Signing and Verification actions can be performed with all the asymmetric
key types available in the Vault.
Sign a Message
Sign a message (a claim, or hash or specific text) with a given Key
.
curl
Copy curl -i \
-H 'Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiZXhwIjpudWxsLCJpYXQiOjE1NTk4Nzg1NzQsImp0aSI6IjYzYTJkY2QzLWI5OTgtNDZjNC1hNzFkLTQ5MjU4YTBhYmEyMyIsInN1YiI6ImFwcGxpY2F0aW9uOmNiMjAzN2Y3LTc5ZmMtNDBmNC05NzIwLWFkYTYzNmRhNDE4MyJ9.0LsVj7oTF0KjwbcUhg9a-fQRWB7cGzKJxLIANeX2cWE' \
-H 'Content-Type: application/json' \
https://vault.provide.services/api/v1/vaults/a7dd081d-8ad8-499e-a472-587f044c0039/keys/752176e2-f31f-4887-8267-12ba5769ddcb/sign \
-d '{
"message": "hello world"
}'
HTTP/2 201
Response JSON:
Copy {
"signature" : "02a285b1a277f7602dc115a3bf627a8b7603a4a1be9a72b3ab0284878afe443d0023c6b618333ead186cfbf16180f2058727c5ee0e437a0fcff1d3966351d741"
}
The signature
returned in the response is hex-encoded .
Signing Parameters
string to sign, typically the hash; note that only 32-byte messages will be signed by secp256k1
or BIP39 keys
Signing Options (RSA)
When signing with RSA, the RSA signing/verification algorithm must also be provided (otherwise it will return with a "nil signing options" 500 error).
An example of signing with an RSA key is shown below.
curl
Copy curl -i -XPOST \
-H 'Authorization: bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjEwOjJlOmQ5OmUxOmI4OmEyOjM0OjM3Ojk5OjNhOjI0OmZjOmFhOmQxOmM4OjU5IiwidHlwIjoiSldUIn0.eyJhdWQiOiJodHRwczovL3Byb3ZpZGUuc2VydmljZXMvYXBpL3YxIiwiZXhwIjoxNTk5OTIyNDU1LCJpYXQiOjE1OTk4MzYwNTUsImlzcyI6Imh0dHBzOi8vaWRlbnQucHJvdmlkZS5zZXJ2aWNlcyIsImp0aSI6IjNhMWRiZWY4LWIyYjUtNDllOC1hMTc3LTVhYTE2MTdhZGRiMSIsIm5hdHMiOnsicGVybWlzc2lvbnMiOnsic3Vic2NyaWJlIjp7ImFsbG93IjpbInVzZXIuNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIiwibmV0d29yay4qLmNvbm5lY3Rvci4qIiwibmV0d29yay4qLnN0YXR1cyIsInBsYXRmb3JtLlx1MDAzZSJdfX19LCJwcnZkIjp7InBlcm1pc3Npb25zIjo3NTUzLCJ1c2VyX2lkIjoiNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0sInN1YiI6InVzZXI6NGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0.LY0VhXJMtbTHQ-RqwC9LqXTaOO83tH3fGQwvdSohtXrNNqhGyOXWecGvYMCP8SuJHEzEgj4NLBdspRD9kfWDdbuALLgEwwGN-iz4fwLfHo_AubmpnCt0gEea7CoGozgY-7pp7apTLAbGMQ_kjb0Az49CfV5eiRrM3ntkQkmEfyEurEOo-Q3u2kLJJKjTOfz5KDHYD5t78x-Srjxod9tqilm4sOM2nGTdcY4_Iuo5fFKPhahpxWgOOQnlfOymKm11UGDStv9_6vSgu-qiCEclK8RpY5f9EpbE6d4uFsJmmbtSOUlSVW5p--L86x3XNww9_B-S_tZ6e6kjsuD9JwJUxcQgegTcPqLpfuiiSFFgoNlk-JJsZXbF6-T5Y7hP6OspeG2NzUZ2xtliMyLm9fjwP4OEUkvKXQzC-Dh4M2fQSXyGv3lSmjRXUEltQzwvJ4i8nQ5qnDzYVyqXhEVg9lplcLOsJFiKcx1Ipm-akjWDn02cnOXjocP6ImbDiH4UF4IIHTqdpygoTqfRjL3j1JipCvmAumtbSwzXxbjWRgr_VXoCQ9FFaMPl7_WoVa5MQFwY3mH_IBxqNlXLihsJeZ97x6KGN_57yM8OTg30DBzKW38H3l--M88gIKJN-57sa59eej5ECf1n5Rek0TQupt9-OYFH0kmo1zBAydIjXVkdg' \
