sethmlarson/pypi-tuf-key-gen-ceremony-notes.md

## pypi-tuf-key-gen-ceremony-notes.md

      
    Raw
  

              pypi-tuf-key-gen-ceremony-notes.md
            
          
    PyPI TUF Key Generation and Signing Ceremony

Attesting that I was watching and listening to the live stream
of the ceremony on Youtube for the entire duration of the broadcast
without interruption. Notes were taken as I went with a stopwatch keeping
track of relative timestamps from the start of the ceremony.
All times are of my viewing of the ceremony, not necessarily as
the ceremony actually occurred due to delay between real events and the stream.
This message will be signed with my Keybase GPG key 51B0 6736 1740 F5FC
date: 2020-10-30
broadcast start time: 10:15 AM
broadcast stop time: 12:21 PM
ceremony start: 10:26 AM
Conductors


ernest w durbin
william woodruff

Ceremony Start

00:00:00 airplane mode on all devices
00:01:41 booting raspberry pi
00:02:49 usb inserted
00:03:10 usb mounted
00:06:05 pictures of HSM completed

YubiHSM 1 (ser: 0013200561)

00:06:30 bag opened hsm removed
00:08:37 hsm inserted into rpi
00:09:34 hsm provisioned
00:12:31 all pins entered
00:12:50 success prompt
00:14:19 converted to .pem
00:14:44 confirmed pems created
00:15:03 hsm removed
00:16:55 hsm sealed in bag (note bag labeled before sealing, out of order per runbook)

YubiHSM 2 (ser: 0013200460)

00:18:41 bag opened hsm removed
00:19:43 hsm inserted into rpi
00:20:08 hsm provisioned
00:22:20 auth key confirmed
00:22:36 confirmed again
00:23:51 converted to .pem
00:23:16 hsm removed from rpi
00:26:13 hsm sealed in bag

YubiHSM 3 (ser: 0013200462)

00:27:24 bag opened hsm removed
00:28:31 hsm inserted into rpi
00:28:55 hsm provisioned
00:30:45 pins inputted and confirmed
00:31:55 converted to .pem
00:32:34 removed hsm from rpi
00:34:05 hsm sealed in bag

<ceremony took a break here>

NitroHSM 4 (ser: DENK0103189)

<note: me and William both took down serial number as 'DENK0130189' which isn't correct>
<unsure if this was our fault or if the serial number was not pronounced right initially>

00:38:43 break over
00:40:13 removed hsm from bag
00:40:45 hsm inserted into rpi
00:42:03 hsm provisioned
00:43:45 pin entered didn't match
00:45:13 cancelled provisioning

<at this point one character of SO pin leaked to screen>
<rolled w/ dice a new first character of the SO pin>

00:47:11 new first character secretly selected
00:48:16 start new provisioning
00:49:16 new SO pin and user pin confirmed

<whole SO pin leaked to screen, regenerated a brand new SO pin with dice>

00:54:17 started generating new SO pin w/ dice
01:00:36 generation of new SO pin complete
01:02:28 reprovisioned hsm
01:03:36 SO and user pin entered
01:05:12 generated nitrohsm keys
01:05:40 completed key generation
01:06:19 hsm removed from rpi
01:08:07 hsm sealed in bag

NitroHSM 5 (ser: DENK0102947)

01:09:38 removed hsm from bag
01:10:22 inserted into rpi
01:11:33 factory reset hsm
01:12:40 SO and user pin typed and confirmed
01:13:48 generated hsm keys
01:14:24 generation complete
01:14:56 removed hsm from rpi
01:16:23 sealed hsm in bag

NitroHSM 6 (ser: DENK0200473)

01:17:35 removed hsm from bag
01:17:52 inserted into rpi
01:18:34 provision run
01:19:30 SO and user pin typed and confirmed
01:20:49 nitro key generated
01:21:19 generation complete
01:22:14 removed hsm from rpi
01:23:46 sealed hsm in bag

Copying Ceremony Products

01:25:08 ceremony products copied to flash storage
01:26:43 sync
01:26:52 unmounted
01:26:59 remove flash drive (not in runbook)

<not in runbook, making an additional copy of ceremony products>

01:26:44 backup flash drive removed from bag
01:27:33 mounted
01:28:00 copy, sync and unmounted

<back to runbook>

01:28:50 rpi shutdown

Ceremony Products

01:36:40 commit created and signed

<ceremony products committed under ceremony/2020-10-30 directory>
<commit SHA: e77db08e2ef806e3670c2ee6599a1e7bf11401cf>
<branch: 'ceremony-2020-10-30'>
<url: https://github.com/psf/psf-tuf-runbook/commit/e77db08e2ef806e3670c2ee6599a1e7bf11401cf>

