HMAC

Those basic cryptography operations allow the calculation and verify HMAC messages.

Allowed users

Allowed

Required access scope

keymgmt:use:<KID>

where <KID> is a Key ID as a 32-character hexadecimal string

Hash

Gen an HMAC of a message

POST https://my.ence.do/api/crypto/hmac/hash

Return an HMAC of a given message.

Headers

Name

Type

Description

Authorization*

String

Bearer JWT_TOKEN

Content-Type*

String

application/json

Request Body

Name

Type

Description

alg

String

Algorithm to use (e.g. SHA2-256)

ext_kid

String

External Key ID, 32 chars hex string

msg*

String

Base64 encoded message to hmac (max. 2048 bytes)

pubkey

String

Base64 encoded external public key

kid*

String

Key ID, 32 chars hex string

Response status code

{
  "mac": "otGuoI+uH8K6cWk6Qnx3vNGKDjFv2zTF0dUM73a3YMo="
}

The key type pointed to ext_kid or represented by pubkey MUST be the same as the kid key type. Otherwise, indirect ECDH will fail.

Possible `alg` values

Agorithm

Description

SHA2-256

SHA2-256 HMAC

SHA2-384

SHA2-384 HMAC

SHA2-512

SHA2-512 HMAC

SHA3-256

SHA3-256 HMAC

SHA3-384

SHA3-384 HMAC

SHA3-512

SHA3-512 HMAC

Response data for successful operation

Name

Type

Description

mac

String

Base64 encoded HMAC value

Log entries

Event

Result

Source

LOG_TYPE_FAILED_SCOPE_CHECK

LOG_RESULT_FAILED

403

LOG_TYPE_CRYPTO_HMAC_HASH

LOG_RESULT_ERROR

400

LOG_TYPE_CRYPTO_HMAC_HASH

LOG_RESULT_FAILED

406

LOG_TYPE_CRYPTO_HMAC_HASH

LOG_RESULT_OK

200

Verify

Verify an HMAC of the message

POST https://my.ence.do/api/crypto/hmac/verify

Verify the hash of a given message.

Headers

Name

Type

Description

Authorization*

String

Bearer JWT_TOKEN

Content-Type*

String

application/json

Request Body

Name

Type

Description

alg

String

Algorithm to use (e.g. SHA2-256)

ext_kid

String

External Key ID, 32 chars hex string

mac*

String

MAC calculated by hash operation

msg*

String

Base64 encoded HMAC of a message to validate (max. 2048 bytes)

pubkey

String

Base64 encoded external public key

kid*

String

Key ID, 32 chars hex string

Response status code

The key type pointed to ext_kid or represented by pubkey MUST be the same as the kid key type. Otherwise, indirect ECDH will fail.

Possible `alg` values

Check the list here.

Log entries

Event

Result

Source

LOG_TYPE_FAILED_SCOPE_CHECK

LOG_RESULT_FAILED

403

LOG_TYPE_CRYPTO_HMAC_HASH

LOG_RESULT_ERROR

400

LOG_TYPE_CRYPTO_HMAC_HASH

LOG_RESULT_FAILED

406

LOG_TYPE_CRYPTO_HMAC_HASH

LOG_RESULT_OK

200

PreviousCryptography operations NextExDSA

Last updated 4 months ago

hashtagAllowed users

hashtagRequired access scope

hashtagHash

hashtagGen an HMAC of a message

hashtagHeaders

hashtagRequest Body

hashtagResponse status code

hashtagPossible alg values

hashtagResponse data for successful operation

hashtagLog entries

hashtagVerify

hashtagVerify an HMAC of the message

hashtagHeaders

hashtagRequest Body

hashtagResponse status code

hashtagPossible alg values

hashtagLog entries

Allowed users

Required access scope

Hash

Gen an HMAC of a message

Headers

Request Body

Response status code

Possible `alg` values

Response data for successful operation

Log entries

Verify

Verify an HMAC of the message

Headers

Request Body

Response status code

Possible `alg` values

Log entries