SIGNER(8)                                               SIGNER(8)

     NAME
          signer, countersigner - daemons for set-top box
          authentication

     SYNOPSIS
          lib/signer

          lib/countersigner

     DESCRIPTION
          Signer and countersigner listen for requests on the service
          ports infsigner and infcsigner, respectively.

          Signer constructs an authentication certificate from the
          local key (in /keydb/signerkey) and information from the
          requesting client (including the set top box ID).

          If non-existent, signer creates and initialises
          /keydb/signerkey with an owner name of `*'.  That file can
          also be created with createsignerkey(8).

          Signer `blinds' the certificate by XOR-ing it with a random
          bit mask, then sends the result to the requesting client.
          The client machine's user uses that information to establish
          identity with a human agent on the signing machine.  Signer
          also saves the both the `blinded' and `unblinded' result
          from the input in /keydb/signed/set-top-box-id for
          verify(8).

          Countersigner sends the contents of
          /keydb/countersigned/set-top-box-id to the requesting
          client.

     FILES
          /keydb/signerkey                     Secret key of the
                                               `signer' host.
          /keydb/signed/set-top-box-id         Repository of `blinded'
                                               and clear certificates.
          /keydb/countersigned/set-top-box-id  Repository of
                                               `unblinded' certifi-
                                               cates.

     SOURCE
          /appl/lib/signer.b
          /appl/lib/countersigner.b

     SEE ALSO
          createsignerkey(8), register(8), srv(8), verify(8)

     Page 1                       Plan 9             (printed 3/29/24)