The responses of the following routes should include a header with a ECDSA signature.
/rules
/countrylist
/valuesets
Please add to the service an ECDSA signature for the trust lists and a public key route to get the public key E.g. /publickey
The service should contain an signing interface that it's possible to replace it with other signing services. For instance hashicorp or an HSM.
The header should be X-Signature which contains the ECDSA Signature in BASE64 Encoding.
EC Curve is P256 (with SHA256 or "SHA256WITHECDSA" in Bouncycastle).
The responses of the following routes should include a header with a ECDSA signature.
/rules /countrylist /valuesets
Please add to the service an ECDSA signature for the trust lists and a public key route to get the public key E.g. /publickey The service should contain an signing interface that it's possible to replace it with other signing services. For instance hashicorp or an HSM.
The header should be X-Signature which contains the ECDSA Signature in BASE64 Encoding.
EC Curve is P256 (with SHA256 or "SHA256WITHECDSA" in Bouncycastle).