Keys

List Keys

curl -i \
-H 'Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiZXhwIjpudWxsLCJpYXQiOjE1NTk4Nzg1NzQsImp0aSI6IjYzYTJkY2QzLWI5OTgtNDZjNC1hNzFkLTQ5MjU4YTBhYmEyMyIsInN1YiI6ImFwcGxpY2F0aW9uOmNiMjAzN2Y3LTc5ZmMtNDBmNC05NzIwLWFkYTYzNmRhNDE4MyJ9.0LsVj7oTF0KjwbcUhg9a-fQRWB7cGzKJxLIANeX2cWE' \
https://ident.provide.services/api/v1/vaults/a8bc01e2-08ae-415c-8c6d-f6f873a6a947/keys
HTTP/2 200

Response JSON:

[
{
"id": "32f4628e-a464-4dda-a01b-78235d1b68eb",
"created_at": "2020-04-22T05:58:48.336197+00:00",
"vault_id": "a8bc01e2-08ae-415c-8c6d-f6f873a6a947",
"type": "asymmetric",
"usage": "sign/verify",
"spec": "secp256k1",
"name": "org mainnet address",
"description": "ethereum-compatible secp256k1 curve keypair; address: 0x9cf135972E70D20410F3B01273D07106EC308cFb",
"public_key": "04624897f81851dcabba67c430d19657e843620e0e6fd2e9e52251f6a3d549d6488c37b1df727ecd8abe83d5b04344563a7c98192bdf79c77f0b37ab5b6e67e7df",
"address": "0x9cf135972E70D20410F3B01273D07106EC308cFb"
},
{
"id": "ba4440d1-7402-4d63-a119-3f1a36a699aa",
"created_at": "2020-04-22T05:58:48.360966+00:00",
"vault_id": "a8bc01e2-08ae-415c-8c6d-f6f873a6a947",
"type": "asymmetric",
"usage": "sign/verify",
"spec": "babyJubJub",
"name": "supply chain zk",
"description": "twisted edwards curve keypair for zksnark commitment signing and verification",
"public_key": "7cd092d7b7cacab6a7290ccc02a00db827e13408b883d8621e33892188d7d78f"
},
{
"id": "715086ac-7ddd-4ba5-8601-300b2d05084a",
"created_at": "2020-04-22T05:58:48.382641+00:00",
"vault_id": "a8bc01e2-08ae-415c-8c6d-f6f873a6a947",
"type": "asymmetric",
"usage": "sign/verify",
"spec": "Ed25519",
"name": "ekho signing key",
"description": "Ed25519 keypair",
"public_key": "SBL252Q7YQOID3VFSHEJSHS75E4XBMYPQVWUGH7GT5HVPTI3CYVOIC6D"
}
]

List keys in the specific Vault.

Generate a Key or Keypair

curl -i -XPOST \
-H 'Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiZXhwIjpudWxsLCJpYXQiOjE1NTk4Nzg1NzQsImp0aSI6IjYzYTJkY2QzLWI5OTgtNDZjNC1hNzFkLTQ5MjU4YTBhYmEyMyIsInN1YiI6ImFwcGxpY2F0aW9uOmNiMjAzN2Y3LTc5ZmMtNDBmNC05NzIwLWFkYTYzNmRhNDE4MyJ9.0LsVj7oTF0KjwbcUhg9a-fQRWB7cGzKJxLIANeX2cWE' \
https://ident.provide.services/api/v1/vaults/a7dd081d-8ad8-499e-a472-587f044c0039/keys \
-d '{
"type": "asymmetric",
"usage": "sign/verify",
"spec": "secp256k1",
"name": "org mainnet wallet address",
"description": "organization eth/stablecoin wallet"
}'
HTTP/2 201

Response JSON:

{
"id": "32f4628e-a464-4dda-a01b-78235d1b68eb",
"created_at": "2020-04-22T05:58:48.336197+00:00",
"vault_id": "a8bc01e2-08ae-415c-8c6d-f6f873a6a947",
"type": "asymmetric",
"usage": "sign/verify",
"spec": "secp256k1",
"name": "org mainnet wallet address",
"description": "organization eth/stablecoin wallet",
"public_key": "04624897f81851dcabba67c430d19657e843620e0e6fd2e9e52251f6a3d549d6488c37b1df727ecd8abe83d5b04344563a7c98192bdf79c77f0b37ab5b6e67e7df",
"address": "0x9cf135972E70D20410F3B01273D07106EC308cFb"
}

Generate a new symmetric key or asymmetric keypair.