-H 'Content-Type: application/json' \
https://vault.provide.services/api/v1/vaults/730afe0f-a62d-48e0-9d67-1e07c118fbf8/keys/633e229f-e382-4441-a500-b08f028184df/sign
-d '{
"message": "hello world",
"options": {
"algorithm": "PS256"
}
}'
HTTP/2 201
RSA Signing Options
RS256
RS384
RS512
(for RSA PKCS#1 v1.5
)
PS256
PS384
PS512
(for RSASSA-PSS
)
Signing with BIP39 Key
Signing with a BIP39 key, which actually functions as a HD wallet, automatically generates a new secp256k1
key derived from the BIP39 master key to sign each request, unless the request contains HD wallet signing options specifying the derivation path to be used for signing.
An example is shown below:
curl
Copy curl -i -XPOST \
-H 'Authorization: bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjEwOjJlOmQ5OmUxOmI4OmEyOjM0OjM3Ojk5OjNhOjI0OmZjOmFhOmQxOmM4OjU5IiwidHlwIjoiSldUIn0.eyJhdWQiOiJodHRwczovL3Byb3ZpZGUuc2VydmljZXMvYXBpL3YxIiwiZXhwIjoxNTk5OTIyNDU1LCJpYXQiOjE1OTk4MzYwNTUsImlzcyI6Imh0dHBzOi8vaWRlbnQucHJvdmlkZS5zZXJ2aWNlcyIsImp0aSI6IjNhMWRiZWY4LWIyYjUtNDllOC1hMTc3LTVhYTE2MTdhZGRiMSIsIm5hdHMiOnsicGVybWlzc2lvbnMiOnsic3Vic2NyaWJlIjp7ImFsbG93IjpbInVzZXIuNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIiwibmV0d29yay4qLmNvbm5lY3Rvci4qIiwibmV0d29yay4qLnN0YXR1cyIsInBsYXRmb3JtLlx1MDAzZSJdfX19LCJwcnZkIjp7InBlcm1pc3Npb25zIjo3NTUzLCJ1c2VyX2lkIjoiNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0sInN1YiI6InVzZXI6NGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0.LY0VhXJMtbTHQ-RqwC9LqXTaOO83tH3fGQwvdSohtXrNNqhGyOXWecGvYMCP8SuJHEzEgj4NLBdspRD9kfWDdbuALLgEwwGN-iz4fwLfHo_AubmpnCt0gEea7CoGozgY-7pp7apTLAbGMQ_kjb0Az49CfV5eiRrM3ntkQkmEfyEurEOo-Q3u2kLJJKjTOfz5KDHYD5t78x-Srjxod9tqilm4sOM2nGTdcY4_Iuo5fFKPhahpxWgOOQnlfOymKm11UGDStv9_6vSgu-qiCEclK8RpY5f9EpbE6d4uFsJmmbtSOUlSVW5p--L86x3XNww9_B-S_tZ6e6kjsuD9JwJUxcQgegTcPqLpfuiiSFFgoNlk-JJsZXbF6-T5Y7hP6OspeG2NzUZ2xtliMyLm9fjwP4OEUkvKXQzC-Dh4M2fQSXyGv3lSmjRXUEltQzwvJ4i8nQ5qnDzYVyqXhEVg9lplcLOsJFiKcx1Ipm-akjWDn02cnOXjocP6ImbDiH4UF4IIHTqdpygoTqfRjL3j1JipCvmAumtbSwzXxbjWRgr_VXoCQ9FFaMPl7_WoVa5MQFwY3mH_IBxqNlXLihsJeZ97x6KGN_57yM8OTg30DBzKW38H3l--M88gIKJN-57sa59eej5ECf1n5Rek0TQupt9-OYFH0kmo1zBAydIjXVkdg' \
-H 'Content-Type: application/json' \
https://vault.provide.services/api/v1/vaults/730afe0f-a62d-48e0-9d67-1e07c118fbf8/keys/633e229f-e382-4441-a500-b08f028184df/sign
-d '{
"message": "12345678901234567890123456789012"
}'
HTTP/2 201
Note that with each subsequent signing operation, the HD derivation path is automatically incremented (i.e., the next signing operation would increment the hd_derivation_path
