General structure
The general structure of commands and responses is as follows:
Commands
| Field | Type | Content | Note |
|---|
| CLA | byte (1) | Application Identifier | 0x44 |
| INS | byte (1) | Instruction ID | |
| P1 | byte (1) | Parameter 1 | |
| P2 | byte (1) | Parameter 2 | |
| L | byte (1) | Bytes in payload | |
| PAYLOAD | byte (L) | Payload | |
Response
| Field | Type | Content | Note |
|---|
| ANSWER | byte (?) | Answer | depends on the command |
| SW1-SW2 | byte (2) | Return code | see list of return codes |
Command definition
GET_VERSION
Command
| Field | Type | Content | Expected |
|---|
| CLA | byte (1) | Application Identifier | 0x44 |
| INS | byte (1) | Instruction ID | 0x00 |
| P1 | byte (1) | Parameter 1 | ignored |
| P2 | byte (1) | Parameter 2 | ignored |
| L | byte (1) | Bytes in payload | 0 |
Response
| Field | Type | Content | Note |
|---|
| TEST | byte (1) | Test Mode | 0xFF means test mode is enabled |
| MAJOR | byte (1) | Version Major | |
| MINOR | byte (1) | Version Minor | |
| PATCH | byte (1) | Version Patch | |
| LOCKED | byte (1) | Device is locked | |
| SW1-SW2 | byte (2) | Return code | see list of return codes |
GET_ADDRESS
Command
| Field | Type | Content | Expected |
|---|
| CLA | byte (1) | Application Identifier | 0x44 |
| INS | byte (1) | Instruction ID | 0x01 |
| P1 | byte (1) | Request User confirmation | No = 0 |
| P2 | byte (1) | Parameter 2 | Ignored |
| L | byte (1) | Bytes in payload | expected = 0 |
Response
| Field | Type | Content | Note |
|---|
| ADDR | byte (43) | Address | Encoded as B64URL |
| SW1-SW2 | byte (2) | Return code | see list of return codes |
SIGN
This command shows the transaction content on screen and signs (if accepted) the transaction.
The "owner" of the transaction should be the public-key of the ledger device (restricted).
The RSA signature is stored in secure flash and should be retrieved using GET_SIG commands.
It returns the 48-byte deephash of the transaction blob for (optional) verification.
Command
| Field | Type | Content | Expected |
|---|
| CLA | byte (1) | Application Identifier | 0x44 |
| INS | byte (1) | Instruction ID | 0x02 |
| P1 | byte (1) | Payload desc | 0 = init |
| | | 1 = add |
| | | 2 = last |
| P2 | byte (1) | ---- | not used |
| L | byte (1) | Bytes in payload | (depends) |
The first packet/chunk is empty (there is no derivation path)
All other packets/chunks contain data chunks that are described below
First Packet
empty
Other Chunks/Packets
| Field | Type | Content | Expected |
|---|
| Data | bytes... | Message | |
Data is defined as:
| Field | Type | Content | Expected |
|---|
| Message | bytes.. | tx to sign | |
| Field | Type | Content | Expected |
|---|
| format_len | 2 bytes | | |
| format | ? bytes | ASCII string | |
| owner_len | 2 bytes | | |
| owner | ? bytes | Bytes - Show as b64Url | 512 bytes?? |
| target_len | 2 bytes | | |
| target | ? bytes | Bytes - Show as b64Url | |
| quantity_len | 2 bytes | | |
| quantity | ? bytes | ASCII string | |
| reward_len | 2 bytes | | |
| reward | ? bytes | ASCII string | |
| last_tx_len | 2 bytes | | |
| last_tx | ? bytes | | |
| . | | | |
| tag_count | 2 bytes | | |
| . | | will repeat multiple times | |
| -- tag_name_len | 2 bytes | | |
| -- tag_name | ? bytes | | |
| -- tag_value_len | 2 bytes | | |
| -- tag_value | ? bytes | | |
| . | | | |
| data_size_len | 2 bytes | | |
| data_size | ? bytes | Size encoded as an ASCII number | |
| data | ? bytes | | |
Response
| Field | Type | Content | Note |
|---|
| Hash | byte (48) | Deephash | Deephash of tx blob |
| SW1-SW2 | byte (2) | Return code | see list of return codes |
GET_SIG
This command can be taken to get the RSA signature of the ledger out.
It requires to have a successful SIGN command (see above) to have happened before.
Only index = 0 or index = 1 are allowed, that return the first and second part of the RSA-4096 signature.
After index = 1 is retrieved the signature in flash is zeroized.
Command
| Field | Type | Content | Expected |
|---|
| CLA | byte (1) | Application Identifier | 0x44 |
| INS | byte (1) | Instruction ID | 0x10 |
| P1 | byte (1) | Request User confirmation | Ignored |
| P2 | byte (1) | Parameter 2 | Index = 0 or 1 |
| L | byte (1) | Bytes in payload | expected = 0 |
Response
| Field | Type | Content | Note |
|---|
| SIG_PART | byte (256) | Public key part | Signature bytes [256 * i ... 256 *(i+1)] |
| SW1-SW2 | byte (2) | Return code | see list of return codes |
GET_PK
This command can be taken to get the "owner" (the RSA public key) of the ledger out.
Only index = 0 or index = 1 are allowed, that return the first and second part of the RSA-4096 public key.
Command
| Field | Type | Content | Expected |
|---|
| CLA | byte (1) | Application Identifier | 0x44 |
| INS | byte (1) | Instruction ID | 0x20 |
| P1 | byte (1) | Request User confirmation | Ignored |
| P2 | byte (1) | Parameter 2 | Index = 0 or 1 |
| L | byte (1) | Bytes in payload | expected = 0 |
Response
| Field | Type | Content | Note |
|---|
| PK_PART | byte (256) | Public key part | Pubkey bytes [256 * i ... 256 *(i+1)] |
| SW1-SW2 | byte (2) | Return code | see list of return codes |
