lib/signer lib/countersigner
If non-existent, the signer daemons creates and initializes /keydb/signerkey with an owner name of '*'. That file can also be created with the createsignerkey command (see createsignerkey - create signer key on authentication server).
The signer daemon 'blinds' the certificate by the technique of XOR-ing it with a random bit mask, then sends the result to the requesting client. The client's user uses that information to establish identity with a human agent on the 'signer'. The signer daemon also saves the both the 'blinded' and 'unblinded' result in the input for the verify command (/keydb/signed/set-top-box-id).
createsignerkey - create signer key on authentication server | Initialization of /keydb/signerkey. |
register - command to register set-top-box identity with signer | Client side of set-top-box registration. |
srv - start server daemons | Launching signer and countersigner daemons. |
verify - command to authenticate receiver of blinded certificate | Extract the 'unblinded' certificate from /keydb/signed/set-top-box-id and save in /keydb/countersigned/set-top-box-id. |