Search
⌃K

Signing and Verification

Signing and Verification actions can be performed with all the asymmetric key types available in the Vault.

Sign a Message

Sign a message (a claim, or hash or specific text) with a given Key.
curl
curl -i \
-H 'Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiZXhwIjpudWxsLCJpYXQiOjE1NTk4Nzg1NzQsImp0aSI6IjYzYTJkY2QzLWI5OTgtNDZjNC1hNzFkLTQ5MjU4YTBhYmEyMyIsInN1YiI6ImFwcGxpY2F0aW9uOmNiMjAzN2Y3LTc5ZmMtNDBmNC05NzIwLWFkYTYzNmRhNDE4MyJ9.0LsVj7oTF0KjwbcUhg9a-fQRWB7cGzKJxLIANeX2cWE' \
-H 'Content-Type: application/json' \
https://vault.provide.services/api/v1/vaults/a7dd081d-8ad8-499e-a472-587f044c0039/keys/752176e2-f31f-4887-8267-12ba5769ddcb/sign \
-d '{
"message": "hello world"
}'
HTTP/2 201
Response JSON:
{
"signature": "02a285b1a277f7602dc115a3bf627a8b7603a4a1be9a72b3ab0284878afe443d0023c6b618333ead186cfbf16180f2058727c5ee0e437a0fcff1d3966351d741"
}
The signature returned in the response is hex-encoded.

Signing Parameters

Parameter
Supported Values
message
string to sign, typically the hash; note that only 32-byte messages will be signed by secp256k1or BIP39 keys

Signing Options (RSA)

When signing with RSA, the RSA signing/verification algorithm must also be provided (otherwise it will return with a "nil signing options" 500 error).
An example of signing with an RSA key is shown below.
curl
curl -i -XPOST \
-H 'Authorization: bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjEwOjJlOmQ5OmUxOmI4OmEyOjM0OjM3Ojk5OjNhOjI0OmZjOmFhOmQxOmM4OjU5IiwidHlwIjoiSldUIn0.eyJhdWQiOiJodHRwczovL3Byb3ZpZGUuc2VydmljZXMvYXBpL3YxIiwiZXhwIjoxNTk5OTIyNDU1LCJpYXQiOjE1OTk4MzYwNTUsImlzcyI6Imh0dHBzOi8vaWRlbnQucHJvdmlkZS5zZXJ2aWNlcyIsImp0aSI6IjNhMWRiZWY4LWIyYjUtNDllOC1hMTc3LTVhYTE2MTdhZGRiMSIsIm5hdHMiOnsicGVybWlzc2lvbnMiOnsic3Vic2NyaWJlIjp7ImFsbG93IjpbInVzZXIuNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIiwibmV0d29yay4qLmNvbm5lY3Rvci4qIiwibmV0d29yay4qLnN0YXR1cyIsInBsYXRmb3JtLlx1MDAzZSJdfX19LCJwcnZkIjp7InBlcm1pc3Npb25zIjo3NTUzLCJ1c2VyX2lkIjoiNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0sInN1YiI6InVzZXI6NGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0.LY0VhXJMtbTHQ-RqwC9LqXTaOO83tH3fGQwvdSohtXrNNqhGyOXWecGvYMCP8SuJHEzEgj4NLBdspRD9kfWDdbuALLgEwwGN-iz4fwLfHo_AubmpnCt0gEea7CoGozgY-7pp7apTLAbGMQ_kjb0Az49CfV5eiRrM3ntkQkmEfyEurEOo-Q3u2kLJJKjTOfz5KDHYD5t78x-Srjxod9tqilm4sOM2nGTdcY4_Iuo5fFKPhahpxWgOOQnlfOymKm11UGDStv9_6vSgu-qiCEclK8RpY5f9EpbE6d4uFsJmmbtSOUlSVW5p--L86x3XNww9_B-S_tZ6e6kjsuD9JwJUxcQgegTcPqLpfuiiSFFgoNlk-JJsZXbF6-T5Y7hP6OspeG2NzUZ2xtliMyLm9fjwP4OEUkvKXQzC-Dh4M2fQSXyGv3lSmjRXUEltQzwvJ4i8nQ5qnDzYVyqXhEVg9lplcLOsJFiKcx1Ipm-akjWDn02cnOXjocP6ImbDiH4UF4IIHTqdpygoTqfRjL3j1JipCvmAumtbSwzXxbjWRgr_VXoCQ9FFaMPl7_WoVa5MQFwY3mH_IBxqNlXLihsJeZ97x6KGN_57yM8OTg30DBzKW38H3l--M88gIKJN-57sa59eej5ECf1n5Rek0TQupt9-OYFH0kmo1zBAydIjXVkdg' \
-H 'Content-Type: application/json' \
https://vault.provide.services/api/v1/vaults/730afe0f-a62d-48e0-9d67-1e07c118fbf8/keys/633e229f-e382-4441-a500-b08f028184df/sign
-d '{
"message": "hello world",
"options": {
"algorithm": "PS256"
}
}'
HTTP/2 201

