QKM Ceremony Dry Run #1

Open
anton wants to merge 8 commits from feat/dry-run into master
7 changed files with 71 additions and 182 deletions
Showing only changes of commit a4bb75162e - Show all commits

View File

@ -0,0 +1,60 @@
usage: Location Key
officiant: Anton Livaja
location: Private Home (Address Redacted)
witnesses: N/A
hardware: Dell XPS 13 9630
firmware: BIOS 2.13.0
laptop_modifications:
- Removed WLAN Card
- Removed speakers
- Removed microphone
- Removed all drives
boot_media: Kingston Type 2 SD Card 1GB
backup_media: TeamGroup High Endurance Micro SDXC 128GB
smart_cards: Yubikey 5 NFC
software:
- name: Airgap OS
repo: https://git.distrust.co/public/airgap
ref: main
hash: 485fc58bfb1b4dc75a81138d93948385cc5bf600
playbooks:
- name: some/path/to/location_key_generation.md
repo: https://git.distrust.co/public/docs
ref: some-git-ref-here
notes: used once for each Location Key
- name: some/path/to/hybrid_quroum_key_generation.md
repo: https://git.distrust.co/public/docs
ref: some-git-ref-here
notes: used once to generate Root Entropy and Disaster Recovery Key
outputs:
- location.pub.asc
public_key_fingerprints:
- type: location
fingerprint: BBDEC472E16A7D11830B07F7582CC40F8A9BB54E
- type: operator
fingerprint: F4BF5C81EC78A5DD341C91EEDC4B7D1F52E0BA4D
log:
- 2024-08-05:1723: Selected a room in residence which has no electronics in it
and closed window and window blinds.
- 2024-08-05:1727: Booted the laptop with AirgapOS of an SD card using the
built in card reader.
- 2024-08-05:1730: Plugged in SanDisk Ultra 32GB with operator PGP pub key and
imported it into the local GPG keychain using a USB card reader.
- 2024-08-05:1752: Followed the ceremony guide to generate artifacts.
- 2024-08-05:1813: Plugged in one of the backup SD cards using the USB reader
and copied over public artifacts, repeated with second SD card.
- 2024-08-05:1832: Plugged in a new smart card and seeded it with the Location
Key PGP private key and repeated with the second smart card.
- 2024-08-05:1848: Placed the Location Key PGP pub cert onto the SanDisk Ultra
32GB which was used to bring the Operator Key cert to the airgapped machine,
so that it can be brought to the ceremony
- 2024-08-05:1902: Deleted all data from laptop and shut it down.
- 2024-08-05:1949: Created two packages, each consisting of a YubiKey that was
seeded, and backup SD card, inside of a static proof bag, then both inside of
a faraday bag.
- 2024-08-TODO:TODO: Put the laptop and backup SD cards and smart cards into
a plastic roll, filled it with confetti and vacuum sealed it.
general_notes:
- Nobody entered the part of the house where the ceremony was conducted for
the duration of the ceremony, up to the point where all data was securely
stored and destroyed where applicable

View File

@ -4,7 +4,7 @@ location: Private Home (Address Redacted)
witnesses: N/A witnesses: N/A
hardware: Dell XPS 13 9630 hardware: Dell XPS 13 9630
firmware: BIOS 2.13.0 firmware: BIOS 2.13.0
modifications: N/A laptop_modifications: N/A
boot_media: Kingston SDCIT2/8GBSP boot_media: Kingston SDCIT2/8GBSP
software: software:
- name: Airgap OS - name: Airgap OS
@ -21,14 +21,17 @@ playbooks:
ref: some-git-ref-here ref: some-git-ref-here
notes: used once to generate Root Entropy and Disaster Recovery Key notes: used once to generate Root Entropy and Disaster Recovery Key
outputs: outputs:
- cert: ./cert - cert: ./disaster-recovery-key.priv.asc
- shardfile: ./shardfile - shardfile: ./shardfile
Location (Test) Public Key Fingerprints: public_keys:
- 0609D5C2634DB5D75226AD9A7A8A6F24873977E4 - type: operator
- 5F827701822425E8BB0D2EAB43EC881D8C80DE41 fingerprint: 0609D5C2634DB5D75226AD9A7A8A6F24873977E4
- 6E18E082945BC43411C3B490E43B49017440605D - type: operator
Cold Quorum Key (Test) Fingerprint: fingerprint: 5F827701822425E8BB0D2EAB43EC881D8C80DE41
- 8BA0304345D05775C303E292D9BDBC00D3E85E87 - type: operator
fingerprint: 6E18E082945BC43411C3B490E43B49017440605D
- type: disaster recovery
fingerprint: 8BA0304345D05775C303E292D9BDBC00D3E85E87
log: log:
- 2024-08-04:0900: One man team generates all the Location Keys inside of a - 2024-08-04:0900: One man team generates all the Location Keys inside of a
Qube VM Qube VM

