-package-2.jpeg b/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/sealed-package-2.jpeg new file mode 100644 index 0000000..cffc88d --- /dev/null +++ b/cold/v1/shard-keys/582CC40F8A9BB54E/2024-08-06/images/sealed-package-2.jpeg @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6491f3ad3887db5012b416e273260d1b986155252347172b8fc5a527aba9b47a +size 6191366 diff --git a/cold/v1/shard-keys/582CC40F8A9BB54E/shard.pub.asc b/cold/v1/shard-keys/582CC40F8A9BB54E/shard.pub.asc new file mode 100755 index 0000000..fdeac6c --- /dev/null +++ b/cold/v1/shard-keys/582CC40F8A9BB54E/shard.pub.asc @@ -0,0 +1,68 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mDMEAAAAARYJKwYBBAHaRw8BAQdAOL8x7eo5eQXPRZalUPk8gCYamSLR29+Ha6P0 ++6nfc5yIxgQfFgoAeAWCZrClCAWJZrH2hwkQWCzED4qbtU5HFAAAAAAAHgAgc2Fs +dEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnjY2/MXd7Om1EETNqTKqP+AXKICMR +ZkKF8VkghRDiFiECmwEWIQS73sRy4Wp9EYMLB/dYLMQPipu1TgAAh14BAN1UVeFr +inaJJnGvqZe7G/EQAKmvv3hdWQS3Flmj1FbYAQDgySS6+Ftrphc1GrY8iT7I7oxf +XV94kCfEJvEydjryD4jGBB8WCgB4BYJd0dt8BYld0yz7CRBYLMQPipu1TkcUAAAA +AAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmcJRia6UAifLHTymRFZ +f60e8tiDJp3fDXObz4bwzL6ZmgKbARYhBLvexHLhan0RgwsH91gsxA+Km7VOAADK +egD/dQw5dtjhJ6EMe/ezy0OEo2IL3SdRkR2IK6phPIsNRXIBAIGXKrUaH5KVpGU8 +XAUp7b0N3bThjmM69/+uzx7NKF8CtClMb2NhdGlvbiBLZXk6IERpc3RydXN0IERp +c2FzdGVyIFJlY292ZXJ5IIjGBBMWCgB4BYJd0dt8BYld0yz7CRBYLMQPipu1TkcU +AAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmf0tB9Gr7I5XwLN +8GhtAE1zoB42Zpe76P8JE0mu8ub14wKbARYhBLvexHLhan0RgwsH91gsxA+Km7VO +AACfOAD/feIxYT4+vQUvcLc+0MDENE/Ym/FEhnY0aA63xJjb62UA/0vjHUwQ6ukZ +L2V3/8YTM6n/vS6fc/f9dKsPjR80cKQEiMkEExYKAHsFgl3R23wFiV3TLPsJEFgs +xA+Km7VORxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNlcXVvaWEtcGdwLm9yZx55 ++mrPBdsujPaPeDW1HBhR2SeU3ieG6xIA4apfUtPMApkBApsBFiEEu97EcuFqfRGD +Cwf3WCzED4qbtU4AAMNvAQDggmCzShe8pJd7GGVhe5xtnNujqYViyTpDsL2is4xO +oAD9GrRG7sTSY/D9BvMWWda1v03OfkYiZVDfCpYKYIKuDQOIyQQTFgoAewWCZrCl +CAWJZrH2hwkQWCzED4qbtU5HFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9p +YS1wZ3Aub3JnqIEo1ZS/NOExEVRWu1p/FfTXwYOjOhPytRstsbKFfBYCmQECmwEW +IQS73sRy4Wp9EYMLB/dYLMQPipu1TgAAv5QA/0i9igO6yu+nKRMBWalo0De4xIcq +4usHTKKU5dpGKcE1AQD+DAI6wiA+hcmZqoNw7eoRKyzcPYSszUndyE+juW2RBYjG +BBMWCgB4BYJmsKUIBYlmsfaHCRBYLMQPipu1TkcUAAAAAAAeACBzYWx0QG5vdGF0 +aW9ucy5zZXF1b2lhLXBncC5vcmcxBmxELKMCaZFGTtsxMPXDV/EXPHrsAoPKUK7E +D/JMZQKbARYhBLvexHLhan0RgwsH91gsxA+Km7VOAADPBwEAvWgH3Arqs7mkY4Br +8KT6qFsJsKt6VO/27YA7AU+zVHEBANcD2aCINmAOoVeJbhE4E8skeueJiDPu8MQp +gZiEvmcBuDMEAAAAARYJKwYBBAHaRw8BAQdAEo1b+Yc69r05685Y2cETrXyMQT3X +fRSrU10fn69zSaeIxgQYFgoAeAWCXdHbfAWJXdMs+wkQWCzED4qbtU5HFAAAAAAA +HgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3Jn/HWvwXiBkLbIHzHmkVta +c1mbiN9/QSZgO/i9oLDeFacCmyAWIQS73sRy4Wp9EYMLB/dYLMQPipu1TgAAo+AA +/ipzeMyCgAW5RsCDo762FEncyjBOylJiUBM/LfdHsxIrAQC9P6QFbH1AJ4HY61b1 +D14v3LahcBHk84stP/krmm8eAYjGBBgWCgB4BYJmsKUIBYlmsfaHCRBYLMQPipu1 +TkcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmcnJ1eDaK0J +Ttwe6TZiQcqA4SkLV1rUdy00tBhBWi8SZwKbIBYhBLvexHLhan0RgwsH91gsxA+K +m7VOAAAISQEAv8hmj0NinthB/kf3421gfgQh26qOwlOapzc7WPfNTWcBAIX+QmIz +lv9JWnQZar8epZ2aD+Vw7P8bEikjNc3CFAELuDMEAAAAARYJKwYBBAHaRw8BAQdA +4RVAY4IPMZtk7N/9fmn8WlDZA15hNgDlayNA4blYVMaJAYUEGBYKATcFgl3R23wF +iV3TLPsJEFgsxA+Km7VORxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNlcXVvaWEt +cGdwLm9yZxtF9LcaM7xrRpCrtIGjD6T+LRDErEJmeZa67+SctgZtApsCvqAEGRYK +AG8Fgl3R23wJEJ2hw+aj+IpORxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNlcXVv +aWEtcGdwLm9yZ0XzNC+HwN13G3uRuQXMPUkqjsaHsOGKnBFvG7CMrfs6FiEE/BDb +TMXs5J2FtdNcnaHD5qP4ik4AAKtQAQDI/bdcYA03opiX4MinAxamIoEo1QWtzLYP +TriCYxROPQEAjBpe1/8PAJ5J86/SFIQoA0P87viC64mYooPO3TdyWgcWIQS73sRy +4Wp9EYMLB/dYLMQPipu1TgAAZE0A/Av+TlszzOLUIL4lkMMvgan3xsDlDqlKJ4GA +VFSiWxaHAP4iP3INDFxCZ5FgSOS++f1A/bhtsDlhNhpuyY35KCpICIkBhQQYFgoB +NwWCZrClCAWJZrH2hwkQWCzED4qbtU5HFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMu +c2VxdW9pYS1wZ3Aub3Jn1imzRE26CeqVPqD/ImPueeQtt420MteMk1NfIg0KnJ4C +mwK+oAQZFgoAbwWCZrClCAkQnaHD5qP4ik5HFAAAAAAAHgAgc2FsdEBub3RhdGlv +bnMuc2VxdW9pYS1wZ3Aub3JnJgkob3QUx7qq5Oo2nrjg9zo5sw0sylpqwsp/7s9C +cdgWIQT8ENtMxezknYW101ydocPmo/iKTgAA0pUBAJlv2NqAUhcXXUbJlFmSrUnP +z3dXa5VQr6urzmhdrfH2AP9wRL/E6nVkdvEB9WwYxWEbc3M0v9dVYnxI9kMPc0zz +CxYhBLvexHLhan0RgwsH91gsxA+Km7VOAADcpgEAy9tPaHtx1o36Ra4mjbMcJQJU +RtDpt6o4GIOcoPAuSSIBAK0xa4tpahx4ZKDoaKztaLLloJsYwMt+7dwAAHqNu/8L +uDgEAAAAARIKKwYBBAGXVQEFAQEHQLpNSoOy0xxw+3uVHcejUeKnMonGpRyqLsOl +VWBO8nMOAwEIB4jGBBgWCgB4BYJd0dt8BYld0yz7CRBYLMQPipu1TkcUAAAAAAAe +ACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmdIukhi2zqqWtis+g+Rtx/n +vGgPjUqy/Ur7+t8cLKVKIwKbDBYhBLvexHLhan0RgwsH91gsxA+Km7VOAAAwCwD/ +Y5eG+fRSXu9EuOmObzIE6NB1V4JP0s4NA47oHwvjKpYA/28ym7AubkrO6C34Lxhl +Lb/7ow+eMqV8Dhtpf+y/E8cHiMYEGBYKAHgFgmawpQgFiWax9ocJEFgsxA+Km7VO +RxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNlcXVvaWEtcGdwLm9yZzlBKkolHCHT +cJIDvIdFgzYcufPqc8bmgbhwagfo2hCIApsMFiEEu97EcuFqfRGDCwf3WCzED4qb +tU4AAKjyAP9gMsrgbGRLRITmRE2Qn/pQOcbRdLjP8EM00EX70mFxkAEA/2WfmxJ/ +Oj/9572i7OzWR0rySWwDnChhZYKrzrNXmAs= +=ja4u +-----END PGP PUBLIC KEY BLOCK-----