RemoteInputProtocol
The remote input server uses an open protocol with encryption and authentication to communicate between the clients and the server.
Security
When the client connects to the server, an SSL connection must be initiated immediately. Most remote input server installations use self-signed certificates, so the client should be able to verify the server through the SSL certificate fingerprint. The fingerprint is a digest (usually SHA1) of the DER form of the SSL certificate. It may be determined on the server by running:
$ openssl x509 -noout -in <certificate file> -fingerprint
If the client cannot verify the certificate through the certificate authority chain or by fingerprint verification it must close the connection immediately.
Authentication
After the SSL connection has been created, the client must send authentication credentials to the server. The credentials have the following form:
The credentials length field specifies the total size of the following fields. The NULL fields must be set to 0. These fields put two limits on the username and password:
- The combined length of the username and password, not including the null terminator, must be less than 253.
- The username and the password may not include the null character.
The server must validate the credentials. The server sends a one byte message to the client indicating whether the credentials are valid:
If the result was invalid, the server must immediately close all communication with the client after sending the credential validation result. If the client was authenticated, the client should begin the input device initialization process.