search

Consensys / quorum-key-manager

A universal Key & Account Management solution for blockchain applications.
http://docs.quorum-key-manager.consensys.net/
Apache License 2.0
39 stars 16 forks source link

Verification of signed payload not implemented? #574

Open capri-san opened 2 years ago

capri-san commented 2 years ago

Verification of a signed payload with a key registered in hashicorp vault returns 404 message

Configuration

QKM connected to hashicorp vault using latest image from "consensys/quorum-key-manager:latest"

Steps to reproduce

  1. Run QKM properly connected to Hashicorp Vault
  2. Sign a payload issuing something like: curl -X POST --data '{"data": "bXkgZGF0YSB0byBiZSBzaWduZWQgeSByZWxsZW5vLi4="}' -H "Content-Type:application/json" 'http://localhost:8080/stores/hashicorp-keys/keys/my-test-key/sign' Which returns something like RcHF2pI7gkQKV77DBB3u1mdkziOsfeIo+H3fxPQBPpsUBHglILnbZVQxQurcQ5LbrInaqX1+bzHvzgKWBnveOw== (the signed payload)
  3. Try to verify that this signature was in fact done by my-test-key issuing: curl -X POST --data '{"data": "bXkgZGF0YSB0byBiZSBzaWduZWQgeSByZWxsZW5vLi4=", "curve": "secp256k1","signingAlgorithm": "ecdsa","signature":"RcHF2pI7gkQKV77DBB3u1mdkziOsfeIo+H3fxPQBPpsUBHglILnbZVQxQurcQ5LbrInaqX1+bzHvzgKWBnveOw==","publicKey":"BNo3IM1KWtwEqrkAfOJpwWZqQ3M7s4h1Ig+L/WV40kh7rxBOgYmJ1H6iS+ygFHNwQzLeSvwGG8/nUx8HcvZwpLg="}' -H "Content-Type:application/json" 'http://localhost:8080/keys/verify-signature'

Actual result

Returns 404 page not found

Expected result

A 20x message indicating that the verification was successful.