A TKey user can use tkey-verification to verify that their TKey hasn't been tampered with since provisioning. Currently this is done with the verisigner device app running during both provisioning and verification.
Goals:
Use the ordinary signer instead of a special verisigner binary so we don't have to maintain two device apps with almost the same code. The new tkey-device-signer v1.0.0 already contains the necessary firmware digest command, compatible with the verisigner app protocol.
Use the ordinary tkeysign Go package to communicate. It's now also compatible with the verisign device app.
Instead of having complicated build scripts that tries to build different tags of the device app used in tkey-verification from the same repo let's just put the binary files to embed directly in the repo.
Simplify the interface to the binaries.
As a side-effect, possibly support several vendor signing keys.
A minor security problem in verisigner made us want to use the ordinary tkey-device-signer in tkey-verification as well, since we don't want to maintain essentially the same code in two places. Note, though, that we might want to add some additional data to the key generation process.
A TKey user can use tkey-verification to verify that their TKey hasn't been tampered with since provisioning. Currently this is done with the verisigner device app running during both provisioning and verification.
Goals:
A minor security problem in verisigner made us want to use the ordinary tkey-device-signer in tkey-verification as well, since we don't want to maintain essentially the same code in two places. Note, though, that we might want to add some additional data to the key generation process.