Importing key material is not yet supported.

Derive a Key

Documentation forthcoming.

curl -i \
-H 'Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiZXhwIjpudWxsLCJpYXQiOjE1NTk4Nzg1NzQsImp0aSI6IjYzYTJkY2QzLWI5OTgtNDZjNC1hNzFkLTQ5MjU4YTBhYmEyMyIsInN1YiI6ImFwcGxpY2F0aW9uOmNiMjAzN2Y3LTc5ZmMtNDBmNC05NzIwLWFkYTYzNmRhNDE4MyJ9.0LsVj7oTF0KjwbcUhg9a-fQRWB7cGzKJxLIANeX2cWE' \
https://ident.provide.services/api/v1/vaults/a7dd081d-8ad8-499e-a472-587f044c0039/keys/752176e2-f31f-4887-8267-12ba5769ddcb/derive \
-d '{
"nonce": 1,
"context": "channel-6852386c-8a3d-41c6-aa0e-766a31a8faaf",
"name": "private chat",
"description": "this is a secure channel"
}'
HTTP/2 201

Response JSON:

{
"id": "f22449e7-ed17-4c42-a937-7bf299475af9",
"created_at": "2020-04-22T13:44:12.613694+00:00",
"vault_id": "a8bc01e2-08ae-415c-8c6d-f6f873a6a947",
"type": "symmetric",
"usage": "encrypt/decrypt",
"spec": "ChaCha20",
"name": "private chat",
"description": "this is a secure channel"
}

Derive a Key. Returns 400 Bad Request if the attempted key derivation is based on a key which does not support derivation.

Request Parameters

Parameter

Description

nonce

random 32-bit integer or incrementing counter which must only be used once to avoid exposing the underlying secret; if not provided, a random 32-bit integer is used

context

machine-readable string describing the key derivation context

name

name for the derived key

description

human-readable description of the derived key

Sign a Message

curl -i \
-H 'Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiZXhwIjpudWxsLCJpYXQiOjE1NTk4Nzg1NzQsImp0aSI6IjYzYTJkY2QzLWI5OTgtNDZjNC1hNzFkLTQ5MjU4YTBhYmEyMyIsInN1YiI6ImFwcGxpY2F0aW9uOmNiMjAzN2Y3LTc5ZmMtNDBmNC05NzIwLWFkYTYzNmRhNDE4MyJ9.0LsVj7oTF0KjwbcUhg9a-fQRWB7cGzKJxLIANeX2cWE' \
https://ident.provide.services/api/v1/vaults/a7dd081d-8ad8-499e-a472-587f044c0039/keys/752176e2-f31f-4887-8267-12ba5769ddcb/sign \
-d '{
"message": "hello world"
}'
HTTP/2 200

Response JSON:

{
"signature": "02a285b1a277f7602dc115a3bf627a8b7603a4a1be9a72b3ab0284878afe443d0023c6b618333ead186cfbf16180f2058727c5ee0e437a0fcff1d3966351d741"
}

Sign a message with a given Key.

Request Parameters

Parameter

Description

message

arbitrary message to sign

Verify a Signature

curl -i \
-H 'Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiZXhwIjpudWxsLCJpYXQiOjE1NTk4Nzg1NzQsImp0aSI6IjYzYTJkY2QzLWI5OTgtNDZjNC1hNzFkLTQ5MjU4YTBhYmEyMyIsInN1YiI6ImFwcGxpY2F0aW9uOmNiMjAzN2Y3LTc5ZmMtNDBmNC05NzIwLWFkYTYzNmRhNDE4MyJ9.0LsVj7oTF0KjwbcUhg9a-fQRWB7cGzKJxLIANeX2cWE' \
https://ident.provide.services/api/v1/vaults/a7dd081d-8ad8-499e-a472-587f044c0039/keys/752176e2-f31f-4887-8267-12ba5769ddcb/verify \
-d '{
"message": "hello world",
"signature": "02a285b1a277f7602dc115a3bf627a8b7603a4a1be9a72b3ab0284878afe443d0023c6b618333ead186cfbf16180f2058727c5ee0e437a0fcff1d3966351d741"
}'
HTTP/2 200

Response JSON:

{
"verified": true
}

Verify that a message was signed with a given Key.