to m/44/60'/0'/0/1
). To override this behavior and to force signing to occur with a specific key, the request should have the additional hdwallet
option as illustrated below:
curl
Copy curl -i -XPOST \
-H 'Authorization: bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjEwOjJlOmQ5OmUxOmI4OmEyOjM0OjM3Ojk5OjNhOjI0OmZjOmFhOmQxOmM4OjU5IiwidHlwIjoiSldUIn0.eyJhdWQiOiJodHRwczovL3Byb3ZpZGUuc2VydmljZXMvYXBpL3YxIiwiZXhwIjoxNTk5OTI1NDI4LCJpYXQiOjE1OTk4MzkwMjgsImlzcyI6Imh0dHBzOi8vaWRlbnQucHJvdmlkZS5zZXJ2aWNlcyIsImp0aSI6IjJmZjE2YzczLTczOWItNDFmZi04MTM1LTM1NTQxOWY2M2RiMCIsIm5hdHMiOnsicGVybWlzc2lvbnMiOnsic3Vic2NyaWJlIjp7ImFsbG93IjpbInVzZXIuNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIiwibmV0d29yay4qLmNvbm5lY3Rvci4qIiwibmV0d29yay4qLnN0YXR1cyIsInBsYXRmb3JtLlx1MDAzZSJdfX19LCJwcnZkIjp7InBlcm1pc3Npb25zIjo3NTUzLCJ1c2VyX2lkIjoiNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0sInN1YiI6InVzZXI6NGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0.YlS8eQA1b9GjWhHjef08m0UQFg6nyQgvw34fPCEglfp48wWlLAwnLOmVZT0O3nHAf5f9XJljjLchGkS_vBqzs6xy39Paq81ywxJLU5PdNJFY13bhVjwTJCGWzL2pE8T5by2zaDHEjrsYfCr32ZY0o94pTzQEJ7f0TvjnyuE3l3B584u50d5gss_MOpf44-kOcX6T0KQwJmKA1rCWNrMQ4Hh3i1B-LoysGcOJhDJpuHCD6loijNIxvkjndQ2PeQXHqZ4ZKr0p4pIsexYflLdT1Szl59lpFipgCTomPVYAmBZX0MfZPlt30Pp62ANDs4qttH7-OrnK4m2_p6yeYGiRsf7TUj9NAYdHVetEYeu8oSgpQfmr0Z3jTxXFEY9t1cBPMB5zyBwzCMsTVjlG3xhGxr9SQ26uheMy7M-u9_8Kq-riZv2W79ALm22MSyYi7y0UeC3wG-hO8jrxns3kzV4heI3upwhXS2ccEZrpWbJe4S17egjpEDYAI3JIuWkggEzr_snB8xCV1-ZB2_r6aqdfmsj3QIZQK4U2c6Wa27NBA4hzE45qp_RMyiY7PZOzv0315TYa6qrio2qyUWRr29nHPOEAufg9L-aMYVKBOieL8VIWKw3RBVSDABN1sFWbFfiX0Pd5jny7zMxjHtoae5B-jgAzijIcH7xnvzkCBIySlhI' \
-H 'Content-Type: application/json' \
https://vault.provide.services/api/v1/vaults/e0761eac-a6ba-45bd-9a16-9eea155e7816/keys/73d0144d-801d-49a0-86bb-5ee1fdcc9706/sign \
-d '{
"message": "12345678901234567890123456789012",
"options": {
"hdwallet": {
"coin": 60,
"index": 0
}
}
}'
HTTP/2 201
BIP39 Signing Options
the purpose of the HD wallet
human-readable coin
abbreviation (deprecated; use coin
or hd_derivation_path
)
account path within the HD wallet
the change path within the hardened account
the full HD derivation path; overrides other options when provided
Note that specifying hdwallet
options does not override the automatically-sequenced, iterative HD derivation path which is the default behavior of secp256k1
keys in the context of a BIP39 HD wallet. When hdwallet
options are provided as part of a signing API request, they specify which key (i.e., at a given HD derivation path) should be used for the signing operation.
