SignedMessage Format
namnam2000 opened this issue · comments
Hi,
I'm reading the .proto file and I have a question regarding the SignedMessage format.
About the signature field - how is the signature generated? using what hash/encryption? I thought they're
using RSA, but you can't perform RSA on such a long message...
thx, and great work btw :)
It's an RSA-SSA-PSS over the message, based on the SHA1 hash.
RSA using what key? and over what message? The msg field, or the msg with the type, remote attestation, and the session_key?
The signature
field is different in the license request and in the license response. It's always over the msg
field, But in the license response it's HMAC-SHA256, and apparently using the SIGNING key.
thx, but what exactly is the SIGNING key? what's its value? is it one of the public/private keys you mentioned in content_key_decryption.js?
No, it is a KeyType
in the protobuf file. Further than that you can try to conclude from the docs yourself.
tysm! yom tov brother :)
Docs say that response message is signed not with SIGNING key in response itself (it is for next messages), but with derived mac_key[server]
.
The main piece that is missing from doc is context_mac
that is sent from outside. I had tried various versions similar to context_enc
from script - something like "SIGNING" || 0x00 || msg || keySize
, with various keywords (SIGN
, SIGNING
, MAC
, SIGNATURE
), key sizes and etc.
They still do not result in correct signature.
Assuming that you knew how to build correct encryption context (it also isn't contained in doc) - do you know how to build correct MAC?
Never mind :)
It's "AUTHENTICATION" || 0x00 || msg || 512
But I'm still surprised how did you figure out general format.