--Best Regards,Yossi C.
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/2cbc30ee-90f4-499f-b182-e0aee56ddbff%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
"Generate" (as I believe you intended the term) produces an HMAC-SHA2 of the input value using the specified key. "sign" takes in an asymmetric key and uses it to generate an asymmetric signature (currently ECDSA-P256 and Ed2519 are the supported algorithms).The main differences between an asymmetric signature and an HMAC are around security of the verification key and perf. With HMAC, you need the same key used to generate the HMAC to verify it (so the verifier would also be able to generate a valid HMAC). With signature algorithms, you don't -- the verifier would need the private key to generate a valid signature. With a tool like Vault, which can allow you to verify HMACs without sharing the private key, this distinction is lessened. HMAC is also generally considered more performant, but there might still be reasons you want a signature with Vault (e.g., compliance obligations).This post does a pretty reasonable job explaining this more in depth: https://crypto.stackexchange.com/a/30658
--Joel
On Tue, Jun 13, 2017 at 11:40 AM Yossi Cohen <yossi...@gmail.com> wrote:
--Best Regards,Yossi C.
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/2cbc30ee-90f4-499f-b182-e0aee56ddbff%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/CAOXnK5Q0QPeLjBo%2B0Y6SYF6skzFstA9-xOMiDcW5nnLC_LSC1Q%40mail.gmail.com.
This endpoint returns the cryptographic signature of the given data using the named key and the specified hash algorithm. The key must be of a type that supports signing.
| Method | Path | Produces |
|---|---|---|
POST | /transit/sign/:name(/:algorithm) | 200 application/json |
name (string: <required>) – Specifies the name of the encryption key to generate hmac against. This is specified as part of the URL.
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/56b62e9b-1cb5-4952-8531-b232e99d8adf%40googlegroups.com.
Yeah, that looks like a typo in the docs.
--Joel
On Wed, Jun 14, 2017 at 4:58 AM Yossi Cohen <yossi...@gmail.com> wrote:
Thank you Guys. The reason i raised this question is because the documentation Vault Transit API. Is there an error in the documentation in the highlighted line below?Sign Data
This endpoint returns the cryptographic signature of the given data using the named key and the specified hash algorithm. The key must be of a type that supports signing.
Method Path Produces POST/transit/sign/:name(/:algorithm)200 application/json»Parameters
name(string: <required>)– Specifies the name of the encryption key to generate hmac against. This is specified as part of the URL.--
On Tuesday, June 13, 2017 at 6:40:32 PM UTC+3, Yossi Cohen wrote:Best Regards,Yossi C.
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/56b62e9b-1cb5-4952-8531-b232e99d8adf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/CAOXnK5Qr2DNBcpeirSOrCR33aw1eG5_mRp8CM7KK0N2Guu4RHA%40mail.gmail.com.To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+unsubscribe@googlegroups.com.