Signing with a BIP39 key results in an extended API response which includes the hd_derivation_path
and the public network address
representation of the derived key which signed the transaction:
Copy {
"signature" : "ed1eeedb6d5db4da744acddd0b9639566229a10f8cb0841210749b033261acb770e40267a4d8b28eda62d19c893950453b9acbbc816fbf267869d18e938da9d600" ,
"address" : "0x707193161a7F1e6a8DD33b56E89A6deBCb235e86" ,
"hd_derivation_path" : "m/44'/60'/0'/0/0"
}
Signing Ethereum Transactions
Note: When using a secp256k1
key (or a secp256k1
key derived by a BIP39 HD wallet), only 32-byte messages will be signed when the coin type is 60'
(i.e., ETH); the expected length of a keccak hash is 32-bytes. Transaction signing for other coin types is not yet supported.
Verify a Signature
Verify that a message was signed with a given Key
.
curl
Copy curl -i \
-H 'Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiZXhwIjpudWxsLCJpYXQiOjE1NTk4Nzg1NzQsImp0aSI6IjYzYTJkY2QzLWI5OTgtNDZjNC1hNzFkLTQ5MjU4YTBhYmEyMyIsInN1YiI6ImFwcGxpY2F0aW9uOmNiMjAzN2Y3LTc5ZmMtNDBmNC05NzIwLWFkYTYzNmRhNDE4MyJ9.0LsVj7oTF0KjwbcUhg9a-fQRWB7cGzKJxLIANeX2cWE' \
-H 'Content-Type: application/json' \
https://vault.provide.services/api/v1/vaults/a7dd081d-8ad8-499e-a472-587f044c0039/keys/752176e2-f31f-4887-8267-12ba5769ddcb/verify \
-d '{
"message": "hello world",
"signature": "02a285b1a277f7602dc115a3bf627a8b7603a4a1be9a72b3ab0284878afe443d0023c6b618333ead186cfbf16180f2058727c5ee0e437a0fcff1d3966351d741",
"options": {
"algorithm": "PS256"
}
}'
HTTP/2 200
Response JSON:
Request Parameters
the original message which was signed; typically a hash
Verification Options (RSA)
When verifying an RSA signature, the same RSA signing/verification algorithm used to sign the message must also be provided (otherwise it will return a "verified": "false"
response, regardless of the validity of the signature).
An example of verifying with an RSA key, specifying the RSA signing algorithm used to sign the message, is shown below.
