The Signer Protocol¶
Communication with the signer is performed via a serial connection. That connection has to be established by the client before speaking the protocol defined here.
Signer request data format specification¶
Protocol request data is encoded in the following format:
Byte |
Data |
|---|---|
0-2 |
length of header + data in network byte order |
3-5 |
length of header network byte order |
6-14 |
action specific header |
15-17 |
length of first action specific content in network byte order |
18-N |
fist action specific content string |
N+1-N+3 |
length of second action specific content in network byte order |
N+4-M |
second action specific content string |
M+1-M+3 |
lenght of third action specific content in network byte order |
M+4-End |
third action specific content string |
Due to the length encoding in 3 bytes the messages can have a maximum length of 83 = 224 Bytes which is around 16 MiB.
General request header format¶
Every protocol request header (bytes 3-12 of protocol request message) follows the same 9 byte structure. The content of bytes 3-8 are protocol action specific.
Byte |
Value |
|---|---|
0 |
Version ( |
1 |
Action |
2 |
System (used crypto system) |
3 |
8 bits root |
4 |
8 bits configuration |
5 |
8 bits parameter |
6-7 |
16 bits parameter |
8 |
8 bits parameter |
Format of NUL requests¶
NUL requests are sent at the end of each iteration in
client.pl’s main loop.
Byte |
Value |
|---|---|
0 |
Version ( |
1 |
Action ( |
2 |
System ( |
3 |
|
4 |
|
5 |
|
6-7 |
|
8 |
|
NUL Request Payload:
GMT timestamp in %m%d%H%M%Y.%S format
“”
“”
Note
The timestamp sent with the NUL request is used to create a script to synchronize the time on the signer using date and hwclock.
Format of X.509 signing request messages¶
X.509 signing request messages are sent in
client.pl’s main loop for each requested
certificate.
Byte |
Value |
|---|---|
0 |
Version ( |
1 |
Action ( |
2 |
System ( |
3 |
Root (see table CA root certificate identifiers) |
4 |
Profile (see table Certificate profile ids) |
5 |
Message Digest Id (see table Message digest ids) |
6-7 |
Days in big-endian format |
8 |
Key type 1 |
The key type is stored in the column keytype of the certificate request table which is one of
domaincerts
emailcerts
orgdomaincerts
orgemailcerts
X.509 Signing Request Payload:
PEM encoded PKCS#10 / RFC 2986 certifcate signing request or SPKAC (Netscape) signed public key and challenge (i.e. generated from a <keygen> HTML form element)
comma separated list of SubjectAlternative names in a format that is accepted by openssl configuration file directive
subjectAltName(see https://www.openssl.org/docs/man1.0.2/apps/x509v3_config.html#Subject-Alternative-Name)The requested subject DN in openssl format (parts separated by
/)
Id |
CA root |
|---|---|
0 |
CAcert root (aka CAcert class 1 root) |
1 |
CAcert class3 |
2 |
CAcert class3s |
x |
root{} |
Note
The CA root identifier is retrieved from the database by
client.pl the value that is found there is
decremented by 1 before it is sent to the server.
The server in server.pl restricts the
allowed root id in its CheckSystem function.
Id |
Profile |
|---|---|
0 |
Client (personal) |
1 |
Client (Organization) |
2 |
Client (Code signing) |
3 |
Client (Machine) |
4 |
Client (ADS) |
5 |
Server (personal) |
6 |
Server (Organization) |
7 |
Server (Jabber) |
8 |
Server (OCSP) |
9 |
Server (Timestamp) |
10 |
Proxy |
11 |
SubCA |
Note
client.pl supports profiles 0, 1, 2, 4,
5, 6, 8 and 9 only.
Id |
Algorithm |
|---|---|
1 |
MD5 |
2 |
SHA-1 |
3 |
RIPE-MD160 |
8 |
SHA-256 |
9 |
SHA-384 |
10 |
SHA-512 |
Format of OpenPGP key signing request messages¶
OpenPGP key signing request messages are sent in
client.pl’s main loop for each requested
OpenPGP key.