RSA Signing Options

Parameter
Supported Values
algorithm
RS256 RS384 RS512 (for RSA PKCS#1 v1.5)
PS256 PS384 PS512 (for RSASSA-PSS)

Signing with BIP39 Key

Signing with a BIP39 key, which actually functions as a HD wallet, automatically generates a new secp256k1 key derived from the BIP39 master key to sign each request, unless the request contains HD wallet signing options specifying the derivation path to be used for signing.
An example is shown below:
curl
curl -i -XPOST \
-H 'Authorization: bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjEwOjJlOmQ5OmUxOmI4OmEyOjM0OjM3Ojk5OjNhOjI0OmZjOmFhOmQxOmM4OjU5IiwidHlwIjoiSldUIn0.eyJhdWQiOiJodHRwczovL3Byb3ZpZGUuc2VydmljZXMvYXBpL3YxIiwiZXhwIjoxNTk5OTIyNDU1LCJpYXQiOjE1OTk4MzYwNTUsImlzcyI6Imh0dHBzOi8vaWRlbnQucHJvdmlkZS5zZXJ2aWNlcyIsImp0aSI6IjNhMWRiZWY4LWIyYjUtNDllOC1hMTc3LTVhYTE2MTdhZGRiMSIsIm5hdHMiOnsicGVybWlzc2lvbnMiOnsic3Vic2NyaWJlIjp7ImFsbG93IjpbInVzZXIuNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIiwibmV0d29yay4qLmNvbm5lY3Rvci4qIiwibmV0d29yay4qLnN0YXR1cyIsInBsYXRmb3JtLlx1MDAzZSJdfX19LCJwcnZkIjp7InBlcm1pc3Npb25zIjo3NTUzLCJ1c2VyX2lkIjoiNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0sInN1YiI6InVzZXI6NGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0.LY0VhXJMtbTHQ-RqwC9LqXTaOO83tH3fGQwvdSohtXrNNqhGyOXWecGvYMCP8SuJHEzEgj4NLBdspRD9kfWDdbuALLgEwwGN-iz4fwLfHo_AubmpnCt0gEea7CoGozgY-7pp7apTLAbGMQ_kjb0Az49CfV5eiRrM3ntkQkmEfyEurEOo-Q3u2kLJJKjTOfz5KDHYD5t78x-Srjxod9tqilm4sOM2nGTdcY4_Iuo5fFKPhahpxWgOOQnlfOymKm11UGDStv9_6vSgu-qiCEclK8RpY5f9EpbE6d4uFsJmmbtSOUlSVW5p--L86x3XNww9_B-S_tZ6e6kjsuD9JwJUxcQgegTcPqLpfuiiSFFgoNlk-JJsZXbF6-T5Y7hP6OspeG2NzUZ2xtliMyLm9fjwP4OEUkvKXQzC-Dh4M2fQSXyGv3lSmjRXUEltQzwvJ4i8nQ5qnDzYVyqXhEVg9lplcLOsJFiKcx1Ipm-akjWDn02cnOXjocP6ImbDiH4UF4IIHTqdpygoTqfRjL3j1JipCvmAumtbSwzXxbjWRgr_VXoCQ9FFaMPl7_WoVa5MQFwY3mH_IBxqNlXLihsJeZ97x6KGN_57yM8OTg30DBzKW38H3l--M88gIKJN-57sa59eej5ECf1n5Rek0TQupt9-OYFH0kmo1zBAydIjXVkdg' \
-H 'Content-Type: application/json' \
https://vault.provide.services/api/v1/vaults/730afe0f-a62d-48e0-9d67-1e07c118fbf8/keys/633e229f-e382-4441-a500-b08f028184df/sign
-d '{
"message": "12345678901234567890123456789012"
