Hi,
I'm reading the .proto file and I have a question regarding the SignedMessage format.
About the signature field - how is the signature generated? using what hash/encryption? I thought they're
using RSA, but you can't perform RSA on such a long message...
thx, and great work btw :)

It's an RSA-SSA-PSS over the message, based on the SHA1 hash.

RSA using what key? and over what message? The msg field, or the msg with the type, remote attestation, and the session_key?

The signature field is different in the license request and in the license response. It's always over the msg field, But in the license response it's HMAC-SHA256, and apparently using the SIGNING key.

thx, but what exactly is the SIGNING key? what's its value? is it one of the public/private keys you mentioned in content_key_decryption.js?

No, it is a KeyType in the protobuf file. Further than that you can try to conclude from the docs yourself.

tysm! yom tov brother :)

Docs say that response message is signed not with SIGNING key in response itself (it is for next messages), but with derived mac_key[server].

The main piece that is missing from doc is context_mac that is sent from outside. I had tried various versions similar to context_enc from script - something like "SIGNING" || 0x00 || msg || keySize, with various keywords (SIGN, SIGNING, MAC, SIGNATURE), key sizes and etc.

They still do not result in correct signature.
Assuming that you knew how to build correct encryption context (it also isn't contained in doc) - do you know how to build correct MAC?

Never mind :)

It's "AUTHENTICATION" || 0x00 || msg || 512

But I'm still surprised how did you figure out general format.