# Setting up a Trustee Trustees are a core component of PAD. PAD relies on sufficient number of Trustees acting honestly. This is a means of decentralising trust. Given their essential role, Trustees should be run by trusted individuals. We recommend running a Trustee on a Raspberry Pi. The Trustee software will then run as a daemon and periodically queries the PAD server and responds accordingly. The procedure is simple: download the scripts; edit the configuration file; then start the Trustee daemon. In the following sections, we assume access to the Raspberry Pi is already set up, either with a monitor and mouse or in headless mode via secure shell (SSH) (See [this](https://jacobian.org/2021/jan/22/headless-rpi/) for a tutorial on setting up a headless Raspberry Pi). ## Clone the repository ``` pi@raspberry:~$ git clone https://github.com/sw7group/pad-trustee-node ``` The repository is currently private. Please email with your GitHub account name and we will send you a licence to provide access to the repo. The repository consists of the installer script `install.sh`, the NodeJS source code of the Trustee, a template configuration file `config/pad-trustee.json` and a service file `service/pad-trustee.service` that makes the Trustee a daemon. ## Install node.js and npm ``` pi@raspberry:~$ sudo apt update pi@raspberry:~$ sudo apt install nodejs npm ``` This will install Node.js and npm (Node Package Manager). ## Run the installer with the command ``` pi@raspberry:~/pad-trustee-node$ ./install.sh ``` where `~/pad-trustee-node` is the location of the downloaded repository. The script * checks if nvm (Node Version Manager) is installed * if not, prompts to install nvm. The user can also manually install nvm. * generates a random ID for the Trustee * generates the decryption key and signing key * creates directories that sit the configuration files and Trustee private keys, the source code and the service file * generates a configuration file with the Trustee's ID and private keys * installs NodeJS 14 and installs dependencies * most importantly, display the public details of the Trustee Copy the last step's output of the installer. This information is\ required to register the Trustee on the PAD server. This is a sample output of the installer: ``` Trustee ID: trustee_3d552d143e0102e2 Trustee full name: Trustee-3d552d143e0102e2 Trustee encryption key: -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwvrAS7QgpRx7kWR/447 JY7UOZr7DdPRRuDN+zYE85kDh4EBgbgTTBbvk/5wSGg5x5QMR3coAy0HnEqT3Bxb aDu/SH5ep+Ybn/Pfk6ddKjBoFt9j+nvVutprnskuBN5F+zb4YnQnGr9vygdhL74A DLvp0njF3Ab6PZYtv990XrfsE7oBRaXZ+Lx4CV6KiyhDTaOHl7RI854G25O8IS3K VLjjnNK1VTNttODXXJ5yOOk+zMhXHso7diz1fpbkUyg5Ez5Mwj7ksQ9PRFo7jn+P HiAVFSIgd5jk5PSzxo3BozfGouigrjehmpp7HJRk7L5UWwUSUa8xYcPP40FxNZGp YwIDAQAB -----END PUBLIC KEY----- Trustee verification key: -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENkqLf3tg3OkCOsVws9c5ImjpKDPj MuKz6R/aQ2PSwSvAOAiPRHZDwApnyr/v74JrY1DwEeqbaIWn2mVp/euhzw== -----END PUBLIC KEY----- ``` ## Register as a Trustee Send the information above (Trustee ID, name, and the public keys) to . Until then, the PAD server will not process requests from the Trustee. After registration, an Operator can nominate you to be a Trustee of their instance. ## Start the Trustee daemon Reload the list of user services: ``` pi@raspberry:~/pad-trustee-node$ systemctl --user daemon-reload ``` Then, the Trustee daemon can be started: ``` pi@raspberry:~/pad-trustee-node$ systemctl --user start pad-trustee ``` The daemon should fail to start: ``` pi@raspberry:~/pad-trustee-node$ systemctl --user status pad-trustee ● pad-trustee.service - pad-trustee-node - Trustee service for Privacy-preserving Accountable Decryption (PAD) Loaded: loaded (...; disabled; vendor preset: enabled) Active: activating (auto-restart) since ... Process: ... Main PID: ... start.sh[239579]: [Symbol(kCapture)]: false, start.sh[239579]: [Symbol(kNeedDrain)]: false, start.sh[239579]: [Symbol(corked)]: 0, start.sh[239579]: [Symbol(kOutHeaders)]: [Object: null prototype] start.sh[239579]: }, start.sh[239579]: data: { ok: false, message: 'Unauthorized' } start.sh[239579]: }, start.sh[239579]: isAxiosError: true, start.sh[239579]: toJSON: [Function: toJSON] start.sh[239579]: } ``` This is because we are using the template API key. We should obtain at least one working Trustee API key to get the daemon running properly. ## Obtain Trustee API keys Whenever a PAD instance is created with you nominated as a Trustee, we will send you the instance name and a Trustee API key associated with the instance. You can choose to join and serve the instance or not. To join a PAD instance as a Trustee, update the configuration file at `~/.pad-trustee/config/pad-trustee.yaml`. The `instances` section shows the list of instances the Trustee is serving. It is a dictionary where the key is the instance name and the value contains the API key. Remove the template instance for the first time. Afterwards, add new entries in the dictionary with the corresponding instance name and API key. For example, suppose two instances `my-pad-1.0` and `my-pad-2.0` have been created by Operators, and the Trustees' API key for them are `pad.api.key1` and `pad.api.key2`. This is how `instances` should look like in the configuration file: ```yaml instances: my-pad-1.0: api_key: pad.api.key1 my-pad-2.0: api_key: pad.api.key2 ``` To apply the changes, restart the Trustee daemon: ``` pi@raspberry:~/pad-trustee-node$ systemctl --user restart pad-trustee ``` ## Query Trustee status You can query the Trustee daemon's status using `systemctl`: ``` pi@raspberry:~/pad-trustee-node$ systemctl --user status pad-trustee ● pad-trustee.service - pad-trustee-node - Trustee service for Privacy-preserving Accountable Decryption (PAD) Loaded: loaded (...; disabled; vendor preset: enabled) Active: active (running) ... ``` The status `Active: active (running)` shows that the daemon is running properly. For a more detailed log of the daemon, you may use `journalctl`: ``` pi@raspberry:~/pad-trustee-node$ journalctl --user-unit pad-trustee ``` To see a live update of the log, use the `-f` flag. Press `Ctrl + C` to exit monitoring. ``` pi@raspberry:~/pad-trustee-node$ journalctl -f --user-unit pad-trustee ``` ## Updating the Trustee code To update the Trustee code, download/clone the repository again. Then run `patch.sh`. The script will copy the up-to-date code over to the source directory of the Trustee daemon. It will then restart the daemon. ## (Optional) Enable Trustee daemon to start on boot You may wish the Trustee daemon to start automatically on boot. To do this, simply use the `enable` command in `systemctl`: ``` pi@raspberry:~$ systemctl --user enable pad-trustee ``` ## (Optional) Configure the Trustee daemon * A PEM-encoded string may be used as the keys in the config file instead of specifying a path. For example, instead of having the section ```yaml trustee: decryption_key_file: /path/to/decryption.pem ``` You may use a key directly like this: ```yaml trustee: decryption_key: |- -----BEGIN PRIVATE KEY----- # ... -----END PRIVATE KEY----- ``` * You may change the list of instances the Trustee references in the `instances` section. * You may change the `interval` in seconds in which the Trustee queries the PAD server. > Do not set `interval` too small, otherwise some requests may be blocked by the server because of rate-limiting. * You may change the path in which the states of the Trustee is stored at `storage.path`.