curl
Copy curl -i \
-H 'Authorization: bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjEwOjJlOmQ5OmUxOmI4OmEyOjM0OjM3Ojk5OjNhOjI0OmZjOmFhOmQxOmM4OjU5IiwidHlwIjoiSldUIn0.eyJhdWQiOiJodHRwczovL3Byb3ZpZGUuc2VydmljZXMvYXBpL3YxIiwiZXhwIjoxNTk5OTIyNDU1LCJpYXQiOjE1OTk4MzYwNTUsImlzcyI6Imh0dHBzOi8vaWRlbnQucHJvdmlkZS5zZXJ2aWNlcyIsImp0aSI6IjNhMWRiZWY4LWIyYjUtNDllOC1hMTc3LTVhYTE2MTdhZGRiMSIsIm5hdHMiOnsicGVybWlzc2lvbnMiOnsic3Vic2NyaWJlIjp7ImFsbG93IjpbInVzZXIuNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIiwibmV0d29yay4qLmNvbm5lY3Rvci4qIiwibmV0d29yay4qLnN0YXR1cyIsInBsYXRmb3JtLlx1MDAzZSJdfX19LCJwcnZkIjp7InBlcm1pc3Npb25zIjo3NTUzLCJ1c2VyX2lkIjoiNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0sInN1YiI6InVzZXI6NGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0.LY0VhXJ_MtbTHQ-RqwC9LqXTaOO83tH3fGQwvdSohtXrNNqhGyOXWecGvYMCP8SuJHEzEgj4NLBdspRD9kfWDdbuALLgEwwGN-iz4fwLfHo_AubmpnCt0gEea7CoGozgY-7pp7apTLAbGMQ_kjb0Az49CfV5eiRrM3ntkQkmEfyEurEOo-Q3u2kLJJKjTOfz5KDHYD5t78x-Srjxod9tqilm4sOM2nGTdcY4_Iuo5fFKPhahpxWgOOQnlfOymKm11UGDStv9_6vSgu-qiCEclK8RpY5f9EpbE6d4uFsJmmbtSOUlSVW5p-_-L86x3XNww9_B-S_tZ6e6kjsuD9JwJUxcQgegTcPqLpfuiiSFFgoNlk-JJsZXbF6-T5Y7hP6OspeG2NzUZ2xtliMyLm9fjwP4OEUkvKXQzC-Dh4M2fQSXyGv3lSmjRXUEltQzwvJ4i8nQ5qnDzYVyqXhEVg9lplcLOsJFiKcx1Ipm-akjWDn02cnOXjocP6ImbDiH4UF4IIHTqdpygoTqfRjL3j1JipCvmAumtbSwzXxbjWRgr_VXoCQ9FFaMPl7_WoVa5MQFwY3mH_IBxqNlXLihsJeZ97x6KGN_57yM8OTg30DBzKW38H3l--M88gIKJN-57sa59eej5ECf1n5Rek0TQupt9-OYFH0kmo1zBAydIjXVkdg' \
-H 'Content-Type: application/json' \
https://vault.provide.services/api/v1/vaults/730afe0f-a62d-48e0-9d67-1e07c118fbf8/keys/633e229f-e382-4441-a500-b08f028184df/verify \
-d '{
"message": "hello world",
"signature": "5843e068858b6b90b3e64a8b162cf757f80881101cdf021a56bbe059b12ae9ae5fe87d6919725a10dfb0056d5689394269a16518d9987302e2353cde308d1e7c2a8eedad94ed2a88184b283df90dc7a89d42136b60082d8e6452afae443bf026a930c7eccef945934e4e870212d1c2ec16986c9b4ba249698bde419a4bbdc16b1fd16a820fd0094580a3a13d29e62a70cb020a15e9e57fef6b3576b00a563197985ca0d520a595d4183956faf2ef94983db46a16ddf206fa4726a71ffc4fed4d475916bd172b4a64dbf9b7b70165200588dac341f4ed500bb049b50c1847b156f07f59c7a7f849fb8d96e5b37074e643d734c865c69e1affd3c7ba71d81d6ac7",
"options": {
"algorithm": "PS256"
}
}'
HTTP/2 200
Verification Options (BIP39)
To verify a signature created by a key derived from a BIP39 HD wallet, you must provide the HD derivation path index
value or the full hd_derivation_path
corresponding to such derived key.
