H2 (Hosted HSM) API documentation version 1.0.2
H2 API allows interaction with a private hosted HSM instance. An Hosted HSM instance acts like a really simple smart card with off-card hashing, meaning the caller is responsible for hashing the Data To Be Signed.
A typical PDF signature flow:
- Client reserves spaces in the PDF to accomodate for the signature
- Client gathers elements required to calculate hash (PDF byte range, certificates, CRL, OCSP, etc)
- Client calculate hash over these elements
- Client post the hash to Hosted HSM
- Hosted HSM signs the hash
- Client incorporates the signature into the PDF
- Optionnaly, the client timestamps the signature/document.
Signs the provided data using the Hosted HSM instance signature key.
Calls the actual signature function. The request body MUST be a JWS (Json Web Signature) Object (as defined in RFC7515) computed over the Json representation of the request parameters documented below.
The JWS algorithm must be HMAC-SHA256 and signed using the signature key provided by Notarius.