Solana: Generate Address

Requirements

  • For ALL tamper proofed hardware used in the ceremony, both operators MUST print photographic evidence from digital cameras which is stored in a PGP signed repository. The photographs should be of the top and underside of the vacuum sealed object.

    • The operators should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys found in the "ceremonies" repo

  • AirgapOS SD card

  • AirgapOS Laptop

  • Minimum of 1 Operator and 1 Witness

  • Tamper-proofing equipment

  • Linux Workstation (online machine)

    • Any internet connected computer with a Linux shell will suffice

  • High Visibility Storage: plastic container or bag that's used to keep items while not in use in a visible location like the middle of a desk.

  • Quorum PGP key pairs

  • Ceremony SD card

Procedure

  1. Enter the designated location with the quorum of operators and all required equipment

  2. Lock access to the location - there should be no inflow or outflow of people during the ceremony

  3. Place Ceremony SD card in High Visibility Storage

  4. Retrieve sealed Air-Gapped bundle, polaroid of tamper evidence, and online laptop from locked storage

    a. Retrieve digital/physical photographs of both sides of sealed bundle

    b. Compare all photographs to object for differences

    c. Proceed with unsealing the object if no differences are detected

  5. Place all contents except for the laptop into High Visibility Storage

Offline Machine: Generate Address

  1. Retrieve AirgapOS SD card and plug it into the air-gapped machine

  2. Turn on air-gapped machine

  3. Unplug the AirgapOS SD card and place it in High Visibility Storage

  4. Retrieve Ceremony SD card from High Visibility Storage and plug it into the air-gapped machine

  5. Copy the vaults repository to the machine and switch to it

    $ cp -r /media/vaults /root/
$ cd /root/vaults

  6. Start Keyfork using the relevant Shardfile:

    $ keyfork recover shard --daemon <namespace>/shardfile.asc
    • Follow on screen prompts

  7. If the desired <coin> directory doesn't exist for the namespace, create it:

    $ mkdir -p <namespace>/<coin>

  8. Connect to the appropriate coin directory:

    $ cd <namespace>/<coin>/

  9. Check what the latest address account is:

    $ ls -la .

  10. Find what the latest number for the address is, and add 1 to it. This will be the new address account.

    • For example if the latest address file is 42, the new account_id would be 43. The addresses should start at 0

    • Set an environment variable with the new account_id:

      $ account_id=<num>

  11. Generate a new address:

    $ icepick workflow sol generate-address --account $account_id > $account_id.json

  12. Sign the file using:

    • Import OpenPGP keys:

      • gpg --import /media/vaults/keys/all/*.asc

    • gpg --detach-sign $account_id.json

  13. You may repeat the previous steps, starting at the step where the account_id is set.

  14. Once finished, copy the updated repository back to the Ceremony SD card:

    • cp -rf /root/vaults /media/

  15. Shut down the air gapped machine

  16. Unplug the Ceremony SD card and place it into High Visibility Storage

Online Machine: Generate Nonce Account

  1. Turn on online machine

  2. Retrieve the Ceremony SD card from High Visibility Storage and plug it into the computer

  3. Look for your SD card device name (<device_name>) in the output of the lsblk command. It will typically be listed as /dev/sdX or /dev/mmcblk<num>, where X is a letter (e.g., /dev/sdb, /dev/sdc). You can identify it by its size or by checking if it has a partition (like /dev/sdX1)

    • Mount the device using: sudo mount /dev/<your_device> /media

  4. Copy the vaults repository from the Ceremony SD card:

    $ cp -r /media/vaults ~/
    • If the ~/vaults/ repository already exists, ensure it doesn't have any changes that haven't been committed, then remove it using sudo rm -rf ~/vaults before re-running the previous step

  5. Ensure icepick is available on system

  6. Change directory into the desired <namespace>/<coin> directory:

    $ cd ~/vaults/<namespace>/<coin>

  7. Select which account you are creating the delegate address by viewing the appropriate <namespace>/<coin>/ directory:

    $ ls -la .

  8. Once you have selected the appropriate account, set the account_id variable:

    $ account_id=<num>

  9. Use icepick to generate nonce account:

    • If using a non-mainnet-beta cluster, be sure to provide the --cluster argument

    • Set icepick config file:

    $ export ICEPICK_CONFIG_FILE=<path_to_icepick_repositry>/icepick.toml`

    $ icepick workflow sol generate-nonce-account --input-file $account_id.json > $account_id-na.json
    • Repeat command if returned message is "The transaction was possibly not received by the cluster."

  10. Fund the wallet displayed on-screen with 0.01 SOL

    • Once the funding is done, the nonce account will be created

  11. Stage, commit, sign and push the changes:

    $ git add .
$ git commit -m -S "<message>"
$ git push origin HEAD

Sealing

  1. Gather all the original items that were in the air-gapped bundle:

    • Air-gapped computer

    • AirgapOS SD card

  2. Insert object(s) into plastic sealing bag

  3. Fill bag with enough plastic beads that most of the object is surrounded

  4. Use vacuum sealer to remove air from the bag until the beads are no longer able to move

  5. Take photographs of both sides of the sealed object using both the digital and polaroid camera

  6. Date and sign the polaroid photographs and store them in a local lock box

  7. Take the SD card to an online connected device, ensuring continued dual custody, and commit the tamper evidence photographs to a repository. If two individuals are present, have one create a PR with a signed commit, and the other do a signed merge commit.