01:38:55 ceremony complete


## pypi-tuf-key-gen-ceremony-notes.md.signed
BEGIN KEYBASE SALTPACK SIGNED MESSAGE. kXR7VktZdyH7rvq v5weRa0zkXo2Z5i fwz0W5aVaM9DNMU BKC6sB5xYg9XJrd XPXGPfbGSP3jVmk vedynTBJ0EyLsai 62iLjosoZNjUzEG LJTTdQTWqiJUFVh l8o0KeqNB0y2dGW 41lbNQqAcEx55pr 1gkXqoj01wrhLk7 6ocbTWjogao0iQU NqP4H0MuquKqjTx X5bSTnpN8qrHypS CZx6PRbUzVBhjCz MZJ92q6L0OXZkx1 M9lpBL7gr7mbuqs DUhRbUycGCHzOdE 0xeRAHebD10v7wk TXTZx1lQxpqcva2 FRbGjZvIqkAXrgR xMWTfQcwHKDlA2w HxKL26af6w2aqj7 gAtx2dmDkSjGPhc AxteWaoNudlAlBS vImFRm7vm8F2P0I 3T3f1gpdy5KXvjm MAcqvtFczPa68Dj xSUMhkrnYHRbRQl VtiRPbx3GBibuTS Il5vef7VrleyN7a oybuLuxIN6Gt7tT TaEtS6GkNwaMiUS 1iWbKW2KvYzOoAj iKjyN6PSwpequbK C1FJdOOXXPiDqCN pBQa8omO00yLFmA f5z2N6OA9T9dxpW uj69wLOXfdayfKY DUNUfscdGKDxuDH HJQQHHAd03sAHfC kELaygcDtV7rgwP An0X3Lng6FXKSvW OSBA4lHrEWrEI0b 5xR6jiBYyNtSKlL 5X9ou0cCDlC7lPi mcF3oU3nqgBHMDg zVEl2xZnUWeluCD NbIq44sLp5xR8bp sXgLjLmuFFsBr86 zzyLqil0h6ND3Ru DNNZpOiQPS4fnQx y1LyM5xsT4Kgtge OOximFGgj7S3cxe acde243N62dor8u xes8VPvPHTSStTi SbrTChOFFbsMZIF EQtUHRMY7I6gCAW 5difdFLRLR4woBa KFM2OCDTiFoWxFd UHSNno595QzVk7w 6fBYlW3xEgVbF1f HoBo8L5NbFt9wz9 o7h9UKKzG5bt9Y6 jJN6xbXt1sfBMyx CKltlMJdwMxNdUP 00FkPSM3BscHbAF Bzt9dX0pW0n7tWl Ifdn4o8juPY0Dnb ZTcVADMYJsFxe5m 3yVlFmRkmtCWfwK zzjedr0Eb2SFPVB m0Xu4iI0Q8OH75J lf6SrGa9sccf8NY OQuA2q12FyrmSmC UxMyuyCf1XLN2n1 tMA4WQ7amYwoUeQ 4Oo266QerM4r4kb Dw9vvzNf2DKi6mN B9uMEqqNuacfTdQ f2WwCNKWVlf5O48 8Axp7Qaz66goCmx zbbfZKQvmGNPAgQ n37hDBfqS7rDXtc 06HAxFhpi5S8WEF RCdc4jWlaf9AV1Q O2eokdUayT4ucIS DDPK4vRcrUEvDxH OcHAoytS5WuzwPh eZSuFJMvNDioIgc XSzOD5MvKtcQjvW SWfc50Kva7sBfLI ex4Jse15tG3Ouhl d5kw0OfebastYFw i3XsBjBOgO2f7ud 9jzRHlgGndWpONJ 3TLhAWc3IlEU4kz 6jscvWnR8ixOx3A od8o4pyFBIUZHfi ajmvlhtxcObUvv8 CXjkPRMnSasCTbz Y0SPRd1dnmhLT63 yuSD06pHVLqJNe5 Sa42PmtE21XMFP1 QeRYPPGrfQiwmS7 weZeANyFJnIEzQ9 ZDXsZw3ZwRS665o Fx6pFIEcmhBjesR KQMamSx23Y3QDuO HfbMEvl8dTCJPlG obgmiPJGl4yXZeU M0fAWigWsSSb7h2 JM4erxEvtEO8x9B GKwRBFRoWKcfQD0 aZrBSiH5P6NKOps rmTYc1M3ebLKmRH 55Ssm2XpKkRq0sw bYGmO849PhsjLIp XmOBTEyWIrVKKhm 6ksu1OYIGyFZ5sf 