The following example shows how to validate a signature created by the key derived at index 0
of a BIP39 HD wallet:
curl
Copy curl -i -XPOST \
-H 'Authorization: bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjEwOjJlOmQ5OmUxOmI4OmEyOjM0OjM3Ojk5OjNhOjI0OmZjOmFhOmQxOmM4OjU5IiwidHlwIjoiSldUIn0.eyJhdWQiOiJodHRwczovL3Byb3ZpZGUuc2VydmljZXMvYXBpL3YxIiwiZXhwIjoxNTk5OTI1NDI4LCJpYXQiOjE1OTk4MzkwMjgsImlzcyI6Imh0dHBzOi8vaWRlbnQucHJvdmlkZS5zZXJ2aWNlcyIsImp0aSI6IjJmZjE2YzczLTczOWItNDFmZi04MTM1LTM1NTQxOWY2M2RiMCIsIm5hdHMiOnsicGVybWlzc2lvbnMiOnsic3Vic2NyaWJlIjp7ImFsbG93IjpbInVzZXIuNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIiwibmV0d29yay4qLmNvbm5lY3Rvci4qIiwibmV0d29yay4qLnN0YXR1cyIsInBsYXRmb3JtLlx1MDAzZSJdfX19LCJwcnZkIjp7InBlcm1pc3Npb25zIjo3NTUzLCJ1c2VyX2lkIjoiNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0sInN1YiI6InVzZXI6NGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0.YlS8eQA1b9GjWhHjef08m0UQFg6nyQgvw34fPCEglfp48wWlLAwnLOmVZT0O3nHAf5f9XJljjLchGkS_vBqzs6xy39Paq81ywxJLU5PdNJFY13bhVjwTJCGWzL2pE8T5by2zaDHEjrsYfCr32ZY0o94pTzQEJ7f0TvjnyuE3l3B584u50d5gss_MOpf44-kOcX6T0KQwJmKA1rCWNrMQ4Hh3i1B-LoysGcOJhDJpuHCD6loijNIxvkjndQ2PeQXHqZ4ZKr0p4pIsexYflLdT1Szl59lpFipgCTomPVYAmBZX0MfZPlt30Pp62ANDs4qttH7-OrnK4m2_p6yeYGiRsf7TUj9NAYdHVetEYeu8oSgpQfmr0Z3jTxXFEY9t1cBPMB5zyBwzCMsTVjlG3xhGxr9SQ26uheMy7M-u9_8Kq-riZv2W79ALm22MSyYi7y0UeC3wG-hO8jrxns3kzV4heI3upwhXS2ccEZrpWbJe4S17egjpEDYAI3JIuWkggEzr_snB8xCV1-ZB2_r6aqdfmsj3QIZQK4U2c6Wa27NBA4hzE45qp_RMyiY7PZOzv0315TYa6qrio2qyUWRr29nHPOEAufg9L-aMYVKBOieL8VIWKw3RBVSDABN1sFWbFfiX0Pd5jny7zMxjHtoae5B-jgAzijIcH7xnvzkCBIySlhI' \
-H 'Content-Type: application/json' \
https://vault.provide.services/api/v1/vaults/e0761eac-a6ba-45bd-9a16-9eea155e7816/keys/73d0144d-801d-49a0-86bb-5ee1fdcc9706/verify \
-d '{
"message": "12345678901234567890123456789012",
"signature": "ed1eeedb6d5db4da744acddd0b9639566229a10f8cb0841210749b033261acb770e40267a4d8b28eda62d19c893950453b9acbbc816fbf267869d18e938da9d600",
"options": {
"hdwallet": {
"coin": 60,
"index": 0
}
}
}'
HTTP/2 200
The same signature verification as illustrated above can also be accomplished using the hd_derivation_path
of the derived key:
curl
