---

signer, countersigner - daemons for set-top box authentication

lib/signer
lib/countersigner

Description

The signer and countersigner daemons listen for requests on the service ports infsigner and infcsigner, respectively.

The signer daemon

The signer daemon constructs an authentication certificate from the local key (in /keydb/signerkey) and information from the requesting client (including set-top-box-id).

If non-existent, the signer daemons creates and initializes /keydb/signerkey with an owner name of '*'. That file can also be created with the createsignerkey command (see createsignerkey - command to create signer key on authentication server).

The signer daemon 'blinds' the certificate by the technique of XOR-ing it with a random bit mask, then sends the result to the requesting client. The client's user uses that information to establish identity with a human agent on the 'signer'. The signer daemon also saves the both the 'blinded' and 'unblinded' result in the input for the verify command (/keydb/signed/set-top-box-id).

The countersigner daemon

The countersigner daemon sends the contents of /keydb/countersigned/set-top-box-id to the requesting client.

Files

/keydb/signerkey	Secret key of the 'signer' host.
/keydb/signed/set-top-box-id	Repository of 'blinded' and clear certificates.
/keydb/countersigned/set-top-box-id	Repository of 'unblinded' certificates.

See Also

createsignerkey - command to create signer key on authentication server	Initialization of /keydb/signerkey.
register - command to register set-top-box identity with signer	Client side of set-top-box registration.
srv - start server daemons	Launching signer and countersigner daemons.
verify - command to authenticate receiver of blinded certificate	Extract the 'unblinded' certificate from /keydb/signed/set-top-box-id and save in /keydb/countersigned/set-top-box-id.

---

---

infernosupport@lucent.com

Copyright © 1996,Lucent Technologies, Inc. All rights reserved.