verify - command to authenticate receiver of blinded certificate

lib/verify set-top-box-id

Description

The verify command is used at a 'signer' server to extract information from the /keydb/signed/set-top-box-id file previously created by the signer daemon. That information consists of the previously crafted authentication certificate and the 'blinded' version of the certificate that was sent to the requesting client.

The verify command displays the 'blinded' version textually or graphically, as appropriate, so that it can be compared to that reported by the set-top-box owner over a secure independent mechanism (for example, telephone). If the operator of verify is convinced of the identity of the caller, the operator should reply affirmatively when prompted for acceptance.

If the owner's identity is accepted, the verify command writes the authentication certificate to the /keydb/countersigned/set-top-box-id file, input for the countersigner daemon.

NOTE:

After the operator of verify accepts the identity, the set-top-box owner should be informed to respond affirmatively to the prompt being displayed by the register command. The order of acceptance (first on the signer host) then on the client is important.

verify - command to authenticate receiver of blinded certificate

Description

Files

/keydb/signed/set-top-box-id

/keydb/countersigned/set-top-box-id

See Also

signer, countersigner - daemons for set-top box authentication

register - command to register set-top-box identity with signer

verify - command to authenticate receiver of blinded certificate

Description

Files /keydb/signed/set-top-box-id /keydb/countersigned/set-top-box-id

See Also signer, countersigner - daemons for set-top box authentication register - command to register set-top-box identity with signer

Files

/keydb/signed/set-top-box-id

/keydb/countersigned/set-top-box-id

See Also

signer, countersigner - daemons for set-top box authentication

register - command to register set-top-box identity with signer