Copy -H 'Authorization: bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjEwOjJlOmQ5OmUxOmI4OmEyOjM0OjM3Ojk5OjNhOjI0OmZjOmFhOmQxOmM4OjU5IiwidHlwIjoiSldUIn0.eyJhdWQiOiJodHRwczovL3Byb3ZpZGUuc2VydmljZXMvYXBpL3YxIiwiZXhwIjoxNTk5OTI1NDI4LCJpYXQiOjE1OTk4MzkwMjgsImlzcyI6Imh0dHBzOi8vaWRlbnQucHJvdmlkZS5zZXJ2aWNlcyIsImp0aSI6IjJmZjE2YzczLTczOWItNDFmZi04MTM1LTM1NTQxOWY2M2RiMCIsIm5hdHMiOnsicGVybWlzc2lvbnMiOnsic3Vic2NyaWJlIjp7ImFsbG93IjpbInVzZXIuNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIiwibmV0d29yay4qLmNvbm5lY3Rvci4qIiwibmV0d29yay4qLnN0YXR1cyIsInBsYXRmb3JtLlx1MDAzZSJdfX19LCJwcnZkIjp7InBlcm1pc3Npb25zIjo3NTUzLCJ1c2VyX2lkIjoiNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0sInN1YiI6InVzZXI6NGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0.YlS8eQA1b9GjWhHjef08m0UQFg6nyQgvw34fPCEglfp48wWlLAwnLOmVZT0O3nHAf5f9XJljjLchGkS_vBqzs6xy39Paq81ywxJLU5PdNJFY13bhVjwTJCGWzL2pE8T5by2zaDHEjrsYfCr32ZY0o94pTzQEJ7f0TvjnyuE3l3B584u50d5gss_MOpf44-kOcX6T0KQwJmKA1rCWNrMQ4Hh3i1B-LoysGcOJhDJpuHCD6loijNIxvkjndQ2PeQXHqZ4ZKr0p4pIsexYflLdT1Szl59lpFipgCTomPVYAmBZX0MfZPlt30Pp62ANDs4qttH7-OrnK4m2_p6yeYGiRsf7TUj9NAYdHVetEYeu8oSgpQfmr0Z3jTxXFEY9t1cBPMB5zyBwzCMsTVjlG3xhGxr9SQ26uheMy7M-u9_8Kq-riZv2W79ALm22MSyYi7y0UeC3wG-hO8jrxns3kzV4heI3upwhXS2ccEZrpWbJe4S17egjpEDYAI3JIuWkggEzr_snB8xCV1-ZB2_r6aqdfmsj3QIZQK4U2c6Wa27NBA4hzE45qp_RMyiY7PZOzv0315TYa6qrio2qyUWRr29nHPOEAufg9L-aMYVKBOieL8VIWKw3RBVSDABN1sFWbFfiX0Pd5jny7zMxjHtoae5B-jgAzijIcH7xnvzkCBIySlhI' \
-H 'Content-Type: application/json' \
https://vault.provide.services/api/v1/vaults/e0761eac-a6ba-45bd-9a16-9eea155e7816/keys/73d0144d-801d-49a0-86bb-5ee1fdcc9706/verify \
-d '{
"message": "12345678901234567890123456789012",
"signature": "ed1eeedb6d5db4da744acddd0b9639566229a10f8cb0841210749b033261acb770e40267a4d8b28eda62d19c893950453b9acbbc816fbf267869d18e938da9d600",
"options": {
"hdwallet": {
"hd_derivation_path": "m/44' /60 '/0' /0/0 "
}
}
}'
HTTP/2 200
Detached Verification
In certain cases, you may need to verify the signature of a message which was signed by a third party. A Vault instance can perform such verification given the message, signature and public key. This is referred to as "detached verification" since the private key which signed the message does not exist in the Vault. Ephemeral keys are created in-memory to perform this verification by invoking the following API:
curl
Copy curl -i \
