HMAC
Those basic cryptography operations allow the calculation and verify HMAC messages.
Allowed users
Allowed
Required access scope
keymgmt:use:<KID>
where <KID> is a Key ID as 32 chars hexadecimal string
Hash
Gen an HMAC of a message
POST https://my.ence.do/api/crypto/hmac/hash
Return an HMAC of a given message.
Headers
| Name | Type | Description |
|---|---|---|
Authorization* | String | Bearer JWT_TOKEN |
Content-Type* | String | application/json |
Request Body
| Name | Type | Description |
|---|---|---|
alg | String | Algorithm to use (e.g. SHA2-256) |
ext_kid | String | External Key ID, 32 chars hex string |
msg* | String | Base64 encoded message to hmac |
pubkey | String | Base64 encoded external public key |
kid* | String | Key ID, 32 chars hex string |
The key type pointed by ext_kid or represented by pubkey MUST be the same as the kid key type. Otherwise, indirect ECDH will be failed.
Possible alg values
alg values| Agorithm | Description |
|---|---|
SHA2-256 | SHA2-256 HMAC |
SHA2-384 | SHA2-384 HMAC |
SHA2-512 | SHA2-512 HMAC |
SHA3-256 | SHA3-256 HMAC |
SHA3-384 | SHA3-384 HMAC |
SHA3-512 | SHA3-512 HMAC |
Response data for successful operation
| Name | Type | Description |
|---|---|---|
| String | Base64 encoded HMAC value |
Log entries
| Event | Result | Source |
|---|---|---|
LOG_TYPE_FAILED_SCOPE_CHECK | LOG_RESULT_FAILED | 403 |
LOG_TYPE_CRYPTO_HMAC_HASH | LOG_RESULT_ERROR | 400 |
LOG_TYPE_CRYPTO_HMAC_HASH | LOG_RESULT_FAILED | 406 |
LOG_TYPE_CRYPTO_HMAC_HASH | LOG_RESULT_OK | 200 |
Verify
Verify an HMAC of a message
POST https://my.ence.do/api/crypto/hmac/verify
Verify the hash of a given message.
Headers
| Name | Type | Description |
|---|---|---|
Authorization* | String | Bearer JWT_TOKEN |
Content-Type* | String | application/json |
Request Body
| Name | Type | Description |
|---|---|---|
alg | String | Algorithm to use (e.g. SHA2-256) |
ext_kid | String | External Key ID, 32 chars hex string |
mac* | String | MAC calculated by |
msg* | String | Base64 encoded HMAC of a message to validate |
pubkey | String | Base64 encoded external public key |
kid* | String | Key ID, 32 chars hex string |
The key type pointed by ext_kid or represented by pubkey MUST be the same as the kid key type. Otherwise, indirect ECDH will be failed.
Possible alg values
alg valuesCheck the list here.
Log entries
| Event | Result | Source |
|---|---|---|
LOG_TYPE_FAILED_SCOPE_CHECK | LOG_RESULT_FAILED | 403 |
LOG_TYPE_CRYPTO_HMAC_HASH | LOG_RESULT_ERROR | 400 |
LOG_TYPE_CRYPTO_HMAC_HASH | LOG_RESULT_FAILED | 406 |
LOG_TYPE_CRYPTO_HMAC_HASH | LOG_RESULT_OK | 200 |
Last updated