View File

@ -1,57 +0,0 @@
# Ceremony 2024-08
This is a log for a test ceremony where all the material was generated by one
individual, rather than by a quorum of individuals.
## Date
```
2024-08-04
```
## Individuals Present
```
Anton Livaja
```
## Location
Specify exact location, including details such as the floor, room etc.
```
12 Grimmauld Place, Islington, London
2nd floor, first room on the left when coming up the stairs
```
## Equipment
### Type of Laptop Used
```
Dell XPS 9630
```
### Type of SD Card Used
```
SD Card: Kingston SDCIT2/8GBSP
```
## Software
```
AirgapOS: https://git.distrust.co/public/airgap/src/commit/485fc58bfb1b4dc75a81138d93948385cc5bf600
```
## Chronological Timeline
* 2024-08-04:0900: One man team generates all the Location Keys inside of a
Qube VM
* 2024-08-04:0920: SD card with flashed airgap.iso is booted on the Dell XPS13
and public certs and `ceremony.sh` script are brought over on a usb stick; the
usb is mounted, ceremony.sh is run and pub keys are verified
* 2024-08-04:0922: Set the system time using `date -s "2024-08-04 23:10:00", as
the system time has to be after pgp cert creation and before expiration time of
certs
* 2024-08-04:0925: The disaster recovery pgp cert and shards are copied to the
usb drive and brought over to an online connected machine and committed to git
repo