}'
HTTP/2 201
Note that with each subsequent signing operation, the HD derivation path is automatically incremented (i.e., the next signing operation would increment the hd_derivation_path to m/44/60'/0'/0/1). To override this behavior and to force signing to occur with a specific key, the request should have the additional hdwallet option as illustrated below:
curl
curl -i -XPOST \
-H 'Authorization: bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjEwOjJlOmQ5OmUxOmI4OmEyOjM0OjM3Ojk5OjNhOjI0OmZjOmFhOmQxOmM4OjU5IiwidHlwIjoiSldUIn0.eyJhdWQiOiJodHRwczovL3Byb3ZpZGUuc2VydmljZXMvYXBpL3YxIiwiZXhwIjoxNTk5OTI1NDI4LCJpYXQiOjE1OTk4MzkwMjgsImlzcyI6Imh0dHBzOi8vaWRlbnQucHJvdmlkZS5zZXJ2aWNlcyIsImp0aSI6IjJmZjE2YzczLTczOWItNDFmZi04MTM1LTM1NTQxOWY2M2RiMCIsIm5hdHMiOnsicGVybWlzc2lvbnMiOnsic3Vic2NyaWJlIjp7ImFsbG93IjpbInVzZXIuNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIiwibmV0d29yay4qLmNvbm5lY3Rvci4qIiwibmV0d29yay4qLnN0YXR1cyIsInBsYXRmb3JtLlx1MDAzZSJdfX19LCJwcnZkIjp7InBlcm1pc3Npb25zIjo3NTUzLCJ1c2VyX2lkIjoiNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0sInN1YiI6InVzZXI6NGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0.YlS8eQA1b9GjWhHjef08m0UQFg6nyQgvw34fPCEglfp48wWlLAwnLOmVZT0O3nHAf5f9XJljjLchGkS_vBqzs6xy39Paq81ywxJLU5PdNJFY13bhVjwTJCGWzL2pE8T5by2zaDHEjrsYfCr32ZY0o94pTzQEJ7f0TvjnyuE3l3B584u50d5gss_MOpf44-kOcX6T0KQwJmKA1rCWNrMQ4Hh3i1B-LoysGcOJhDJpuHCD6loijNIxvkjndQ2PeQXHqZ4ZKr0p4pIsexYflLdT1Szl59lpFipgCTomPVYAmBZX0MfZPlt30Pp62ANDs4qttH7-OrnK4m2_p6yeYGiRsf7TUj9NAYdHVetEYeu8oSgpQfmr0Z3jTxXFEY9t1cBPMB5zyBwzCMsTVjlG3xhGxr9SQ26uheMy7M-u9_8Kq-riZv2W79ALm22MSyYi7y0UeC3wG-hO8jrxns3kzV4heI3upwhXS2ccEZrpWbJe4S17egjpEDYAI3JIuWkggEzr_snB8xCV1-ZB2_r6aqdfmsj3QIZQK4U2c6Wa27NBA4hzE45qp_RMyiY7PZOzv0315TYa6qrio2qyUWRr29nHPOEAufg9L-aMYVKBOieL8VIWKw3RBVSDABN1sFWbFfiX0Pd5jny7zMxjHtoae5B-jgAzijIcH7xnvzkCBIySlhI' \
-H 'Content-Type: application/json' \
https://vault.provide.services/api/v1/vaults/e0761eac-a6ba-45bd-9a16-9eea155e7816/keys/73d0144d-801d-49a0-86bb-5ee1fdcc9706/sign \
-d '{
"message": "12345678901234567890123456789012",
"options": {
"hdwallet": {
"coin": 60,
"index": 0
}
}
}'
HTTP/2 201

