This is a minimal, security-focused ASP.NET Core API that provides REST API endpoints for hashing, signing, and verifying.
This project was created for educational purposes only and should not be used for other purposes.
- Hashing using SHA256
- Signing messages and verifying signatures using ECDSA (in conjunction with SHA256)
- JSON Web Tokens for authentication with role-based authorization (using HMAC-SHA256)
- Input validation and request size limits
- Logging
- Hash, sign and verify endpoints use the built-in functions from System.Security.Cryptography of
.NETand require authentication - Tokens are created using HmacSha256 (token endpoint exists only for local testing)
- Request sizes are limited
- Keys are demo-only and intentionally stored unsecurely in
appsettings.json!
- Docker (tested with Docker Engine on Linux)
cd into the project root and run
docker build -t crypto-service .Then, run the container with
docker run -p 8080:8080 crypto-serviceThe API will be available at http://localhost:8080.
GET /healthPOST /hashPOST /signPOST /verify
The following commands assume that you have curl and jq installed. If you don't want to install jq, you can copy and paste the relevant fields from the JSON responses.
curl http://localhost:8080/healthTOKEN=$(curl -s -X POST http://localhost:8080/auth/token | jq -r '.token')curl -s -X POST http://localhost:8080/crypto/hash -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -d '{"Data":"hello"}'SIGNATURE=$(curl -s -X POST http://localhost:8080/crypto/sign -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -d '{"Data":"sign this"}' | jq -r '.signature')Right signature:
curl -X POST http://localhost:8080/crypto/verify -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -d "{\"Data\":\"sign this\",\"signature\":\"$SIGNATURE\"}"Wrong signature:
curl -X POST http://localhost:8080/crypto/verify -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -d "{\"Data\":\"Different data\",\"signature\":\"$SIGNATURE\"}"