B.2.4. Signing a Response Using ecdsa-p256-sha256
B.2.4. Signing a Response Using ecdsa-p256-sha256
This example covers portions of the test-response message using the ecdsa-p256-sha256 algorithm and the key test-key-ecc-p256.
The corresponding signature base is:
NOTE: '' line wrapping per RFC 8792
"@status": 200
"content-type": application/json
"content-digest": sha-512=:mEWXIS7MaLRuGgxOBdODa3xqM1XdEvxoYhvlCFJ4
1QJgJc4GTsPp29l5oGX69wWdXymyU0rjJuahq4l5aGgfLQ==:
"content-length": 23
"@signature-params": ("@status" "content-type" "content-digest"
"content-length");created=1618884473;keyid="test-key-ecc-p256"
This results in the following Signature-Input and Signature header fields being added to the message under the label sig-b24:
NOTE: '' line wrapping per RFC 8792
Signature-Input: sig-b24=("@status" "content-type"
"content-digest" "content-length");created=1618884473
;keyid="test-key-ecc-p256"
Signature: sig-b24=:wNmSUAhwb5LxtOtOpNa6W5xj067m5hFrj0XQ4fvpaCLx0NK
ocgPquLgyahnzDnDAUy5eCdlYUEkLIj+32oiasw==:
Note that the ECDSA signature algorithm in use here is non- deterministic, meaning that a different signature value will be created every time the algorithm is run. The signature value provided here can be validated against the given keys, but newly generated signature values are not expected to match the example. See Section 7.3.5.