[Top] [Prev] [Next]

signer, countersigner - daemons for set-top box authentication

lib/signer
lib/countersigner

Description

 The signer and countersigner daemons listen for requests on the service ports infsigner and infcsigner, respectively.

The signer daemon

The signer daemon constructs an authentication certificate from the local key (in /keydb/signerkey) and information from the requesting client (including set-top-box-id).

If non-existent, the signer daemons creates and initializes /keydb/signerkey with an owner name of '*'. That file can also be created with the createsignerkey command (see createsignerkey - command to create signer key on authentication server).

The signer daemon 'blinds' the certificate by the technique of XOR-ing it with a random bit mask, then sends the result to the requesting client. The client's user uses that information to establish identity with a human agent on the 'signer'. The signer daemon also saves the both the 'blinded' and 'unblinded' result in the input for the verify command (/keydb/signed/set-top-box-id).

The countersigner daemon

The countersigner daemon sends the contents of /keydb/countersigned/set-top-box-id to the requesting client.

Files
/keydb/signerkey

 Secret key of the 'signer' host.

/keydb/signed/set-top-box-id

 Repository of 'blinded' and clear certificates.

/keydb/countersigned/set-top-box-id

 Repository of 'unblinded' certificates.

See Also
createsignerkey - command to create signer key on authentication server

 Initialization of /keydb/signerkey.

register - command to register set-top-box identity with signer

 Client side of set-top-box registration.

srv - start server daemons

 Launching signer and countersigner daemons.

verify - command to authenticate receiver of blinded certificate

 Extract the 'unblinded' certificate from /keydb/signed/set-top-box-id and save in /keydb/countersigned/set-top-box-id.

[Top] [Prev] [Next]

infernosupport@lucent.com
Copyright © 1996,Lucent Technologies, Inc. All rights reserved.