Generate Address
Requirements
-
Linux Workstation (online machine)
- Any internet connected computer with a Linux shell will suffice
-
Air-gapped machine
-
Trove SD Card
Procedure
Offline Machine: Generate Address
-
Retrieve AirgapOS SD card and plug it into the air-gapped machine
-
Turn on air-gapped machine
-
Unplug the AirgapOS SD card
-
Retrieve Trove SD card and plug it into the air-gapped machine
-
Copy the
troverepository to the machine and switch to it$ cp -r /media/trove /root/ $ cd /root/vaults -
Start Keyfork using the relevant Shardfile:
$ keyfork recover shard --daemon <namespace>/shardfile.asc- Follow on screen prompts
-
If the desired
<coin>directory doesn't exist for the namespace, create it:$ mkdir -p <namespace>/<coin> -
Connect to the appropriate coin directory:
$ cd <namespace>/<coin>/ -
Check what the latest address account is:
$ ls -la . -
Find what the latest number for the address is, and add 1 to it. This will be the new address account.
-
For example if the latest address file is 42, the new account_id would be 43. The addresses should start at
0 -
Set an environment variable with the new account_id:
$ account_id=<num>
-
Online Machine: Generate Nonce Account
-
Turn on online machine
-
Retrieve Trove SD card and plug it into the computer
-
Look for the SD card device name (
<device_name>) in the output of thelsblkcommand. It will typically be listed as/dev/sdXor/dev/mmcblk<num>, where X is a letter (e.g.,/dev/sdb,/dev/sdc). You can identify it by its size or by checking if it has a partition (like/dev/sdX1)- Mount the device using:
sudo mount /dev/<device_name> /media
- Mount the device using:
-
Copy the
vaultsrepository from the Trove SD card:$ cp -r /media/trove ~/- If the
~/trove/repository already exists, ensure it doesn't have any changes that haven't been committed, then remove it usingsudo rm -rf ~/trovebefore re-running the previous step
- If the
-
Ensure
icepickis available on system- Follow steps from installation guide
-
Change directory into the desired <namespace>/<coin> directory:
$ cd ~/trove/<namespace>/<coin> -
Select which account you are creating the delegate address by viewing the appropriate <namespace>/<coin>/ directory:
$ ls -la . -
Once you have selected the appropriate account, set the account_id variable:
$ account_id=<num> -
Use
icepickto generate nonce account:-
If using a non-
mainnet-betacluster, be sure to provide the--clusterargument -
Set
icepickconfig file:
$ export ICEPICK_CONFIG_FILE=<path_to_icepick_repositry>/icepick.toml`$ icepick workflow sol generate-nonce-account --input-file $account_id.json > $account_id-na.json- Repeat command if returned message is "The transaction was possibly not received by the cluster."
-
-
Fund the wallet displayed on-screen with 0.01 SOL
- Once the funding is done, the nonce account will be created
-
Stage, commit, sign and push the changes:
$ git add . $ git commit -m -S "<message>" $ git push origin HEAD
Sealing
-
Gather all the original items that were in the air-gapped bundle:
-
Air-gapped computer
-
AirgapOS SD card
Vacuum sealing based tamper proofing
-
Insert object(s) into plastic sealing bag
-
Fill bag with enough plastic beads that most of the object is surrounded
-
Use vacuum sealer to remove air from the bag until the beads are no longer able to move
-
Take photographs of both sides of the sealed object using both the digital and polaroid camera
-
Date and sign the polaroid photographs and store them in a local lock box
-
Take the SD card to an online connected device, ensuring continued dual custody, and commit the tamper evidence photographs to a repository. If two individuals are present, have one create a PR with a signed commit, and the other do a signed merge commit.
Safe based tamper proofing
-
Place items into safe
-
Ensure the safe is properly locked
-