We have created a encryption key of type ecdsa-p256 using /v1/transit/keys/ api and further we are signing using /v1/transit/sign/ api and trying to verify using vault it is successfully verified with valid as true but while verifying the signature using java program with SHA256withECDSA algo and public key, input and signature recieved while creation getting Exception as
java.security.SignatureException: Invalid encoding for signature
So is SHA256withECDSA signing algo supported for ecdsa-p256 encryption key in transit engine
here is the curl used for signing :
curl --location 'http://localhost:8200/v1/transit/sign/test' \ --header 'X-Vault-Token: hvs.GJjDLDxW1iikrJfjK9PJgXTa' \ --header 'Content-Type: text/plain' \ --data '{ "input": "c2FtcGxlIHRleHQ=" } '
The result we are expecting is successfully verification of signature, public key and inputs using SHA256withECDSA signing algo if it is supported by vault .
You need to remove
vault:v1:and base64 decode the rest of the signature and use these bytes in Java.So if Vault gives you:
You will end up with these bytes (not characters, line wrapped for pretty printing):
This
opensslandxxdcommand will provide you with those bytes (ymmv):