Request Parameters

Parameter

Description

message

the original message

signature

the signature to verify

Encrypt

Encrypt route encrypts a provided string with the specified key.

curl -i -XPOST \
-H 'authorization: bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjEwOjJlOmQ5OmUxOmI4OmEyOjM0OjM3Ojk5OjNhOjI0OmZjOmFhOmQxOmM4OjU5IiwidHlwIjoiSldUIn0.eyJhdWQiOiJodHRwczovL3Byb3ZpZGUuc2VydmljZXMvYXBpL3YxIiwiZXhwIjoxNTkzNjk4NDA5LCJpYXQiOjE1OTM2MTIwMDksImlzcyI6Imh0dHBzOi8vaWRlbnQucHJvdmlkZS5zZXJ2aWNlcyIsImp0aSI6IjU5MjdmN2E3LTA3ODgtNGM4Zi1hMzZmLWZmNmQ1ZmJiMGRlYyIsIm5hdHMiOnsicGVybWlzc2lvbnMiOnsic3Vic2NyaWJlIjp7ImFsbG93IjpbInVzZXIuN2U2NjkxMGItNjAxNC00MmM2LWE4OWUtYzlmYWRlNjY0N2Y2IiwibmV0d29yay4qLmNvbm5lY3Rvci4qIiwibmV0d29yay4qLnN0YXR1cyIsInBsYXRmb3JtLlx1MDAzZSJdfX19LCJwcnZkIjp7InBlcm1pc3Npb25zIjo3NTUzLCJ1c2VyX2lkIjoiN2U2NjkxMGItNjAxNC00MmM2LWE4OWUtYzlmYWRlNjY0N2Y2In0sInN1YiI6InVzZXI6N2U2NjkxMGItNjAxNC00MmM2LWE4OWUtYzlmYWRlNjY0N2Y2In0.Ihgx_I0ZnWDzEUBdZxh0kpPaN5s-ic8t81Ma3lKwAlpckDfthrOcilgllW8u6tT9MkeksMFMFAtEJ6IkzDN5pXvxfyuRmyNdPtM69eEInCMOiN0ejHf6BJaOjVp2DCwey4wG8A5x0b_p9IGQ04xvty5n7U01dQ9amcO6lnr5LBklWyJ5tzGHTHTghOJU7AVlTZAU99invGTxWHsv_AmUXOhbPUq8QDIWwSZhGFG6tHNBwgk2UUoMyk3Ut2B5EAL3t3-grNF0jLRuGtebNz2mHdzdmCIkI9inseCIOZkZbH_H-3BQN2-Ye90qKXw8ZInjoUxvWQNrjcEFRThFGx1q0w0LGE9PWIuDpdSfpWt4gNF_NBFSBzQuByV0W6Z3T2CLsEfB-ipURhrKD2ABy5ZVXP4mbR9bGAsTC1QFAGm0hX81p1lBv69Mo_jwFxwiKujCNYnTHFRtl34e3HPnk3DTeyjGS15z8ZjQCNmoMfjnDet41RlNjaX2DkXf28_3BRddJouQFCFFDm4N7MEhJSL94hzGeEJI8w5H2O6PVMBpIxHyLn4senOjQ_oHbpoG_IfOfUBWREjXvZ28IzVMbIUEjvN5hhldE-6inaEPaObAMCHQ63jm0HgJCR0NFw2M9v6lSQGKPvYkM9cjNJIZwgE8USBfZmXSi7reuWrjaQUwZsA' \
http://ident.provide.services/api/v1/vaults/ad2cad20-e8a3-4dab-ac0a-c66109256e2b/keys/761af7ef-a904-4d37-bf6c-1b9b6cbbbfac/encrypt \
-d '{
"data": "hello world",
"nonce": "1"
}'

Response JSON:

// TODO

Encrypt an arbitrary payload using the requested Key. Returns 400 Bad Request if encryption is not supported by the key.

Request Parameters

Parameter

Description

data

data to be encrypted

nonce

(optional) nonce to use in encryption (if not provided a random nonce is used)

Decrypt

Documentation forthcoming.

// TODO

Response JSON:

// TODO

Decrypt an arbitrary payload using the requested Key. Returns 400 Bad Request if decryption is not supported by the key.

Request Parameters

Parameter

Description