9wOpDOMqw7C2cC9 A0SbZ02GbmpKNCl Vf9cGouSHqTKbsT 0tCWCqg922CKtcm W6QmS3HpNRL1XYZ mMTDMN5LmKYPlgC Pl7h2JM4erxEvtE O8x9BMlRVU21NXh mFzKCnIUmRqwjVZ QBuy9zPHpfkkJuN LZEvDsO3NIvr05S 13GuZ8fAbmseC2P mtE24fn5dpg5h44 8mKe1991bqbnydl c2BTKvWA2XaBtzN iTU4r31tRKFIDIG B9FerU9n8xr38rC 0QkVMzHX9QQHEln qofNakLez2sko7v Bd9SVjlFOr8MHPc MhWAwFBPwvjiFov YZMpLAdJrkLjMUo Fy3iCmrPlblxuzZ 3OMFYO2f7uppwNi hp7LPL3JUxjN9Ds f9qPuvlpcvimJGY Y1SDmZOeTLKyCSe MY1yA0nJ8Ccsgl9 s7o6639KusueRDa CQQO7fAJA710CrN IBbh3xFxjL0ssBR ukFhQeOdVbT4BUP 040jBH0kKBt0ffN BsKGoRI3iG3GWl4 Xq8WkoKflPWqR8R OGxMU9zZiPeJC0v vX3R2SvPvur44T8 lM0wQVsSA9Nk4NI r8ayvJHqHpIrxvf qQVhncj63UBoE9d 7SoExFzgO2f7x8K 5vjkCtyhHoEW6zz k4EjetJNFUuZHZx mPdJ0yOIBbcczBo xnDaJqRnr4b5kpp c5r6x1LuxVmJtDw 0NpgNKOpoFNk18d PrI7LMuY89A1veM q9HZNtGv8Mp0rn2 WLEi7r5rwZ7Vs3u fP2bbYUUeCNCG3U AMUvTviRrMVIfbs BfAdF1F3xMymFvt T56rSMleDwltYsT KNmymdIXIRTS5N6 N36jR7nu7j44MvW GogrsUeVwcGT0pH RNzBrsUOEiWN6iP TbNbcLMryWAwb5A 8unWahr2qPstJVk 8BfWmDpUAR7rWJJ jci2c6ZTlYcBZgA Gdg6BlYujF254rV tFqQhSTRqNGkH6B RaJYfYntsWWV36j 7OmA0z0tI5xn88k g8f7gQBdEfIEmtn aW2pNqvOZ9giS6m ppcZLENVWHvCkES r1u2PmtE27smTIe T7wUq8ceIHW6NTc uU1Ig6L5WDJD317 NPwvjiFovYwDiGN oBH6BnVxc7AKJaY kfSwXGpbUOuPGSP 040jBH0kKBt0ffN BsKGoRI3iG3GWx1 Bo0Viqar2xW4R8R OGxMU9zZiPeJC0v vXZz0KApGBk1YRd
MQMSOu0T8yNoGLT 8Zy7QzYXaHx4qoI ATvEfJhzReqecYT tpcbh1NIQfCukHA CHqsw5lH5z5D0QG 6EeUMHBuwkJjfsU fvAfTR7gAwTtmFZ aKVds1XpJCcEt3B mUZIieFNm5QbGx3 LeD5Na4sFFeHMbS VAbeBRkzfMdzIeW Q8O9zjHd9KrPbWn LeRNPWo2iSxS8r1 3TtUyd3ZEJfyNPN puS1uz9hZlymozC CNgFKok0DMG8huR Uk0lQVVCnXA1YbM oBKkGNtx0plcyPi mcIoCXYQ8wuuP8E VRAmw23vK3DOfsy cbKvsi6yOXIR8RO GxMU9zZl7Dlt5Gb fl71zumeDvEtSTV VWh6XoqmmN6RYHo xVW15APpCIBG0wy UuK1iSC6uCxXUgA tarvCcdIlKR813m azxcbcbIqMZvxDg JxhKqbGkQccJM6Q uFXZRRbGai0g2XQ JLIcjIYzC0UIMjH kT7QhQDmJteGC9l g4jEi6ellBBQnAJ EWzhfsyv9PPUH6U Tjle5ekyToFfmB8 YO3kmJ6NvtD5b64 HvmiYRnQeh3mgsW QUc6heWCERm4vaN 6mzQrzGdfvy75Y3 zWQlxb5hevOc5ne ksZevtMaXvJ4BQa JtWeC10J3zgZgqW FVpHqxYBG4MDeJm x1byb3LUko7fFcW OZPWKTmKzoBPxeF 4FqwkW7P1Y1kS30 sgyQTG0vBsxuzEb