REGISTER(8) (mux) REGISTER(8)
NAME
register - command to register set-top-box identity with
signer
SYNOPSIS
mux/register [ signer ]
DESCRIPTION
Register is intended for use on a set top box (or similar
device). It connects to signer, a machine configured to
sign certificates, and obtains an authenticated certificate
based on the contents of `/nvfs/ID' (the set top box ID in
non-volatile memory). The certificate is saved in the file
`/nvfs/default' for later use. If no signer is named
explicitly, the $SIGNER named in db(6) is used instead.
There are several phases to obtaining the certificate.
1. The register command interacts with signer(8) on the
signing host to construct the certificate. This cer-
tificate is `blinded' by a random bit mask, sent back
to register which displays it in textual or graphical
form to the user.
2. The user running register must use an independent,
secure mechanism (for example, an untapped telephone
call) to communicate with a human agent at the site
acting as signer. That agent runs verify(8) to display
the same `blinded' certificate that was shown to
register's user at the client. Once the agent is con-
vinced that the `blinded' certificate has been deliv-
ered to the correct party, the agent tells verify to
accept the identity of the caller.
3. Register then connects to the countersigner process
(see signer(8)) to obtain the bitmask needed to
`unblind' the previously received certificate. This
step can only validly be performed after the successful
completion of verify on the signer.
FILES
/nvfs/ID File emulating set top box-id in ROM.
/nvfs/default Repository of authenticated certificate.
/services/cs/db Default definition of `signer' host.
SOURCE
/appl/mux/register.b
SEE ALSO
db(6), manufacture(8), signer(8)
Page 1 Plan 9 (printed 4/26/24)