View File

@ -1,39 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEAAAAARYJKwYBBAHaRw8BAQdA5S6Dghpl9IC8QL2yJCN5PTFlwBQBr5iCSdNN
q88nKCqIxgQfFgoAeAWCZrAE5QWJZrFWZAkQQ+yIHYyA3kFHFAAAAAAAHgAgc2Fs
dEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JntHZqrHod+WoOHKWV6QNQNyxHBShe
k+gFjKv4G1pLk68CmwEWIQRfgncBgiQl6LsNLqtD7IgdjIDeQQAAJgkA/A1BbLMS
te6m8Y24dvf1mNoqFzLANgCKH3PcUjrfVnhmAQDfOjm/R+uzOehOJ9EbeW9diTOP
v5eYHuTpcqqyR3YiBLQZQWxpY2UgPGFsaWNlQGRpc3RydXN0LmNvPojGBBMWCgB4
BYJmsATlBYlmsVZkCRBD7IgdjIDeQUcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5z
ZXF1b2lhLXBncC5vcmfWAK8i++/SvNT26MwBucfyuM3XG9S2QMExyTcdscKdhgKb
ARYhBF+CdwGCJCXouw0uq0PsiB2MgN5BAADh6QD6A1B+C4zHgeTIrw5pgf2O/YOs
7Kj2OuXFXAufWBXc8J0BAK1pX8F4iB6KtfOz3jEGCRBJMAi8hNLxemYmNueujCMM
iMkEExYKAHsFgmawBOUFiWaxVmQJEEPsiB2MgN5BRxQAAAAAAB4AIHNhbHRAbm90
YXRpb25zLnNlcXVvaWEtcGdwLm9yZ5G+PvlhNiUZJpZXw6v5DY5rKIUOoT3JFqI5
QkSKsWLSApkBApsBFiEEX4J3AYIkJei7DS6rQ+yIHYyA3kEAAD3lAQChseOofXyj
iO3Rtm4PFr71dthxDVehgb6+AiGlYZjoFgEAiQPdqu1Ob5wKhwVgeKjOqpJkDZNL
oTSK2w3TOOodHgu4MwQAAAABFgkrBgEEAdpHDwEBB0AzRnbvUibQq2I8yWzK/QUD
/Z/Zcfw4h3gSrBUYup01O4kBhQQYFgoBNwWCZrAE5QWJZrFWZAkQQ+yIHYyA3kFH
FAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnPb7ofnVGKw0A
ERsZdeh+cNzMNuCnOsGMKpzBBq83o28CmwK+oAQZFgoAbwWCZrAE5QkQ/RA3bjdE
hJFHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JndMm5mw52
/YBmWZWHFOm+D4Ei3xY0n0rcatKF4AGpMx4WIQTj+EIw93Kpjwu4fEP9EDduN0SE
kQAAFxwBAPCt65PyC6A3cUjUU1bAjUxh1IKna/5jpWNgu9BAlfoQAQCaKhdqFn6l
UOsaVN9AdiEoFAQFVTUNdFHhtv68n2U7BBYhBF+CdwGCJCXouw0uq0PsiB2MgN5B
AAC3bwEAyA1/hfcx2L8bz0gg8cxAi8EPwNprgHb0LLRwJCaXrKMBALj2VUtaBrLb
Of2m5cpaXHr39xMTQhhMfzQJZZTZVN8AuDMEAAAAARYJKwYBBAHaRw8BAQdAkqGA
wmw1uMrpSBCaSeJjadLTOBASpT7b+69gy1NRYfiIxgQYFgoAeAWCZrAE5QWJZrFW
ZAkQQ+yIHYyA3kFHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Au
b3JnlBpywhp1XH0ghAI1blsna0hJqhaATY3c1RC2rHAkrwMCmyAWIQRfgncBgiQl
6LsNLqtD7IgdjIDeQQAA6+4A/R+M2pV0taLhzn9+H35mqvpcybh2qZsKCl9RquaL
D6PqAP9f1N817CpV8aVZ0ngP5JQx6N+UGnR8/KqKKjNTl8f3ALg4BAAAAAESCisG
AQQBl1UBBQEBB0Clq1r5LDxLEMQ42aqG12vicntZG4kERnUPl13F6GmfAgMBCAeI
xgQYFgoAeAWCZrAE5QWJZrFWZAkQQ+yIHYyA3kFHFAAAAAAAHgAgc2FsdEBub3Rh
dGlvbnMuc2VxdW9pYS1wZ3Aub3Jn0DcQHPAxsj9u1yI+IK/vhmAOApducmzwyraZ
ocQz188CmwwWIQRfgncBgiQl6LsNLqtD7IgdjIDeQQAA7CABAKKafURY8LXsCWsI
FC9pzHfkeEAMxfJMIeKK7T3KlfksAQDQbaR/SkWT3V5NEGHZpPhBVTnPOhtM1woB
Q9DN+pREBA==
=H+u2
-----END PGP PUBLIC KEY BLOCK-----