BIP39 Signing Options

Parameter
Description
Default
purpose
the purpose of the HD wallet
44'
coin
coin type integer as registered here
60'
coin_abbr
human-readable coin abbreviation (deprecated; use coin or hd_derivation_path)
ETH
account
account path within the HD wallet
0
change
the change path within the hardened account
0
index
0 - 4294967295 permitted
0
hd_derivation_path
the full HD derivation path; overrides other options when provided
-
Note that specifying hdwallet options does not override the automatically-sequenced, iterative HD derivation path which is the default behavior of secp256k1 keys in the context of a BIP39 HD wallet. When hdwallet options are provided as part of a signing API request, they specify which key (i.e., at a given HD derivation path) should be used for the signing operation.
Signing with a BIP39 key results in an extended API response which includes the hd_derivation_path and the public network address representation of the derived key which signed the transaction:
{
"signature": "ed1eeedb6d5db4da744acddd0b9639566229a10f8cb0841210749b033261acb770e40267a4d8b28eda62d19c893950453b9acbbc816fbf267869d18e938da9d600",
"address": "0x707193161a7F1e6a8DD33b56E89A6deBCb235e86",
"hd_derivation_path": "m/44'/60'/0'/0/0"
}

Signing Ethereum Transactions

Note: When using a secp256k1 key (or a secp256k1 key derived by a BIP39 HD wallet), only 32-byte messages will be signed when the coin type is 60' (i.e., ETH); the expected length of a keccak hash is 32-bytes. Transaction signing for other coin types is not yet supported.

Verify a Signature

Verify that a message was signed with a given Key.
curl
curl -i \
-H 'Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7fSwiZXhwIjpudWxsLCJpYXQiOjE1NTk4Nzg1NzQsImp0aSI6IjYzYTJkY2QzLWI5OTgtNDZjNC1hNzFkLTQ5MjU4YTBhYmEyMyIsInN1YiI6ImFwcGxpY2F0aW9uOmNiMjAzN2Y3LTc5ZmMtNDBmNC05NzIwLWFkYTYzNmRhNDE4MyJ9.0LsVj7oTF0KjwbcUhg9a-fQRWB7cGzKJxLIANeX2cWE' \
-H 'Content-Type: application/json' \
https://vault.provide.services/api/v1/vaults/a7dd081d-8ad8-499e-a472-587f044c0039/keys/752176e2-f31f-4887-8267-12ba5769ddcb/verify \
-d '{
"message": "hello world",
"signature": "02a285b1a277f7602dc115a3bf627a8b7603a4a1be9a72b3ab0284878afe443d0023c6b618333ead186cfbf16180f2058727c5ee0e437a0fcff1d3966351d741",
"options": {
"algorithm": "PS256"
}
}'
HTTP/2 200
Response JSON:
{
"verified": true
}

Request Parameters

Parameter
Description
message
the original message which was signed; typically a hash
signature
the signature to verify

Verification Options (RSA)

