The general structure of commands and responses is as follows:
| Field | Type | Content | Note |
|---|---|---|---|
| CLA | byte (1) | Application Identifier | 0x44 |
| INS | byte (1) | Instruction ID | |
| P1 | byte (1) | Parameter 1 | |
| P2 | byte (1) | Parameter 2 | |
| L | byte (1) | Bytes in payload | |
| PAYLOAD | byte (L) | Payload |
| Field | Type | Content | Note |
|---|---|---|---|
| ANSWER | byte (?) | Answer | depends on the command |
| SW1-SW2 | byte (2) | Return code | see list of return codes |
| Field | Type | Content | Expected |
|---|---|---|---|
| CLA | byte (1) | Application Identifier | 0x44 |
| INS | byte (1) | Instruction ID | 0x00 |
| P1 | byte (1) | Parameter 1 | ignored |
| P2 | byte (1) | Parameter 2 | ignored |
| L | byte (1) | Bytes in payload | 0 |
| Field | Type | Content | Note |
|---|---|---|---|
| TEST | byte (1) | Test Mode | 0xFF means test mode is enabled |
| MAJOR | byte (1) | Version Major | |
| MINOR | byte (1) | Version Minor | |
| PATCH | byte (1) | Version Patch | |
| LOCKED | byte (1) | Device is locked | |
| SW1-SW2 | byte (2) | Return code | see list of return codes |
| Field | Type | Content | Expected |
|---|---|---|---|
| CLA | byte (1) | Application Identifier | 0x44 |
| INS | byte (1) | Instruction ID | 0x01 |
| P1 | byte (1) | Request User confirmation | No = 0 |
| P2 | byte (1) | Parameter 2 | Ignored |
| L | byte (1) | Bytes in payload | expected = 0 |
| Field | Type | Content | Note |
|---|---|---|---|
| ADDR | byte (43) | Address | Encoded as B64URL |
| SW1-SW2 | byte (2) | Return code | see list of return codes |
This command shows the transaction content on screen and signs (if accepted) the transaction. The "owner" of the transaction should be the public-key of the ledger device (restricted). The RSA signature is stored in secure flash and should be retrieved using GET_SIG commands. It returns the 48-byte deephash of the transaction blob for (optional) verification.
| Field | Type | Content | Expected |
|---|---|---|---|
| CLA | byte (1) | Application Identifier | 0x44 |
| INS | byte (1) | Instruction ID | 0x02 |
| P1 | byte (1) | Payload desc | 0 = init |
| 1 = add | |||
| 2 = last | |||
| P2 | byte (1) | ---- | not used |
| L | byte (1) | Bytes in payload | (depends) |
The first packet/chunk is empty (there is no derivation path)
All other packets/chunks contain data chunks that are described below
empty
| Field | Type | Content | Expected |
|---|---|---|---|
| Data | bytes... | Message |
Data is defined as:
| Field | Type | Content | Expected |
|---|---|---|---|
| Message | bytes.. | tx to sign |
| Field | Type | Content | Expected |
|---|---|---|---|
| format_len | 2 bytes | ||
| format | ? bytes | ASCII string | |
| owner_len | 2 bytes | ||
| owner | ? bytes | Bytes - Show as b64Url | 512 bytes?? |
| target_len | 2 bytes | ||
| target | ? bytes | Bytes - Show as b64Url | |
| quantity_len | 2 bytes | ||
| quantity | ? bytes | ASCII string | |
| reward_len | 2 bytes | ||
| reward | ? bytes | ASCII string | |
| last_tx_len | 2 bytes | ||
| last_tx | ? bytes | ||
| . | |||
| tag_count | 2 bytes | ||
| . | will repeat multiple times | ||
| -- tag_name_len | 2 bytes | ||
| -- tag_name | ? bytes | ||
| -- tag_value_len | 2 bytes | ||
| -- tag_value | ? bytes | ||
| . | |||
| data_size_len | 2 bytes | ||
| data_size | ? bytes | Size encoded as an ASCII number | |
| data | ? bytes |
| Field | Type | Content | Note |
|---|---|---|---|
| Hash | byte (48) | Deephash | Deephash of tx blob |
| SW1-SW2 | byte (2) | Return code | see list of return codes |
This command can be taken to get the RSA signature of the ledger out. It requires to have a successful SIGN command (see above) to have happened before. Only index = 0 or index = 1 are allowed, that return the first and second part of the RSA-4096 signature. After index = 1 is retrieved the signature in flash is zeroized.
| Field | Type | Content | Expected |
|---|---|---|---|
| CLA | byte (1) | Application Identifier | 0x44 |
| INS | byte (1) | Instruction ID | 0x10 |
| P1 | byte (1) | Request User confirmation | Ignored |
| P2 | byte (1) | Parameter 2 | Index = 0 or 1 |
| L | byte (1) | Bytes in payload | expected = 0 |
| Field | Type | Content | Note |
|---|---|---|---|
| SIG_PART | byte (256) | Public key part | Signature bytes [256 * i ... 256 *(i+1)] |
| SW1-SW2 | byte (2) | Return code | see list of return codes |
This command can be taken to get the "owner" (the RSA public key) of the ledger out. Only index = 0 or index = 1 are allowed, that return the first and second part of the RSA-4096 public key.
| Field | Type | Content | Expected |
|---|---|---|---|
| CLA | byte (1) | Application Identifier | 0x44 |
| INS | byte (1) | Instruction ID | 0x20 |
| P1 | byte (1) | Request User confirmation | Ignored |
| P2 | byte (1) | Parameter 2 | Index = 0 or 1 |
| L | byte (1) | Bytes in payload | expected = 0 |
| Field | Type | Content | Note |
|---|---|---|---|
| PK_PART | byte (256) | Public key part | Pubkey bytes [256 * i ... 256 *(i+1)] |
| SW1-SW2 | byte (2) | Return code | see list of return codes |