Encedo HEM API Developer Manual
  • Welcome!
  • Preliminary
    • Quick Start
    • General information
  • Security
    • Report an issue
    • Advisory
      • Hall of fame
  • Reference
    • API Reference
      • System
        • Version & Status
        • Checkin
        • Configuration
        • Upgrade
          • Firmware
            • Low level USB mode
          • Management app
        • Self-test
        • Reboot
        • Shutdown
      • Authorization
        • Initialization
        • User authentication
        • External authenticator
          • Registration
          • Authentication
      • Key Management
        • Create a key
        • Derive a key
        • Import a key
        • Update a key
        • Delete a key
        • Get a public key
        • List the keys
        • Search a key
      • Cryptography operations
        • HMAC
        • ExDSA
        • ECDH
        • Encryption
          • Encryption/Decryption
          • Wrap/Unwrap
      • Audit log
      • Storage
Powered by GitBook
On this page
  1. Reference
  2. API Reference
  3. Cryptography operations

ECDH

This basic cryptography operation allows the calculation of the ECDH between a trusted key or by an external public key.

Allowed users

Allowed

Not allowed

Allowed

Required access scope

keymgmt:use:<KID>

where <KID> is a Key ID as 32 chars hexadecimal string

Generate ECDH

POST https://my.ence.do/api/crypto/ecdh

Return raw or hashed ECDH results between given arguments.

Headers

Name
Type
Description

Authorization*

String

Bearer JWT_TOKEN

Content-Type*

String

application/json

Request Body

Name
Type
Description

alg

String

Algorithm used to hash the result (e.g. SHA2-256) - if omitted raw ECDH is returned

kid*

String

Key ID, 32 chars hex string

pubkey

String

Base64 encoded external public key

ext_kid

String

External Key ID, 32 chars hex string

{
  "ecdh": "AZlsNHaUXGNaPMUg139TwnW5QB7WvVKAMEFnHF3JT122JTTnCHuZ1Z6sc2Hvz3WETWJ0ePKUVRJ5HzxDQ4IzdV=="
}

The key type pointed by ext_kid or represented by pubkey MUST be the same as the kid key type. Otherwise, indirect ECDH will be failed.

Possible alg values

Value
Description

SHA2-256

Use SHA2-256 to hash the ECDH result

SHA2-384

Use SHA2-384 to hash the ECDH result

SHA2-512

Use SHA2-512 to hash the ECDH result

SHA3-256

Use SHA3-256 to hash the ECDH result

SHA3-384

Use SHA3-384 to hash the ECDH result

SHA3-512

Use SHA3-512 to hash the ECDH result

Response data for successful operation

Name
Type
Description

ecdh

String

Base64 encoded the ECDH result

Log entries

Event
Result
Source

LOG_TYPE_FAILED_SCOPE_CHECK

LOG_RESULT_FAILED

403

LOG_TYPE_CRYPTO_ECDH

LOG_RESULT_ERROR

400

LOG_TYPE_CRYPTO_ECDH

LOG_RESULT_FAILED

406

LOG_TYPE_CRYPTO_ECDH

LOG_RESULT_OK

200

PreviousExDSANextEncryption

Last updated 2 years ago