I have configured Transit secrets engine with encryption key of type RSA-2048.
After signing some input data I have got a some signature and would like to verify it locally using public key and not interacting with Vault server.
Secrets engine: Transit
Encryption key type: RSA-2048 (public and private keys are available)
- Hash algorithm: sha2-256
- Signature algorithm: pss
Vault sign input: Base64(“aaa”) = “YWFh”
Vault sign output: vault:v1:fjgCO0r…==
In order to verify generated signature (for investigation purposes) I use web site RSA Signature generation and verification tool with RSASSA-PSS,SHA1WithRSA,SHA1withRSAandMGF1, sha384WithRSA, SHA224WithRSA/PSS, RSAPSS.
I provide there public key, input text and generated signature( without prefix “vault:v1:”), choose RSA Signature Algorithms = SHA256withRSA.
I have got an error “Signature Verification Failed”.
Could you explain what the structure of Vault generated signature and how it could be verified offline?