Techniques for virtual cryptographic key ceremonies

What is claimed is: 1. A method for encryption key management, comprising: receiving a plurality of public keys and a plurality of signatures, wherein the plurality of signatures comprise data encrypted using a plurality of private keys, and wherein each private key of the plurality of private keys corresponds to a respective public key of the plurality of public keys; generating a quorum token based at least in part on the plurality of signatures and the plurality of public keys, wherein generating the quorum token is based at least in part on the plurality of signatures, and wherein the plurality of signatures represents at least a threshold number of pools of a plurality of pools; receiving a plurality of encrypted shares, wherein each encrypted share of the plurality of encrypted shares is associated with a respective pool of the plurality of pools; generating a master wrapping key based at least in part on the quorum token and the plurality of encrypted shares; unwrapping a root key using the master wrapping key; and generating a certificate based at least in part on the root key. 2. The method of claim 1 , further comprising: decrypting each encrypted share of the plurality of encrypted shares based at least in part on a user input corresponding to a password and a respective private key corresponding to the respective pool of the plurality of pools, wherein generating the master wrapping key is based at least in part on decrypting each encrypted share of the plurality of encrypted shares. 3. The method of claim 1 , further comprising: storing the master wrapping key in volatile memory such that a system reboot results in destruction of the master wrapping key. 4. The method of claim 1 , further comprising: splitting the master wrapping key into a plurality of shares, wherein each share of the plurality of shares is associated with the respective pool of the plurality of pools; and encrypting a share of the plurality of shares based at least in part on a plurality of respective public keys associated with the respective pool of the plurality of pools. 5. The method of claim 4 , wherein encrypting each share of the plurality of shares comprises: generating a symmetric cryptographic key based at least in part on the plurality of respective public keys associated with the respective pool of the plurality of pools; and encrypting the share of the plurality of shares using the symmetric cryptographic key. 6. The method of claim 4 , further comprising: generating a signature for each share of the plurality of shares using a respective private key corresponding to a pool of the plurality of pools. 7. The method of claim 4 , wherein splitting the master wrapping key comprises a Shamir's secret sharing scheme. 8. The method of claim 1 , wherein generating the quorum token further comprises: a command line interface program verifying that the plurality of signatures represent at least the threshold number of pools. 9. The method of claim 1 , further comprising: generating a log file based at least in part on the quorum token and the plurality of encrypted shares, wherein the log file includes a video recording; and signing the log file with each private key of the plurality of private keys. 10. The method of claim 1 , further comprising: running a virtual machine, wherein generating the master wrapping key comprises generating the master wrapping key on the virtual machine. 11. The method of claim 10 , further comprising: terminating the virtual machine, wherein terminating the virtual machine flushes volatile memory associated with the virtual machine. 12. The method of claim 1 , wherein generating the quorum token is further based at least in part on the plurality of signatures representing at least the threshold number of pools. 13. The method of claim 1 , wherein a private key of the plurality of private keys and a corresponding respective public key of the plurality of public keys are stored on a portable hardware device, and the portable hardware device is configured to refrain from transmitting the private key off the portable hardware device. 14. The method of claim 1 , wherein the certificate comprises a client authentication certificate. 15. The method of claim 1 , wherein the root key corresponds to a private key of a Rivest Shamir Adleman (RSA) key pair comprising the private key and a corresponding public key. 16. The method of claim 1 , wherein each private key of the plurality of private keys and each corresponding respective public key of the plurality of public keys comprises an elliptic curve key pair. 17. An apparatus for encryption key management, comprising: a processor; memory coupled with the processor; and instructions stored in the memory and executable by the processor to cause the apparatus to: receive a plurality of public keys and a plurality of signatures, wherein the plurality of signatures comprise data encrypted using a plurality of private keys, and wherein each private key of the plurality of private keys corresponds to a respective public key of the plurality of public keys; generate a quorum token based at least in part on the plurality of signatures and the plurality of public keys, wherein generating the quorum token is based at least in part on the plurality of signatures, and wherein the plurality of signatures represents at least a threshold number of pools of a plurality of pools; receive a plurality of encrypted shares, wherein each encrypted share of the plurality of encrypted shares is associated with a respective pool of the plurality of pools; generate a master wrapping key based at least in part on the quorum token and the plurality of encrypted shares; unwrap a root key using the master wrapping key; and generate a certificate based at least in part on the root key. 18. The apparatus of claim 17 , wherein the instructions are further executable by the processor to cause the apparatus to: decrypt each encrypted share of the plurality of encrypted shares based at least in part on a user input corresponding to a password and a respective private key corresponding to the respective pool of the plurality of pools, wherein generating the master wrapping key is based at least in part on decrypting each encrypted share of the plurality of encrypted shares. 19. The apparatus of claim 17 , wherein the instructions are further executable by the processor to cause the apparatus to: split the master wrapping key into a plurality of shares, wherein each share of the plurality of shares is associated with the respective pool of the plurality of pools; and encrypt a share of the plurality of shares based at least in part on a plurality of respective public keys associated with the respective pool of the plurality of pools. 20. A non-transitory computer-readable medium storing code for encryption key management, the code comprising instructions executable by a processor to: receive a plurality of public keys and a plurality of signatures, wherein the plurality of signatures comprise data encrypted using a plurality of private keys, and wherein each private key of the plurality of private keys corresponds to a respective public key of the plurality of public keys; generate a quorum token based at least in part on the plurality of signatures and the plurality of public keys, wherein generating the quorum token is based at least in part on the plurality of signatures, and wherein the plurality of signatures represents at least a threshold number of