multipaz/org.multipaz.securearea.cloud/CloudSecureAreaProtocol/RegisterResponse1

RegisterResponse1

data class RegisterResponse1(val cloudBindingKeyAttestation: X509CertChain, val serverState: ByteArray) : CloudSecureAreaProtocol.Command

Message sent by the server to the device in response to RegisterRequest1:

The server includes cloudBindingKeyAttestation (which is a list of encoded X509 certificates) and serverState described in RegisterRequest1.

When the device receives this message it checks that cloudBindingKeyAttestation includes the previously sent deviceChallenge in its attestation, that each certificate is signed by the next one, the root public key is well-known (e.g. a the root of the Cloud Secure Area provider), and so on. If a check fails the device shall discard any received state and report an error to the application.

If successful, this concludes the first stage of the registration process and the device stores serverState locally as "registration context". This is sufficient to set up an E2EE connection (see E2EESetupRequest0) which can be used to complete the second and final stage of registration (see RegisterStage2Request0).

Constructors

Link copied to clipboard
constructor(cloudBindingKeyAttestation: X509CertChain, serverState: ByteArray)

Properties

Link copied to clipboard
Link copied to clipboard