When verifying an RSA signature, the same RSA signing/verification algorithm used to sign the message must also be provided (otherwise it will return a "verified": "false" response, regardless of the validity of the signature).
An example of verifying with an RSA key, specifying the RSA signing algorithm used to sign the message, is shown below.
curl
curl -i \
-H 'Authorization: bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjEwOjJlOmQ5OmUxOmI4OmEyOjM0OjM3Ojk5OjNhOjI0OmZjOmFhOmQxOmM4OjU5IiwidHlwIjoiSldUIn0.eyJhdWQiOiJodHRwczovL3Byb3ZpZGUuc2VydmljZXMvYXBpL3YxIiwiZXhwIjoxNTk5OTIyNDU1LCJpYXQiOjE1OTk4MzYwNTUsImlzcyI6Imh0dHBzOi8vaWRlbnQucHJvdmlkZS5zZXJ2aWNlcyIsImp0aSI6IjNhMWRiZWY4LWIyYjUtNDllOC1hMTc3LTVhYTE2MTdhZGRiMSIsIm5hdHMiOnsicGVybWlzc2lvbnMiOnsic3Vic2NyaWJlIjp7ImFsbG93IjpbInVzZXIuNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIiwibmV0d29yay4qLmNvbm5lY3Rvci4qIiwibmV0d29yay4qLnN0YXR1cyIsInBsYXRmb3JtLlx1MDAzZSJdfX19LCJwcnZkIjp7InBlcm1pc3Npb25zIjo3NTUzLCJ1c2VyX2lkIjoiNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0sInN1YiI6InVzZXI6NGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0.LY0VhXJ_MtbTHQ-RqwC9LqXTaOO83tH3fGQwvdSohtXrNNqhGyOXWecGvYMCP8SuJHEzEgj4NLBdspRD9kfWDdbuALLgEwwGN-iz4fwLfHo_AubmpnCt0gEea7CoGozgY-7pp7apTLAbGMQ_kjb0Az49CfV5eiRrM3ntkQkmEfyEurEOo-Q3u2kLJJKjTOfz5KDHYD5t78x-Srjxod9tqilm4sOM2nGTdcY4_Iuo5fFKPhahpxWgOOQnlfOymKm11UGDStv9_6vSgu-qiCEclK8RpY5f9EpbE6d4uFsJmmbtSOUlSVW5p-_-L86x3XNww9_B-S_tZ6e6kjsuD9JwJUxcQgegTcPqLpfuiiSFFgoNlk-JJsZXbF6-T5Y7hP6OspeG2NzUZ2xtliMyLm9fjwP4OEUkvKXQzC-Dh4M2fQSXyGv3lSmjRXUEltQzwvJ4i8nQ5qnDzYVyqXhEVg9lplcLOsJFiKcx1Ipm-akjWDn02cnOXjocP6ImbDiH4UF4IIHTqdpygoTqfRjL3j1JipCvmAumtbSwzXxbjWRgr_VXoCQ9FFaMPl7_WoVa5MQFwY3mH_IBxqNlXLihsJeZ97x6KGN_57yM8OTg30DBzKW38H3l--M88gIKJN-57sa59eej5ECf1n5Rek0TQupt9-OYFH0kmo1zBAydIjXVkdg' \
-H 'Content-Type: application/json' \
https://vault.provide.services/api/v1/vaults/730afe0f-a62d-48e0-9d67-1e07c118fbf8/keys/633e229f-e382-4441-a500-b08f028184df/verify \
-d '{
"message": "hello world",
"signature": "5843e068858b6b90b3e64a8b162cf757f80881101cdf021a56bbe059b12ae9ae5fe87d6919725a10dfb0056d5689394269a16518d9987302e2353cde308d1e7c2a8eedad94ed2a88184b283df90dc7a89d42136b60082d8e6452afae443bf026a930c7eccef945934e4e870212d1c2ec16986c9b4ba249698bde419a4bbdc16b1fd16a820fd0094580a3a13d29e62a70cb020a15e9e57fef6b3576b00a563197985ca0d520a595d4183956faf2ef94983db46a16ddf206fa4726a71ffc4fed4d475916bd172b4a64dbf9b7b70165200588dac341f4ed500bb049b50c1847b156f07f59c7a7f849fb8d96e5b37074e643d734c865c69e1affd3c7ba71d81d6ac7",
"options": {
"algorithm": "PS256"
}
}'
HTTP/2 200

Verification Options (BIP39)

