Skip to main content

Sign a PDF

The REST_API license is required to create and use keys without policy

Create EC Key (Elliptic Curve)

POST: /v1/key

Description: Create key request.

Replace <keyname> and password. The password is optional and can be deleted completely.

{
    "label": "<keyname>",
    "password": [ "R","E","P","L","A","C","E" ],
    "algorithm": "EC",
    "curveOid": "1.3.132.0.10",
    "attributes": {
        "encrypt": false,
        "decrypt": false,
        "verify": true,
        "sign": true,
        "wrap": false,
        "unwrap": false,
        "derive": false,
        "bip32": false,
        "extractable": false,
        "modifiable": true,
        "destroyable": true,
        "sensitive": true,
        "copyable": false
    }
}

Sign a Payload

POST: /v1/synchronousSign

Description: Contains an sign request without metadata.

Tip

The size limit for payload is 64 KB (total request size to the HSM). Larger payloads can be hashed by the caller and the hash is used as payload.

Attributes regarded by the service:

signRequest.payload = the hash of the PDF to be signed using any hash algorithm preferred by the caller. In this example SHA-256 is used
signRequest.signKeyName = the key to be used for signing
signRequest.signatureAlgorithm = NONE_WITH_ECDSA, indicates that the payload has already been hashed by the caller and is in proper size. No hashing will be done on the HSM. This example is for EC keys. Corresponding algorithms also available for other key types

Replace <keyname> and password.

{
    "signRequest": {
        "payload": "V9XQHTAVDqEypvi82Gf/IV1o2BrLQDRZMqKjjWpNxjM=",
        "payloadType": "PDF",
        "keyPassword": [ "R","E","P","L","A","C","E" ],
        "signKeyName": "<keyname>",
        "metaData": "
        "metaDataSignature": "MEUCIF+jC2zyMeONKK2zArTgn4pWbFqlxNJg2DnTwgqlSK1oAiEApFpnXQhdJmFidwOnc5rDPCiex67+pot2cbb07mDqU4I=",
        "signatureAlgorithm": "NONE_WITH_ECDSA"
    }
}

Response

{
  "signature": "MEQCIGvSZ9Fylbf5ofsbXxDnpjWfr+IOPVL3qSUzlO7cDK88AiAzdZ7h5eXI9zo4UauFoVG3NEB9U99+leODNuJXGMnjvg=="
}

Verify

POST: /v1/verify

Description Verify signature of a payload

Replace signature from the previous response and set the initial payload

{
  "verifySignatureRequest": {
    "signKeyName": "<keyname>",
    "masterKeyPassword": [ "R","E","P","L","A","C","E" ],
    "signatureAlgorithm": "NONE_WITH_ECDSA",
    "payload": "V9XQHTAVDqEypvi82Gf/IV1o2BrLQDRZMqKjjWpNxjM=",
    "signature": "MEQCIGvSZ9Fylbf5ofsbXxDnpjWfr+IOPVL3qSUzlO7cDK88AiAzdZ7h5eXI9zo4UauFoVG3NEB9U99+leODNuJXGMnjvg=="
  }
}

Response

{
  "signatureValid": true
}