Byte |
Value |
|---|---|
0 |
Version ( |
1 |
Action ( |
2 |
System ( |
3 |
|
4 |
|
5 |
|
6-7 |
366 encoded as |
8 |
|
OpenPGP Signing Request Payload:
OpenPGP public keyring in binary format (see RFC 4880)
“”
“”
Format of X.509 certificate revocation request messages¶
X.509 certificate revocation request messages are sent in
client.pl’s main loop for each requested
X.509 certificate revocation.
Byte
Value
0
Version (
0x01)1
Action (
0x02)2
System (
0x01for X.509)3
Root
4
0x005
0x006-7
365 encoded as
0x016d8
0x00
X.509 Certificate Revocation Request Payload:
PEM encoded certificate data of the certificate to be revoked
“”
hexadecimal encoded SHA-1 hash of the CRL known CRL file of the requested CA Root (header byte 3)
Signer response data format specification¶
Protocol response data is encoded in the following format:
Byte |
Data |
|---|---|
0-2 |
length of header + data in network byte order |
3-5 |
length of header network byte order |
6-9 |
header data |
10-12 |
length of payload data 1 in network byte order |
13-N |
payload data 1 |
N+1-N+3 |
length of payload data 2 network byte order |
N+4-M |
payload data 2 |
M+1-M+3 |
length of payload data 3 network byte order |
M+4-End |
payload data 3 |
General response header format¶
Every protocol response header (bytes 6-9 of protocol response message) follows the same 4 byte structure. The content of bytes 3 and 4 are not used yet.
Byte |
Value |
|---|---|
0 |
Version ( |
1 |
Action |
2 |
|
3 |
|
Format of NUL Responses¶
NUL responses are sent in response to NUL requests.
Byte |
Value |
|---|---|
0 |
Version ( |
1 |
Action ( |
2 |
|
3 |
|
NUL Response Payload:
“”
“”
“”
Format of X.509 certificate response messages¶
X.509 certificate response messages are sent in response to X.509 certificate signing request messages.
Byte |
Value |
|---|---|
0 |
Version ( |
1 |
Action ( |
2 |
|
3 |
|
X.509 certificate response payload:
PEM encoded X.509 certificate
“”
“”
Format of OpenPGP key signature response messages¶
OpenPGP key signature response messages are sent in response to OpenPGP key signing request messages.
Byte |
Value |
|---|---|
0 |
Version ( |
1 |
Action ( |
2 |
|
3 |
|
OpenPGP key signature response payload:
ASCII armored PGP public key block
“”
“”
Format of X.509 certificate revocation response messages¶
X.509 certificate revocation response messages are sent in response to X.509 certificate revocation request messages.
Byte |
Value |
|---|---|
0 |
Version ( |
1 |
Action ( |
2 |
|
3 |
|
- 2
this response type uses the same action byte as the OpenPGP key signature response message
X.509 certificate revocation response payload:
CRL diff in xdelta format or “” if the original CRL specified by the SHA-1 hash in the third payload field of the request is not available
“”
“”
Protocol messages¶
Handshake¶
client sends 1 byte
0x02to serial portclient reads 1 byte from serial port (with a 20 second timeout)
client checks whether the byte is
0x10
If anything different is received there was a protocol error and no further messages should be sent over the serial connection.
Send data¶
- Preconditions
successful Handshake, data is encoded according to the Signer request data format specification
client builds byte wise xor of all data bytes into 1 byte $xor
client sends concatenated $data string + xor-Byte + “rie4Ech7”
client reads 1 byte (with a 5 second timeout)
if received byte is
0x11try againif received byte is
0x10the message has been sent successfully
If anything different is received there was a protocol error and no further messages should be sent over the serial connection.
Receive data¶
- Preconditions
client sent data
client waits for a response (with a 120 second timeout)
server builds byte wise xor of all data bytes in 1 byte $xor
server sends
0x02to start transmissionclient sends
0x10to confirm receipt (server timeout 1 second)server sends concatenated $data string + xor-Byte + “rie4Ech7”
client reads data in 100 byte segments (5 second timeout)
client sends
0x11in case of corrupted data and retries readingclient sends
0x10if successfulserver waits for response for 5 seconds
server sends concatenated $data string + xor-Byte + “rie4Ech7” if client response is
0x11