-H 'Authorization: bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjEwOjJlOmQ5OmUxOmI4OmEyOjM0OjM3Ojk5OjNhOjI0OmZjOmFhOmQxOmM4OjU5IiwidHlwIjoiSldUIn0.eyJhdWQiOiJodHRwczovL3Byb3ZpZGUuc2VydmljZXMvYXBpL3YxIiwiZXhwIjoxNTk5OTIyNDU1LCJpYXQiOjE1OTk4MzYwNTUsImlzcyI6Imh0dHBzOi8vaWRlbnQucHJvdmlkZS5zZXJ2aWNlcyIsImp0aSI6IjNhMWRiZWY4LWIyYjUtNDllOC1hMTc3LTVhYTE2MTdhZGRiMSIsIm5hdHMiOnsicGVybWlzc2lvbnMiOnsic3Vic2NyaWJlIjp7ImFsbG93IjpbInVzZXIuNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIiwibmV0d29yay4qLmNvbm5lY3Rvci4qIiwibmV0d29yay4qLnN0YXR1cyIsInBsYXRmb3JtLlx1MDAzZSJdfX19LCJwcnZkIjp7InBlcm1pc3Npb25zIjo3NTUzLCJ1c2VyX2lkIjoiNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0sInN1YiI6InVzZXI6NGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0.LY0VhXJ_MtbTHQ-RqwC9LqXTaOO83tH3fGQwvdSohtXrNNqhGyOXWecGvYMCP8SuJHEzEgj4NLBdspRD9kfWDdbuALLgEwwGN-iz4fwLfHo_AubmpnCt0gEea7CoGozgY-7pp7apTLAbGMQ_kjb0Az49CfV5eiRrM3ntkQkmEfyEurEOo-Q3u2kLJJKjTOfz5KDHYD5t78x-Srjxod9tqilm4sOM2nGTdcY4_Iuo5fFKPhahpxWgOOQnlfOymKm11UGDStv9_6vSgu-qiCEclK8RpY5f9EpbE6d4uFsJmmbtSOUlSVW5p-_-L86x3XNww9_B-S_tZ6e6kjsuD9JwJUxcQgegTcPqLpfuiiSFFgoNlk-JJsZXbF6-T5Y7hP6OspeG2NzUZ2xtliMyLm9fjwP4OEUkvKXQzC-Dh4M2fQSXyGv3lSmjRXUEltQzwvJ4i8nQ5qnDzYVyqXhEVg9lplcLOsJFiKcx1Ipm-akjWDn02cnOXjocP6ImbDiH4UF4IIHTqdpygoTqfRjL3j1JipCvmAumtbSwzXxbjWRgr_VXoCQ9FFaMPl7_WoVa5MQFwY3mH_IBxqNlXLihsJeZ97x6KGN_57yM8OTg30DBzKW38H3l--M88gIKJN-57sa59eej5ECf1n5Rek0TQupt9-OYFH0kmo1zBAydIjXVkdg' \
-H 'Content-Type: application/json' \
https://vault.provide.services/api/v1/verify \
-d '{
"message": "hello world",
"signature": "5843e068858b6b90b3e64a8b162cf757f80881101cdf021a56bbe059b12ae9ae5fe87d6919725a10dfb0056d5689394269a16518d9987302e2353cde308d1e7c2a8eedad94ed2a88184b283df90dc7a89d42136b60082d8e6452afae443bf026a930c7eccef945934e4e870212d1c2ec16986c9b4ba249698bde419a4bbdc16b1fd16a820fd0094580a3a13d29e62a70cb020a15e9e57fef6b3576b00a563197985ca0d520a595d4183956faf2ef94983db46a16ddf206fa4726a71ffc4fed4d475916bd172b4a64dbf9b7b70165200588dac341f4ed500bb049b50c1847b156f07f59c7a7f849fb8d96e5b37074e643d734c865c69e1affd3c7ba71d81d6ac7",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJwSYrTfqWzADY54qHne\n/WgAUo/1Tq5TkmNczWMx+6FiDRI2EpNdKi1711XvpvTe35JEXa5oYKmRQnMxhB29\nWvH5V8QnKXwIpSvtNqrueRHmRTLVrqcAiqxaNMJ/OQLLFqvqY8+pvUVDIf2Q+DWY\nIJHT105I7kyWCSjwi0NxG0Uf1KVswCY6ERRD7fPUkYUVHdc6eUG9/Va2aIXNmlu/\nr2yNTZxNAUT/zE+q/dnaVKAKMB2Orpj27XCP9i1rQsSaSdBqPxe9GTErZBLLMV5W\ndyELcT4NfhPXzJvN+czObtX0V8Kksszhb0etLMLKzUzAnQEFtY/SVQlKgExqWBKu\nGQIDAQAB\n-----END PUBLIC KEY-----\n",
"options": {
"algorithm": "PS256"
}
}'
HTTP/2 200
Detached verification requires a public_key
to be supplied in the request.