To verify a signature created by a key derived from a BIP39 HD wallet, you must provide the HD derivation path index value or the full hd_derivation_path corresponding to such derived key.
The following example shows how to validate a signature created by the key derived at index 0 of a BIP39 HD wallet:
curl
curl -i -XPOST \
-H 'Authorization: bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjEwOjJlOmQ5OmUxOmI4OmEyOjM0OjM3Ojk5OjNhOjI0OmZjOmFhOmQxOmM4OjU5IiwidHlwIjoiSldUIn0.eyJhdWQiOiJodHRwczovL3Byb3ZpZGUuc2VydmljZXMvYXBpL3YxIiwiZXhwIjoxNTk5OTI1NDI4LCJpYXQiOjE1OTk4MzkwMjgsImlzcyI6Imh0dHBzOi8vaWRlbnQucHJvdmlkZS5zZXJ2aWNlcyIsImp0aSI6IjJmZjE2YzczLTczOWItNDFmZi04MTM1LTM1NTQxOWY2M2RiMCIsIm5hdHMiOnsicGVybWlzc2lvbnMiOnsic3Vic2NyaWJlIjp7ImFsbG93IjpbInVzZXIuNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIiwibmV0d29yay4qLmNvbm5lY3Rvci4qIiwibmV0d29yay4qLnN0YXR1cyIsInBsYXRmb3JtLlx1MDAzZSJdfX19LCJwcnZkIjp7InBlcm1pc3Npb25zIjo3NTUzLCJ1c2VyX2lkIjoiNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0sInN1YiI6InVzZXI6NGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0.YlS8eQA1b9GjWhHjef08m0UQFg6nyQgvw34fPCEglfp48wWlLAwnLOmVZT0O3nHAf5f9XJljjLchGkS_vBqzs6xy39Paq81ywxJLU5PdNJFY13bhVjwTJCGWzL2pE8T5by2zaDHEjrsYfCr32ZY0o94pTzQEJ7f0TvjnyuE3l3B584u50d5gss_MOpf44-kOcX6T0KQwJmKA1rCWNrMQ4Hh3i1B-LoysGcOJhDJpuHCD6loijNIxvkjndQ2PeQXHqZ4ZKr0p4pIsexYflLdT1Szl59lpFipgCTomPVYAmBZX0MfZPlt30Pp62ANDs4qttH7-OrnK4m2_p6yeYGiRsf7TUj9NAYdHVetEYeu8oSgpQfmr0Z3jTxXFEY9t1cBPMB5zyBwzCMsTVjlG3xhGxr9SQ26uheMy7M-u9_8Kq-riZv2W79ALm22MSyYi7y0UeC3wG-hO8jrxns3kzV4heI3upwhXS2ccEZrpWbJe4S17egjpEDYAI3JIuWkggEzr_snB8xCV1-ZB2_r6aqdfmsj3QIZQK4U2c6Wa27NBA4hzE45qp_RMyiY7PZOzv0315TYa6qrio2qyUWRr29nHPOEAufg9L-aMYVKBOieL8VIWKw3RBVSDABN1sFWbFfiX0Pd5jny7zMxjHtoae5B-jgAzijIcH7xnvzkCBIySlhI' \
-H 'Content-Type: application/json' \
https://vault.provide.services/api/v1/vaults/e0761eac-a6ba-45bd-9a16-9eea155e7816/keys/73d0144d-801d-49a0-86bb-5ee1fdcc9706/verify \
-d '{
"message": "12345678901234567890123456789012",
"signature": "ed1eeedb6d5db4da744acddd0b9639566229a10f8cb0841210749b033261acb770e40267a4d8b28eda62d19c893950453b9acbbc816fbf267869d18e938da9d600",
