Checklist - Voting Member¶
Use this checklist as a voting member to prepare for a TRC signing ceremony.
Preparation¶
Defined where asymmetric EC private keys are stored
Defined roles and principals that have access to the private keys for signature creation.
Grant access through appropriate policies (principle of least privilege).
Created regular voting certificate
Defined subject information for regular voting certificate
Self-signed regular voting certificate with the private key
using
scion-pki certificate createStored regular voting certificate for later use in the ceremony
Created sensitive voting certificate
Defined subject information for sensitive voting certificate
Self-signed sensitive voting certificate with the private key
using
scion-pki certificate createStored sensitive voting certificate for later use in the ceremony
Test signature creation
Created a test payload using
scion-pki trc payload dummySigned the test payload with regular voting key using
scion-pki trc signSigned the test payload with sensitive voting key using
scion-pki trc sign
Ceremony¶
Access to environment that can run
scion-pkiscion-pkiandstep-kms-pluginbinaries installedPrincipal has access to the private key for signing
Certificates available
Regular voting certificate
Sensitive voting certificate