ZtnK92O5hMn0p8W bk0aWC15cK2D4a9 XiifP8CNGxklvV2 qWfZfWFftvflGqh CrOZRdgMH6mqSsO l3eiCrFrhdhEZCr RTzVHbp0ShhudeR xDBnFdYbFUXfUq9 VqBQrlSlg8WAIIe QdTOEcLWE42gvme 1Fg1PcSILur0iXs R8QkWuXXpcJkYRi DDooqkXIDD74zuf jSp4VHvGlATsYBQ Wl7u7cfUsdTanMY ZyIqET7Y3T7z61O YFtwqXdr5pRDnXv d2V98bMYCOZnrUY e2uQMx8UpitAEwS 77q63bnqFC7fR1I NiryulfQSxoKCFk quUk6l0eIDE5RqA Rq9OPi4N6RYHoxV W15APpCIBGbSLtv 1SDvSzU9qPlXQdA nrPjo2Pmu5UtTqm dUWJp1MPWRkYwU6 BkomWYqkiN3Cy4K WGwBfOyKIo50pZG 7XZHDT7xQbyx60J 7D8E9TEc4GNNpZJ SCcJrHUkOjODEOk k5sljAqhbis60ul tbdxIQY8bQ2bJL7 h5s4lnnHXMoW4oU XMMvSmDNCyA6RT2 Ew7NgP7qTFhHH9K pAGQU9vJZKCZPWV zDHYsXDKgPmE4KY MyKUYjfTzlDnY1f IdpyqwJMhj1p4aB iXkdIb2BdeyXxSi FF2waeTBD5xS2PW tnYQNPY9rTgSqXg OLFhlJvSKTXQ8JS lqKG6iQfCukHACH qsvtwCOxuXKVmIk yGNlNstf42eNtQp axQhO3Syb9oIJpz DqA1BbPQ5FLKHTR pO5D29uKIUJdgpK rYDnijaSlBmtojy HU5bP4Mf1PGrEa0 bZqNdE98UnGMyVN 7gP8z1a5DqwQEFB afZ1OOnwIQGwYuh Vcz9gwsUmUB1hPw vjiFovYwDiGNoBH 6BnXyjTXHXHsfoW 2ZIXrWU3mbkO2f7 ud9jzQt0Ia3A3rK kYUrzRXYgFgTslS 8h1jUMXllR7reuy 8ipYGEesFBzuU65 6oZuv0DxFB4I6iL yvgNm9lR7reuy8i pZgcU5WLVtLd4NK eFdHJuDlM8QHlAs hxLe4RNQcyxJRzg qLJufKnK2KvLDgZ P6kwFdbTtPond25 Qe5QBW37J3pB9y8 au8cXYaGjOHhVTN C8zKYScpwnEqLl2 KR861gpFpYZgvW0 05MiCAdLliZz5pa qX0oIa0HwIvCKIR qU90nksqkZBV2Cn TKHgJMb80yidWDx 2MozkCo80UueSio iRRBgTbgi8xWeyi LCwoRTOF18H7b0H 0r9mLOICsWCMMuT ntYZbpQrY3iTQr7 V1Y6pmjlxDLtIRZ LasuOqwJPsOAIwm 1HMY6JvYbtcmb5Y 49xCmXROzaIRwCK m64Aa0NZuLVsnRG kJtsntUw19YZqcR nxt0S4tUggHl3pS oBn6RbpFxXBSEip 2ZkaQDhaLArpec1 86K7hmrEA9ohGQV H5SJrytQCney9JD lfVpHviamVPYoex tqPNvpMeBTAZmnQ MlzESHVOZ5l23Sj Sd2BmsTti10VLlx nV3nMxiHscakbOW ekpcsN4irfQ4fqr i1amOYp9bolMVeF q9x1ix2qbwqO2f7 xLEc9KHZAuHVqXd yiuvtNxM3urTlMx 6bqwDZtEwO2cjc0 8KZsQJHcGnuapqw 7SssJEGvjjrzd3o HUrrBTCDK5OMrtS kXh1zKGYJipRRjf UPvfN0ig8gFJp9q XUJhcNLNHutAHqB qTJAGxTy0cgWYIl Jdqea4IJclXtOsP GCyRqiWV8uTrc6l BAZgkRHMXl2xm3r wCVAlo9fU9HhjgC rRcBaewZ1NZ1b5f 9w28ji8DgfxYnNS 4zEe5tOZChMl96C tj09l8U0fvtp1Sg KZe6Mb3UeuGczZq wKjshj4y6VWbC9c Bf9tYEiC64Q9aB6 OUml1Dnh3vpc4d6 xVNXFC. END KEYBASE SALTPACK SIGNED MESSAGE.