"options": {
"hdwallet": {
"coin": 60,
"index": 0
}
}
}'
HTTP/2 200
The same signature verification as illustrated above can also be accomplished using the hd_derivation_path of the derived key:
curl
-H 'Authorization: bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjEwOjJlOmQ5OmUxOmI4OmEyOjM0OjM3Ojk5OjNhOjI0OmZjOmFhOmQxOmM4OjU5IiwidHlwIjoiSldUIn0.eyJhdWQiOiJodHRwczovL3Byb3ZpZGUuc2VydmljZXMvYXBpL3YxIiwiZXhwIjoxNTk5OTI1NDI4LCJpYXQiOjE1OTk4MzkwMjgsImlzcyI6Imh0dHBzOi8vaWRlbnQucHJvdmlkZS5zZXJ2aWNlcyIsImp0aSI6IjJmZjE2YzczLTczOWItNDFmZi04MTM1LTM1NTQxOWY2M2RiMCIsIm5hdHMiOnsicGVybWlzc2lvbnMiOnsic3Vic2NyaWJlIjp7ImFsbG93IjpbInVzZXIuNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIiwibmV0d29yay4qLmNvbm5lY3Rvci4qIiwibmV0d29yay4qLnN0YXR1cyIsInBsYXRmb3JtLlx1MDAzZSJdfX19LCJwcnZkIjp7InBlcm1pc3Npb25zIjo3NTUzLCJ1c2VyX2lkIjoiNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0sInN1YiI6InVzZXI6NGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0.YlS8eQA1b9GjWhHjef08m0UQFg6nyQgvw34fPCEglfp48wWlLAwnLOmVZT0O3nHAf5f9XJljjLchGkS_vBqzs6xy39Paq81ywxJLU5PdNJFY13bhVjwTJCGWzL2pE8T5by2zaDHEjrsYfCr32ZY0o94pTzQEJ7f0TvjnyuE3l3B584u50d5gss_MOpf44-kOcX6T0KQwJmKA1rCWNrMQ4Hh3i1B-LoysGcOJhDJpuHCD6loijNIxvkjndQ2PeQXHqZ4ZKr0p4pIsexYflLdT1Szl59lpFipgCTomPVYAmBZX0MfZPlt30Pp62ANDs4qttH7-OrnK4m2_p6yeYGiRsf7TUj9NAYdHVetEYeu8oSgpQfmr0Z3jTxXFEY9t1cBPMB5zyBwzCMsTVjlG3xhGxr9SQ26uheMy7M-u9_8Kq-riZv2W79ALm22MSyYi7y0UeC3wG-hO8jrxns3kzV4heI3upwhXS2ccEZrpWbJe4S17egjpEDYAI3JIuWkggEzr_snB8xCV1-ZB2_r6aqdfmsj3QIZQK4U2c6Wa27NBA4hzE45qp_RMyiY7PZOzv0315TYa6qrio2qyUWRr29nHPOEAufg9L-aMYVKBOieL8VIWKw3RBVSDABN1sFWbFfiX0Pd5jny7zMxjHtoae5B-jgAzijIcH7xnvzkCBIySlhI' \
-H 'Content-Type: application/json' \
https://vault.provide.services/api/v1/vaults/e0761eac-a6ba-45bd-9a16-9eea155e7816/keys/73d0144d-801d-49a0-86bb-5ee1fdcc9706/verify \
-d '{
"message": "12345678901234567890123456789012",
"signature": "ed1eeedb6d5db4da744acddd0b9639566229a10f8cb0841210749b033261acb770e40267a4d8b28eda62d19c893950453b9acbbc816fbf267869d18e938da9d600",
"options": {
"hdwallet": {
"hd_derivation_path": "m/44'/60'/0'/0/0"
}
}
}'
HTTP/2 200

