Encedo HEM API Developer Manual
  • Welcome!
  • Preliminary
    • Quick Start
    • General information
  • Security
    • Report an issue
    • Advisory
      • Hall of fame
  • Reference
    • API Reference
      • System
        • Version & Status
        • Checkin
        • Configuration
        • Upgrade
          • Firmware
            • Low level USB mode
          • Management app
        • Self-test
        • Reboot
        • Shutdown
      • Authorization
        • Initialization
        • User authentication
        • External authenticator
          • Registration
          • Authentication
      • Key Management
        • Create a key
        • Derive a key
        • Import a key
        • Update a key
        • Delete a key
        • Get a public key
        • List the keys
        • Search a key
      • Cryptography operations
        • HMAC
        • ExDSA
        • ECDH
        • Encryption
          • Encryption/Decryption
          • Wrap/Unwrap
      • Audit log
      • Storage
Powered by GitBook
On this page
  • Sign
  • Sign a message
  • Verify
  • Verify a message signature
  1. Reference
  2. API Reference
  3. Cryptography operations

ExDSA

Those basic cryptography operations allow the calculation and verify ExDSA signatures. ECDSA and EdDSA are supported.

Allowed users

Allowed

Not allowed

Allowed

Required access scope

keymgmt:use:<KID>

where <KID> is a Key ID as 32 chars hexadecimal string

Sign

Sign a message

POST https://my.ence.do/api/crypto/exdsa/sign

Return a signature of the given message.

Headers

Name
Type
Description

Authorization*

String

Bearer JWT_TOKEN

Content-Type*

String

application/json

Request Body

Name
Type
Description

alg*

String

Algorithm to use (e.g. Ed25519ctx)

ctx

String

Base64 encoded additional context data

msg*

String

Data message to sign

kid*

String

Key ID, 32 chars hex string 

{
  "sign": "4IzdVAZlsNHaUXGNaPMUg139TwnW5QB7WvVKAMEFnHF3JT122JTTnCHuZ1Z6sc2Hvz3WETWJ0ePKUVRJ5HzxDQ=="
}

Possible alg values

Algorithm
Description

SHA256WithECDSA

Regard to NIST SP 800-186

SHA384WithECDSA

Regard to NIST SP 800-186

SHA512WithECDSA

Regard to NIST SP 800-186

Ed25519

Ed25519ph

Ed25519ctx

Ed448

Ed448ph

Response data for successful operation

Name
Type
Description

sign

String

Base64 encoded signature

Log entries

Event
Result
Source

LOG_TYPE_FAILED_SCOPE_CHECK

LOG_RESULT_FAILED

403

LOG_TYPE_CRYPTO_EXDSA_SIGN

LOG_RESULT_ERROR

400

LOG_TYPE_CRYPTO_EXDSA_SIGN

LOG_RESULT_FAILED

406

LOG_TYPE_CRYPTO_EXDSA_SIGN

LOG_RESULT_OK

200

Verify

Verify a message signature

POST https://my.ence.do/api/crypto/exdsa/verify

Verify the signature of the given message.

Headers

Name
Type
Description

Authorization*

String

Bearer JWT_TOKEN

Content-Type*

String

application/json

Request Body

Name
Type
Description

alg*

String

Algorithm to use (e.g. Ed25519ctx)

ctx

String

Base64 encoded additional context data

kid*

String

Key ID, 32 chars hex string

msg*

String

Data message to verify

sign*

String

Signature to validate return by sign

Possible alg values

Log entries

Event
Result
Source

LOG_TYPE_FAILED_SCOPE_CHECK

LOG_RESULT_FAILED

403

LOG_TYPE_CRYPTO_EXDSA_VERIFY

LOG_RESULT_ERROR

400

LOG_TYPE_CRYPTO_EXDSA_VERIFY

LOG_RESULT_FAILED

406

LOG_TYPE_CRYPTO_EXDSA_VERIFY

LOG_RESULT_OK

200

PreviousHMACNextECDH

Last updated 2 years ago

Regard to RFC8032

Regard to RFC8032

Regard to RFC8032

Regard to RFC8032

Regard to RFC8032

Check the list .

here
Section-5.1
Section-5.1
Section-5.1
Section-5.2
Section-5.2