hash-sign

command module
v0.0.0-...-127eb28 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 20, 2024 License: MIT Imports: 5 Imported by: 0

README

Simple API for working with signatures

POST /digest/sign For signing hash with RSA keys using SHA256 algorithm

POST /digest/sign-ecc For signing hash with ECC keys

POST /digest/verify For verification of signed hash using public certificate

GET /digest/calculateSummary/ For digests summary calculation for one signature for use in Entrust TrustedX eIDAS Platform

GET /certificates For receiving a signing and authentication certificates stored in environment variables

POST /asice/addFile For adding a file to a asic-e container

POST /encrypt/publicKey For data encryption (RSA PKCS1Padding) using a PKCS1 RSA public key in PEM format.

Image

Latest image available on docker hub

Signing

  • Application decodes received base64 hash to binary format
  • Signs with RSA and ECC
  • Encodes signed value to base64
  • Returns base64 signed value.

Verification

  • input shall contain
  • digestValue - digest before signature
  • signatureValue - signatureValue (signed digest)
  • certificate - Public certificate in base64 format

Environment

    environment:
      PEM_FILE: "/run/secrets/key.pem"
      API_KEY: "Put_your_api_key_here"
      RSA_AUTH_CERT: "base64 encoded RSA signing certificate"
      RSA_SIGN_CERT: "base64 encoded RSA authentication certificate"
      ECDSA_AUTH_CERT: "base64 encoded ECDSA signing certificate"
      ECDSA_SIGN_CERT: "base64 encoded ECDSA authentication certificate"

    secrets:
      - source: "private_key"
        target: "key.pem"
    volumes:
      - temp:/tmp
volumes:
  temp:
secrets:
  private_key_prod:
    external: true

PEM_FILE unencrypted RSA signing key in PEM format.

API_KEY Api key. Optional. If set, API-Key header shall be used in header.

RSA_AUTH_CERT base64 encoded RSA authentication certificate. Value between the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- shall be provided.

RSA_SIGN_CERT base64 encoded RSA signing certificate. Value between the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- shall be provided.

ECDSA_AUTH_CERT base64 encoded ECDSA authentication certificate. Value between the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- shall be provided.

ECDSA_SIGN_CERT base64 encoded ECDSA signing certificate. Value between the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- shall be provided.

Secret creation from server terminal (SSH with root privileges)

Example for creating Docker swarm secrets from file.

Log into server with ssh and administrator privileges. Copy key file to server. Private key must be in PKCS8 unencrypted format - starts with -----BEGIN PRIVATE KEY----- and end with -----END PRIVATE KEY-----.

docker secret create private_key /path/to/file/key.pem
Secret creation from Portainer

When creating a secret, copy content of pem file - starts with -----BEGIN PRIVATE KEY----- and end with -----END PRIVATE KEY----- to a secret.

Methods

/digest/sign and /digest/sign-ecc method description here

/digest/verify method description here

/digest/calculateSummary/ method description here

/certificates method description here

/asice/addFile method description here

/encrypt/publicKey method description here

Useful commands

You can find some useful commands for preparing key here

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
routes
requests
responses

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.