Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Stateless APIs

Sign

search

Please Note:

Sign

This API signs message text using RSA or EC private key.

URL

<http/https>://<host-name>:<Port>/protectappws/services/rest/Sign

Input Parameters

ParametersDescription
usernameUser name (optional).
passwordPassword associated with the user (optional).
keynameName of RSA or EC key pair containing private key.
messagetextMessage to sign. It must be in the same format as specified in the messageformat parameter.
transformationTransformation to be used. Provide one of the RSA/EC signing transformations supported by CADP for Java.
formatFormat to be used. This is an optional parameter. Supported signing CMS formats are:
— cms/detached/der/enveloped
— cms/detached/der
— cms/detached/smime/enveloped
— cms/detached/smime.
messageformatMessage format to be used. This is an optional parameter. Supported message formats are:
— HEX
— STR(default)
certAliasClient certificate alias for making SSL connections (optional).
certPassPassword for the provided certificate alias (optional).

Note

  • The following transformations don't support CMS format:
    — SHA1withRSAPSSPadding
    — SHA256withRSAPSSPadding
    — SHA384withRSAPSSPadding
    — SHA512withRSAPSSPadding
    — ECDSA
    — SHA1withECDSA
    — SHA256withECDSA
    — SHA384withECDSA
    — SHA512withECDSA
    — RSA
    — RSAPSSPaddingSHA1
    — RSAPSSPaddingSHA256
    — RSAPSSPaddingSHA384
    — RSAPSSPaddingSHA512

  • For KeySecure 8.12.5 onward, following transformations are added to sign the data based on pre-calculated hash: RSA, RSAPSSPaddingSHA1, RSAPSSPaddingSHA256, RSAPSSPaddingSHA384, and RSAPSSPaddingSHA512. These transformations support saltlength parameter.

Sample REST call for cxf

request

    {
        "Sign": {
            "username": "admin",
            "password": "admin",
            "keyname": "ecc_testkey",
            "messagetext": "126352152154",
            "transformation": "SHA512withECDSA"
        }
    }

"SignResponse

    {
        "signResponse": "1000103081840240021289F54A83BADACC8FD634A7606531204FECCC834AB649C86BF7D4A3612FC101DFF1BE16E5354406D934A655705D8D13642763EBD4AECA84C283D399E573AA02405EEFEC37FB16D3CFDCBF8ACE69E55C8A5F9EA224326EEF0FAF32CE2FA0DCBE7C063A572FA2F209D92A022945F1ED75A80B294049D499567CBA8D5993962FCC21"
    }

Sample SOAP Parameters

    <prot:_Sign>
        <username>cryptouser</username>
        <password>qwerty1234</password>
        <keyname>certpkcs12</keyname>
        <messagetext>13123sdssdadasddsdsada</messagetext>
        <transformation>SHA384withECDSA</transformation>
        <!--Optional:-->
        <messageformat>STR</messageformat>
    </prot:_Sign>

Output

Signature in Hex.

   <ns1:_SignResponse xmlns:ns1="http://dsws.org/protectappws/">32D4F93F540E465FE0DA63C29BFD28053F75C131598CC7B85493BF7BACEF5E14A1F2787F8D284E33269462ACA047DF1BF47442D70151D9471B9782B61477D514263B8FFFA0174650B4E8E7901A124B49C1E50796CECC1E83685124132855FF7BFB175F108BB026AEAA185660BB2CD4C7C85DFB557DDE58692A1C7EA769F38D877D220DC24AA5C5116E46E82E847FEDB99B45FA21128A94E86ACF8926E39D795F0C51D919DE9D9EC3647B22C26EB2A67931E52F294AE96FECE577DF9823F7A4EE69216166FF3940616253BF03ACDB32E414E29C0FFE8D5C2C0C0C1098CE2FCFA173EDCCDF3939FD5E691CBF2CF638EA26ED1A0E8E2ED2F727E300B3FCFA17ED18</ns1:_SignResponse>

On this page