Namespace Entropy Ceremony

This is a ceremony for generating and sharding entropy to a set of existing Quorum Keys.

Requirements

  • For ALL tamper proofed hardware used in the ceremony, both operators MUST print photographic evidence from digital cameras which is stored in a PGP signed repository. The photographs should be of the top and underside of the vacuum sealed object.

    • The operators should verify the commit signatures of the photographs they are printing against a list of permitted PGP keys found in the "ceremonies" repo

  • AirgapOS SD card

  • AirgapOS Laptop

  • Minimum of 1 Operator and 1 Witness

  • Tamper-proofing equipment

  • SD Card Pack

  • Ceremony SD Card

  • High Visibility Storage: plastic container or bag that's used to keep items while not in use in a visible location like the middle of a desk.

Procedure

  1. Enter the designated location with required personnel and equipment

  2. Lock access to the location - there should be no inflow or outflow of people during the ceremony

  3. Retrieve Air-Gapped Bundle and polaroid tamper evidence from locked storage

    a. Retrieve digital/physical photographs of both sides of sealed bundle

    b. Compare all photographs to object for differences

    c. Proceed with unsealing the object if no differences are detected

  4. Place all materials except for the laptop into High Visibility Storage

  5. Retrieve AirgapOS SD card from High Visibility Storage and plug it into air-gapped laptop

  6. Turn on the machine

  7. Once booted, remove the AirgapOS SD card and place it into High Visibility Storage

  8. Plug the Ceremony SD card into the machine

  9. Run the command to generate new entropy and shard it to quorum of public certificates of the input shardfile:

    • Replace the values: <path_to_input_shard>, <pgp_user_id>
    $ keyfork mnemonic generate --shard-to <path_to_input_shard>,output=shardfile.asc --derive='openpgp --public "Your Name <your@email.co>" --output certificate.asc'

  10. Unseal an SD card pack

    a. Retrieve digital/physical photographs of both sides of sealed bundle

    b. Compare all photographs to object for differences

    c. Proceed with unsealing the object if no differences are detected

  11. Place all unsealed SD cards into High Visibility Storage

  12. Plug in the Ceremony SD card

  13. Back up the files

    $ cp shardfile.asc /media/vaults/<namespace>/
$ cp certificate.asc /media/vaults/<namespace>/
$ cp -r /media/vaults /root/

  14. To create additional backups of the updated vaults repository, plug in SD cards one at a time and use following steps to back up ceremony artifacts

    1. Plug in fresh SD card

    2. cp -r /root/vaults /media/

    3. Unplug the SD card

    4. Label the SD card "Ceremony [date]"

    5. Place the SD caard in High Visibility Storage

  15. Power down the air-gapped machine

  16. Transfer the ceremony artifacts to an online machine using one of the SD cards and commit the changes made to the vaults repository that's on the Ceremony SD card

  17. Connect SD card to online linux workstation

  18. Look for your SD card device name (<device_name>) in the output of the lsblk command. It will typically be listed as /dev/sdX or /dev/mmcblk<num>, where X is a letter (e.g., /dev/sdb, /dev/sdc). You can identify it by its size or by checking if it has a partition (like /dev/sdX1)

    • Mount the device using: sudo mount /dev/<your_device> /media

  19. If the ~/vaults/ repository already exists, ensure it doesn't have any changes that haven't been committed, then remove it using sudo rm -rf ~/vaults before re-running the previous step

  20. Copy the repository with updated files to an online linux workstation, sign, commit and push to the vaults repository:

    $ cp -r /media/vaults ~/vaults/
$ cd ~/vaults
$ git add .
$ git commit -S -m "<message>"
$ git push origin HEAD

  21. Gather all the original items that were in the air-gapped bundle:

    • Air-gapped computer

    • AirgapOS SD card

  22. Insert object(s) into plastic sealing bag

  23. Fill bag with enough plastic beads that most of the object is surrounded

  24. Use vacuum sealer to remove air from the bag until the beads are no longer able to move

  25. Take photographs of both sides of the sealed object using both the digital and polaroid camera

  26. Date and sign the polaroid photographs and store them in a local lock box

  27. Take the SD card to an online connected device, ensuring continued dual custody, and commit the tamper evidence photographs to a repository. If two individuals are present, have one create a PR with a signed commit, and the other do a signed merge commit.