View File

@ -1,39 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEAAAAARYJKwYBBAHaRw8BAQdA6FUFKm1FL5kaR0k/HxU2jAEDONO6Z3nJGZBb
ARo+PGGIxgQfFgoAeAWCZrACGQWJZrFTmAkQeopvJIc5d+RHFAAAAAAAHgAgc2Fs
dEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3Jn1h9nsEy8MKVkuz6onS7V0Ue6MDMN
XKb+4Ywc+scXFCYCmwEWIQQGCdXCY02111ImrZp6im8khzl35AAAOBsBAMm6Zcym
e9p7LGoWPy06H9of67C3giOQtwjEUhagg1xZAP9xIAeI0P8AJBqVI9aUYLNYoP25
kBBlECiXafAexa0oDrQXQm9iYnkgPGJvYkBkaXN0cnVzdC5jbz6IyQQTFgoAewWC
ZrACGQWJZrFTmAkQeopvJIc5d+RHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2Vx
dW9pYS1wZ3Aub3JnpcFmeCs6C6VOrW1DjwreXLt3jlz4UjOwD5Qglue2zBgCmQEC
mwEWIQQGCdXCY02111ImrZp6im8khzl35AAAoVcBAMAtRF9OFt+cJuH4KIkLg0MX
/Hse9s4OeEp0Bemt0wt3AP0XGqWilRsRnzKRdRIIbcCEK6FIQhSC/GVS1zkYg7rT
DYjGBBMWCgB4BYJmsAIZBYlmsVOYCRB6im8khzl35EcUAAAAAAAeACBzYWx0QG5v
dGF0aW9ucy5zZXF1b2lhLXBncC5vcmf72TZn55C8L+8G868sbBhFwvz1V6Cn/kYv
72PQ+LQ6bAKbARYhBAYJ1cJjTbXXUiatmnqKbySHOXfkAAA5IgEA0wyL4aOxwOBl
UFPxUMpE2ekBAz0+4HQZWuTHqp0NJNMBAPIUiynpM/+NqnIK4MmBDQXjH8ftYQQ3
RRR8kktIDGoLuDMEAAAAARYJKwYBBAHaRw8BAQdAFEC3lWPEBtTtIe99hKTWag1K
DiaDeDFYJ30+15M5d2OIxgQYFgoAeAWCZrACGQWJZrFTmAkQeopvJIc5d+RHFAAA
AAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnbL4YwYByk2L/OMjW
c3hKFkuHNwJKbnhkhZeT2JUnySkCmyAWIQQGCdXCY02111ImrZp6im8khzl35AAA
C8wA/0v1l5vx4Up7iOSw3bHmqIZvYINdufwSngH15lhoTqQtAQDxea3DcitUeS57
MwzRkzBjoOZArR7LiOSVK7ETEFIXDLgzBAAAAAEWCSsGAQQB2kcPAQEHQCK7R2Oc
2BGO6jXHK1vqDUoR5vwyKP1GhHE717/DZ2l2iQGFBBgWCgE3BYJmsAIZBYlmsVOY
CRB6im8khzl35EcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5v
cmcGpFjrJng4tF4t65N6NYOPVuPehUOUl7HKQ+6RLCfC5QKbAr6gBBkWCgBvBYJm
sAIZCRAP8DQa/eiuI0cUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBn
cC5vcmdEw5SdnOXA/oKqE+jWl0d0Neu/c8fGsKe0wvazQnToZhYhBJx3bFP6WHW3
r44T/A/wNBr96K4jAABxiwD+OB/av1m1clb29/dAiS2G9jDLJ9fgbtTNgodvYvzt
G0wA/jWZjxbCWINuwKCtmQ5kvXP9A4GRk6FCPR4+WsDUWNkLFiEEBgnVwmNNtddS
Jq2aeopvJIc5d+QAAOdpAQC0s+yCqAT9VtlaltXTSZXvcJ262JT6W7NGNIO95UVv
nwD6Awm9+mI0ktpoDrg4vKMEI3rQcuwrTk29hBwu94KUuQy4OAQAAAABEgorBgEE
AZdVAQUBAQdAI1z9+ei5R5M8GAlZRxcf3Sh7D9h9b+CGsxgxhVa3GTcDAQgHiMYE
GBYKAHgFgmawAhkFiWaxU5gJEHqKbySHOXfkRxQAAAAAAB4AIHNhbHRAbm90YXRp
b25zLnNlcXVvaWEtcGdwLm9yZxUYTR8ioiYu+PTtKux4irY9h2EoK5Mq20w2qBtM
NjF1ApsMFiEEBgnVwmNNtddSJq2aeopvJIc5d+QAAFlcAP9jCyMI7InrHAYSQxRk
52lrHjBa7GC+eohxVTD/EldKlAD/Wnji3VwAJVppmKBZdJqbCF/gvCFnnd4VGw7y
ebbNKw4=
=2pCF
-----END PGP PUBLIC KEY BLOCK-----

