Supported by RSA and EC type of keys. For signature, one can pass one of the following inputs:
Data and Hash Alg: Pass in the entire data to be signed with the Hash Algorithm to be used for hashing (SHA1, SHA256, SHA512, etc)
Hash: Only pass the already hashed data. Also, pass the Hash Algorithm used to generate the said hash.
NOTE
Data and Hash should be base64 encoded.
Go
data := byte[]("Hello World!")
keyId := <Key UUID>
signReq := sdkms.SignRequest{
Data: &data,
HashAlg: sdkms.DigestAlgorithmSha256,
Key: sdkms.SobjectById(keyId),
}
signResp, err := client.Sign(ctx, signReq)
signResp.Signature
#With hash
signReq := sdkms.SignRequest{
Hash: &hash,
HashAlg: sdkms.DigestAlgorithmSha256,
Key: sdkms.SobjectById(keyId),
}
signResp.SignatureJava
// With data
String data = "Hello World!";
SignRequest signatureRequest = new SignRequest()
.hashAlg(DigestAlgorithm.SHA256)
.data(data.getBytes());
SignResponse signResponse = SignAndVerifyApi().sign(<Key UUID>, signatureRequest);
signResponse.signature
// With hash
SignRequest signatureRequest = new SignRequest()
.hashAlg(DigestAlgorithm.SHA256)
.hash(hash);
SignResponse signResponse = SignAndVerifyApi().sign(, signatureRequest);
signResponse.signaturePython
api_instance = sdkms.v1.SignAndVerifyApi (api_client=client)
String data = "Hello World!";
request = sdkms.v1.SignRequest(hash_alg= DigestAlgorithm.SHA256, data=data.encode())
sign_response = api_instance.sign(<Key UUID>, request)
sign_response.signature
# With hash
request = sdkms.v1.SignRequest(hash_alg= DigestAlgorithm.SHA256, hash=hash)
sign_response = api_instance.sign(<Key UUID>, request)
sign_response.signature
REST API using curl
$ echo "Hello World!" | base64
SGVsbG8gV29ybGQhCg==
$ curl /crypto/v1/sign -H 'Authorization: Bearer YhXwwa-6C...ig5g' -d '{"key": {"kid": "Key-UUID"}, "hash_alg": "SHA256", "data": "SGVsbG8gV29ybGQhCg=="}'
{"signature": "Y25lYm4gdmVidm...llamJ2ZWlqYgo=="}