Encedo HEM API Developer Manual
  • Welcome!
  • Preliminary
    • Quick Start
    • General information
  • Security
    • Report an issue
    • Advisory
      • Hall of fame
  • Reference
    • API Reference
      • System
        • Version & Status
        • Checkin
        • Configuration
        • Upgrade
          • Firmware
            • Low level USB mode
          • Management app
        • Self-test
        • Reboot
        • Shutdown
      • Authorization
        • Initialization
        • User authentication
        • External authenticator
          • Registration
          • Authentication
      • Key Management
        • Create a key
        • Derive a key
        • Import a key
        • Update a key
        • Delete a key
        • Get a public key
        • List the keys
        • Search a key
      • Cryptography operations
        • HMAC
        • ExDSA
        • ECDH
        • Encryption
          • Encryption/Decryption
          • Wrap/Unwrap
      • Audit log
      • Storage
Powered by GitBook
On this page
  • Hash
  • Gen an HMAC of a message
  • Verify
  • Verify an HMAC of a message
  1. Reference
  2. API Reference
  3. Cryptography operations

HMAC

Those basic cryptography operations allow the calculation and verify HMAC messages.

Allowed users

Allowed

Not allowed

Allowed

Required access scope

keymgmt:use:<KID>

where <KID> is a Key ID as 32 chars hexadecimal string

Hash

Gen an HMAC of a message

POST https://my.ence.do/api/crypto/hmac/hash

Return an HMAC of a given message.

Headers

Name
Type
Description

Authorization*

String

Bearer JWT_TOKEN

Content-Type*

String

application/json

Request Body

Name
Type
Description

alg

String

Algorithm to use (e.g. SHA2-256)

ext_kid

String

External Key ID, 32 chars hex string

msg*

String

Base64 encoded message to hmac

pubkey

String

Base64 encoded external public key

kid*

String

Key ID, 32 chars hex string 

{
  "mac": "otGuoI+uH8K6cWk6Qnx3vNGKDjFv2zTF0dUM73a3YMo="
}

The key type pointed by ext_kid or represented by pubkey MUST be the same as the kid key type. Otherwise, indirect ECDH will be failed.

Possible alg values

Agorithm
Description

SHA2-256

SHA2-256 HMAC

SHA2-384

SHA2-384 HMAC

SHA2-512

SHA2-512 HMAC

SHA3-256

SHA3-256 HMAC

SHA3-384

SHA3-384 HMAC

SHA3-512

SHA3-512 HMAC

Response data for successful operation

Name
Type
Description

mac

String

Base64 encoded HMAC value

Log entries

Event
Result
Source

LOG_TYPE_FAILED_SCOPE_CHECK

LOG_RESULT_FAILED

403

LOG_TYPE_CRYPTO_HMAC_HASH

LOG_RESULT_ERROR

400

LOG_TYPE_CRYPTO_HMAC_HASH

LOG_RESULT_FAILED

406

LOG_TYPE_CRYPTO_HMAC_HASH

LOG_RESULT_OK

200

Verify

Verify an HMAC of a message

POST https://my.ence.do/api/crypto/hmac/verify

Verify the hash of a given message.

Headers

Name
Type
Description

Authorization*

String

Bearer JWT_TOKEN

Content-Type*

String

application/json

Request Body

Name
Type
Description

alg

String

Algorithm to use (e.g. SHA2-256)

ext_kid

String

External Key ID, 32 chars hex string

mac*

String

MAC calculated by hash operation

msg*

String

Base64 encoded HMAC of a message to validate

pubkey

String

Base64 encoded external public key

kid*

String

Key ID, 32 chars hex string

The key type pointed by ext_kid or represented by pubkey MUST be the same as the kid key type. Otherwise, indirect ECDH will be failed.

Possible alg values

Log entries

Event
Result
Source

LOG_TYPE_FAILED_SCOPE_CHECK

LOG_RESULT_FAILED

403

LOG_TYPE_CRYPTO_HMAC_HASH

LOG_RESULT_ERROR

400

LOG_TYPE_CRYPTO_HMAC_HASH

LOG_RESULT_FAILED

406

LOG_TYPE_CRYPTO_HMAC_HASH

LOG_RESULT_OK

200

PreviousCryptography operationsNextExDSA

Last updated 3 years ago

Check the list .

here