View File

@ -1,39 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEAAAAARYJKwYBBAHaRw8BAQdAxlQDNT56yHskJ5MbUVxlRG+Gsz1dEkkxlIka
UdlzWJmIxgQfFgoAeAWCZrAFowWJZrFXIgkQ5DtJAXRAYF1HFAAAAAAAHgAgc2Fs
dEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnEi1zB4jt+Zj8/X+XvPJGWfVY0qwe
06w6ob307FaempsCmwEWIQRuGOCClFvENBHDtJDkO0kBdEBgXQAAFyEA/R4n5kTL
qejCniCWCt526H407UfRmykXDjFHIpcokwYuAQCX628MtzOXqzNImiCviFHxs4a0
E8I31Af6AMlHSyHSBbQVRXZlIDxldmVAZGlzdHJ1c3QuY28+iMkEExYKAHsFgmaw
BaMFiWaxVyIJEOQ7SQF0QGBdRxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNlcXVv
aWEtcGdwLm9yZwGYhzv0d0BdAzfYduGhxEengwXrwJCGOFqHPsk0qw6yApkBApsB
FiEEbhjggpRbxDQRw7SQ5DtJAXRAYF0AAC/uAQC+VphQ2jmF2Gl0yzSZofMGMrIj
NiqMDYlQqSpjQ8gZbgD+K4wH7vsVoMJDxOEBgSrx9U7d1yKAjO6xkzBAHJbiQg6I
xgQTFgoAeAWCZrAFowWJZrFXIgkQ5DtJAXRAYF1HFAAAAAAAHgAgc2FsdEBub3Rh
dGlvbnMuc2VxdW9pYS1wZ3Aub3Jnyf7TlxqvnArRzFsBr9gKSFCtxszM5LDHKQwo
6iu71dACmwEWIQRuGOCClFvENBHDtJDkO0kBdEBgXQAA56ABAMRfcSnD8/DUDoeZ
SxMe3nsOuYzDnrL3q3Ttz0UilZSWAQDhXvKogaP2kJtLO45Qwz4KWT1oc4IRh75w
eO7TB4qvB7gzBAAAAAEWCSsGAQQB2kcPAQEHQNzUQO6VKYFE7v+mDpjtMHvAVTAz
J4/8MxSglGECvl27iMYEGBYKAHgFgmawBaMFiWaxVyIJEOQ7SQF0QGBdRxQAAAAA
AB4AIHNhbHRAbm90YXRpb25zLnNlcXVvaWEtcGdwLm9yZwx0gOeYiV0ugpmzKugu
UtVqk1dHHi2Jdeil/qrZgkrbApsgFiEEbhjggpRbxDQRw7SQ5DtJAXRAYF0AAKxh
AQDENxbqdt0Y+RM9WW9+9MkbMqwdmiEtSqqAsrC3wKlb9wD9GgxdEh1/JFEiqsqP
U6CMbu/QlFz5PSOpOehZjPmnzwa4MwQAAAABFgkrBgEEAdpHDwEBB0Dv7/919bb3
GlfZ/oY3B6xV0IRYQzXSUTlG60AHigygkIkBhQQYFgoBNwWCZrAFowWJZrFXIgkQ
5DtJAXRAYF1HFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3Jn
++4iW0z8YCF9MSmdrJbjnzusm2G9aH9g19yEdBSavjcCmwK+oAQZFgoAbwWCZrAF
owkQsxHlUnzGyEBHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Au
b3JnC7RbDx8bu5hnC3a+7yeFxQc8C7sBpr2rBmpDEFxug58WIQR8VIG8gQFR5OIM
VGCzEeVSfMbIQAAAk8EA/3p0xAJseUN8ffAOtopcMIWUW2/LL09OkUsV3PpTKyQb
AQDUv/g3sfb5kTVaghRe2jPW/rJz3y7ZwcT9+nk/tN/uARYhBG4Y4IKUW8Q0EcO0
kOQ7SQF0QGBdAAA4XgEAr6EIYXlm9lLt8dmPFa5keHfHy2wv7mDe0QUzURcU/bEB
AOMu4z5JU0zLZLNNhidHjPLGPzzembE8oY5/EeCf+S4DuDgEAAAAARIKKwYBBAGX
VQEFAQEHQBUGxfZAa9TqLEu8/pI8FSRuJbf+DE2kHzCGMvtdVNlaAwEIB4jGBBgW
CgB4BYJmsAWjBYlmsVciCRDkO0kBdEBgXUcUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmc02FRIGuWSQd73GDalDA6RY689AuiNvTTotRbQgcSE
CQKbDBYhBG4Y4IKUW8Q0EcO0kOQ7SQF0QGBdAADC0wEAgMaduUfSZK07g77RwQeO
KThZesWuUfYAEhLi8216pkABAOhCmb/RPY6POVnlmInCHvpNo0FzaKEhrNlP9Uy1
h1gF
=7+uv
-----END PGP PUBLIC KEY BLOCK-----