Detached Verification

In certain cases, you may need to verify the signature of a message which was signed by a third party. A Vault instance can perform such verification given the message, signature and public key. This is referred to as "detached verification" since the private key which signed the message does not exist in the Vault. Ephemeral keys are created in-memory to perform this verification by invoking the following API:
curl
curl -i \
-H 'Authorization: bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjEwOjJlOmQ5OmUxOmI4OmEyOjM0OjM3Ojk5OjNhOjI0OmZjOmFhOmQxOmM4OjU5IiwidHlwIjoiSldUIn0.eyJhdWQiOiJodHRwczovL3Byb3ZpZGUuc2VydmljZXMvYXBpL3YxIiwiZXhwIjoxNTk5OTIyNDU1LCJpYXQiOjE1OTk4MzYwNTUsImlzcyI6Imh0dHBzOi8vaWRlbnQucHJvdmlkZS5zZXJ2aWNlcyIsImp0aSI6IjNhMWRiZWY4LWIyYjUtNDllOC1hMTc3LTVhYTE2MTdhZGRiMSIsIm5hdHMiOnsicGVybWlzc2lvbnMiOnsic3Vic2NyaWJlIjp7ImFsbG93IjpbInVzZXIuNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIiwibmV0d29yay4qLmNvbm5lY3Rvci4qIiwibmV0d29yay4qLnN0YXR1cyIsInBsYXRmb3JtLlx1MDAzZSJdfX19LCJwcnZkIjp7InBlcm1pc3Npb25zIjo3NTUzLCJ1c2VyX2lkIjoiNGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0sInN1YiI6InVzZXI6NGM1ZDI5NjktYTQwYy00ZjZkLWFhMDItMjEzNTVmM2M5MDkxIn0.LY0VhXJ_MtbTHQ-RqwC9LqXTaOO83tH3fGQwvdSohtXrNNqhGyOXWecGvYMCP8SuJHEzEgj4NLBdspRD9kfWDdbuALLgEwwGN-iz4fwLfHo_AubmpnCt0gEea7CoGozgY-7pp7apTLAbGMQ_kjb0Az49CfV5eiRrM3ntkQkmEfyEurEOo-Q3u2kLJJKjTOfz5KDHYD5t78x-Srjxod9tqilm4sOM2nGTdcY4_Iuo5fFKPhahpxWgOOQnlfOymKm11UGDStv9_6vSgu-qiCEclK8RpY5f9EpbE6d4uFsJmmbtSOUlSVW5p-_-L86x3XNww9_B-S_tZ6e6kjsuD9JwJUxcQgegTcPqLpfuiiSFFgoNlk-JJsZXbF6-T5Y7hP6OspeG2NzUZ2xtliMyLm9fjwP4OEUkvKXQzC-Dh4M2fQSXyGv3lSmjRXUEltQzwvJ4i8nQ5qnDzYVyqXhEVg9lplcLOsJFiKcx1Ipm-akjWDn02cnOXjocP6ImbDiH4UF4IIHTqdpygoTqfRjL3j1JipCvmAumtbSwzXxbjWRgr_VXoCQ9FFaMPl7_WoVa5MQFwY3mH_IBxqNlXLihsJeZ97x6KGN_57yM8OTg30DBzKW38H3l--M88gIKJN-57sa59eej5ECf1n5Rek0TQupt9-OYFH0kmo1zBAydIjXVkdg' \
-H 'Content-Type: application/json' \
https://vault.provide.services/api/v1/verify \
-d '{
"message": "hello world",
"signature": "5843e068858b6b90b3e64a8b162cf757f80881101cdf021a56bbe059b12ae9ae5fe87d6919725a10dfb0056d5689394269a16518d9987302e2353cde308d1e7c2a8eedad94ed2a88184b283df90dc7a89d42136b60082d8e6452afae443bf026a930c7eccef945934e4e870212d1c2ec16986c9b4ba249698bde419a4bbdc16b1fd16a820fd0094580a3a13d29e62a70cb020a15e9e57fef6b3576b00a563197985ca0d520a595d4183956faf2ef94983db46a16ddf206fa4726a71ffc4fed4d475916bd172b4a64dbf9b7b70165200588dac341f4ed500bb049b50c1847b156f07f59c7a7f849fb8d96e5b37074e643d734c865c69e1affd3c7ba71d81d6ac7",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJwSYrTfqWzADY54qHne\n/WgAUo/1Tq5TkmNczWMx+6FiDRI2EpNdKi1711XvpvTe35JEXa5oYKmRQnMxhB29\nWvH5V8QnKXwIpSvtNqrueRHmRTLVrqcAiqxaNMJ/OQLLFqvqY8+pvUVDIf2Q+DWY\nIJHT105I7kyWCSjwi0NxG0Uf1KVswCY6ERRD7fPUkYUVHdc6eUG9/Va2aIXNmlu/\nr2yNTZxNAUT/zE+q/dnaVKAKMB2Orpj27XCP9i1rQsSaSdBqPxe9GTErZBLLMV5W\ndyELcT4NfhPXzJvN+czObtX0V8Kksszhb0etLMLKzUzAnQEFtY/SVQlKgExqWBKu\nGQIDAQAB\n-----END PUBLIC KEY-----\n",
"options": {
"algorithm": "PS256"
}
}'
HTTP/2 200
Detached verification requires a public_key to be supplied in the request.
Previous
Encryption and Decryption
Next - API Reference
HD Wallets
Last modified 1yr ago