The general structure of commands and responses is as follows:
Field |
Type |
Content |
Note |
CLA |
byte (1) |
Application Identifier |
0x44 |
INS |
byte (1) |
Instruction ID |
|
P1 |
byte (1) |
Parameter 1 |
|
P2 |
byte (1) |
Parameter 2 |
|
L |
byte (1) |
Bytes in payload |
|
PAYLOAD |
byte (L) |
Payload |
|
Field |
Type |
Content |
Note |
ANSWER |
byte (?) |
Answer |
depends on the command |
SW1-SW2 |
byte (2) |
Return code |
see list of return codes |
Field |
Type |
Content |
Expected |
CLA |
byte (1) |
Application Identifier |
0x44 |
INS |
byte (1) |
Instruction ID |
0x00 |
P1 |
byte (1) |
Parameter 1 |
ignored |
P2 |
byte (1) |
Parameter 2 |
ignored |
L |
byte (1) |
Bytes in payload |
0 |
Field |
Type |
Content |
Note |
TEST |
byte (1) |
Test Mode |
0xFF means test mode is enabled |
MAJOR |
byte (1) |
Version Major |
|
MINOR |
byte (1) |
Version Minor |
|
PATCH |
byte (1) |
Version Patch |
|
LOCKED |
byte (1) |
Device is locked |
|
SW1-SW2 |
byte (2) |
Return code |
see list of return codes |
Field |
Type |
Content |
Expected |
CLA |
byte (1) |
Application Identifier |
0x44 |
INS |
byte (1) |
Instruction ID |
0x01 |
P1 |
byte (1) |
Request User confirmation |
No = 0 |
P2 |
byte (1) |
Parameter 2 |
Ignored |
L |
byte (1) |
Bytes in payload |
expected = 0 |
Field |
Type |
Content |
Note |
ADDR |
byte (43) |
Address |
Encoded as B64URL |
SW1-SW2 |
byte (2) |
Return code |
see list of return codes |
This command shows the transaction content on screen and signs (if accepted) the transaction.
The "owner" of the transaction should be the public-key of the ledger device (restricted).
The RSA signature is stored in secure flash and should be retrieved using GET_SIG commands.
It returns the 48-byte deephash of the transaction blob for (optional) verification.
Field |
Type |
Content |
Expected |
CLA |
byte (1) |
Application Identifier |
0x44 |
INS |
byte (1) |
Instruction ID |
0x02 |
P1 |
byte (1) |
Payload desc |
0 = init |
|
|
|
1 = add |
|
|
|
2 = last |
P2 |
byte (1) |
---- |
not used |
L |
byte (1) |
Bytes in payload |
(depends) |
The first packet/chunk is empty (there is no derivation path)
All other packets/chunks contain data chunks that are described below
empty
Field |
Type |
Content |
Expected |
Data |
bytes... |
Message |
|
Data is defined as:
Field |
Type |
Content |
Expected |
Message |
bytes.. |
tx to sign |
|
Field |
Type |
Content |
Expected |
format_len |
2 bytes |
|
|
format |
? bytes |
ASCII string |
|
owner_len |
2 bytes |
|
|
owner |
? bytes |
Bytes - Show as b64Url |
512 bytes?? |
target_len |
2 bytes |
|
|
target |
? bytes |
Bytes - Show as b64Url |
|
quantity_len |
2 bytes |
|
|
quantity |
? bytes |
ASCII string |
|
reward_len |
2 bytes |
|
|
reward |
? bytes |
ASCII string |
|
last_tx_len |
2 bytes |
|
|
last_tx |
? bytes |
|
|
. |
|
|
|
tag_count |
2 bytes |
|
|
. |
|
will repeat multiple times |
|
-- tag_name_len |
2 bytes |
|
|
-- tag_name |
? bytes |
|
|
-- tag_value_len |
2 bytes |
|
|
-- tag_value |
? bytes |
|
|
. |
|
|
|
data_size_len |
2 bytes |
|
|
data_size |
? bytes |
Size encoded as an ASCII number |
|
data |
? bytes |
|
|
Field |
Type |
Content |
Note |
Hash |
byte (48) |
Deephash |
Deephash of tx blob |
SW1-SW2 |
byte (2) |
Return code |
see list of return codes |
This command can be taken to get the RSA signature of the ledger out.
It requires to have a successful SIGN command (see above) to have happened before.
Only index = 0 or index = 1 are allowed, that return the first and second part of the RSA-4096 signature.
After index = 1 is retrieved the signature in flash is zeroized.
Field |
Type |
Content |
Expected |
CLA |
byte (1) |
Application Identifier |
0x44 |
INS |
byte (1) |
Instruction ID |
0x10 |
P1 |
byte (1) |
Request User confirmation |
Ignored |
P2 |
byte (1) |
Parameter 2 |
Index = 0 or 1 |
L |
byte (1) |
Bytes in payload |
expected = 0 |
Field |
Type |
Content |
Note |
SIG_PART |
byte (256) |
Public key part |
Signature bytes [256 * i ... 256 *(i+1)] |
SW1-SW2 |
byte (2) |
Return code |
see list of return codes |
This command can be taken to get the "owner" (the RSA public key) of the ledger out.
Only index = 0 or index = 1 are allowed, that return the first and second part of the RSA-4096 public key.
Field |
Type |
Content |
Expected |
CLA |
byte (1) |
Application Identifier |
0x44 |
INS |
byte (1) |
Instruction ID |
0x20 |
P1 |
byte (1) |
Request User confirmation |
Ignored |
P2 |
byte (1) |
Parameter 2 |
Index = 0 or 1 |
L |
byte (1) |
Bytes in payload |
expected = 0 |
Field |
Type |
Content |
Note |
PK_PART |
byte (256) |
Public key part |
Pubkey bytes [256 * i ... 256 *(i+1)] |
SW1-SW2 |
byte (2) |
Return code |
see list of return codes |