Document toolboxDocument toolbox

Nexus Documentation
CURL vulnerability information (CVE-2023-38545) - Nexus awareness advisory on Microsoft's update KB5014754

Example: Personal Desktop Client signing

Owned by Karolin Hemmingsson (Unlicensed)
Last updated: Nov 14, 2023 by Ylva Andersson
4 min read

A signing request follow the exact same process flow as an authentication request. For more information, see Example: Personal Desktop Client authentication.

Step-by-step instruction

  1. Create a signing request in Hermod with the POST /rest/command/sign command. See example:

    Example: Signing command

    POST /rest/command/sign { "commandHeader":{ "lifespan":30, "timeout":30, "to":[ "@tmp" ] }, "signCommand":{ "params":{ "description":[ { "content_encoding":"base64", "content_type":"text/plain", "data":"UGVyc29uYWw=", "description":"Signing request from", "key":"requester", "visible":true } ], "filter":{ "op":"eq", "param":"key.type", "value":"RSA" }, "format":"pkcs7", "mechanism":"CKM_SHA256_RSA_PKCS", "tbs":[ { "content_encoding":"base64", "content_type":"text/plain", "data":"VHJhbnNmZXIgNTAwIFVTRCBmcm9tIENheW1hbiBJc2xhbmQgdG8gSG9sZWJyb29rIEx0ZC4=", "description":"Text to sign", "key":"tbs", "visible":true } ] } } }



    Example: Signing response

    Response 200 OK { "commandId": "688", "destinations": [ { "to": "@tmp", "bid": "11318956-2040-4360-941d-437e4ddd810c", "uri": "com.nexusgroup.plugout:///?url=http%3a%2f%2fnexus-cod1.ad.nexusgroup.com%3A20401%2fhermod%2Frest%2Fms%2F11318956-2040-4360-941d-437e4ddd810c&token=0464297b-8406-4f94-a734-628d071069d8", "mid": "14fc191a-a0a3-4ae3-929a-e37efafdb510", "location": "http://nexus-cod1.ad.nexusgroup.com:20401/hermod/rest/ms/11318956-2040-4360-941d-437e4ddd810c/14fc191a-a0a3-4ae3-929a-e37efafdb510" } ], "commandType": "SIGN", "state": "IN_PROGRESS", "fqdn": "nexus-cod1.ad.nexusgroup.com" }





  1. Add the URI from the response as a link. 


    Example URI

    com.nexusgroup.plugout:///?url=http%3a%2f%2fnexus-cod1.ad.nexusgroup.com%3A20401%2fhermod%2Frest%2Fms%2F11318956-2040-4360-941d-437e4ddd810c&token=0464297b-8406-4f94-a734-628d071069d8



    The protocol handler for Personal Ddesktop Client will open the plugout dialog: 




When the user has provided the smart card and entered the PIN then Personal Desktop Client will sign the request and send the response to Hermod which sends the response to the application server in a callback.

  1. Validate the response:

    Example: Signing callback command



    Example: Signing callback response





Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions