Powered by Redocly

Crypto Misc

Invoke the bcrypt-pw operation

Encode password using bcrypt password-hashing function version 2y. Note that bcrypt truncates passwords longer than 72 characters.

SecurityaccessToken
Request
Request Body schema:
password
required
string
Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

post/v1/state/strongbox/crypto-functions/bcrypt-pw
Request samples 
password: reallysecret
Response samples 
hash: $2y$05$yBvWLrn/ks2sg3x6X5rUeegEmbqswgA/wqLR1b0yrNXMv4o3f3Ah6

Invoke the bcrypt-verify operation

Verify that a plaintext password matches a bcrypt hash. Returns an error if they do not match.

SecurityaccessToken
Request
Request Body schema:
password
required
string

Plaintext password to verify.

hash
required
string

bcrypt hash to verify the password against.

Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

post/v1/state/strongbox/crypto-functions/bcrypt-verify
Request samples 
password: hej hop
hash: $2y$05$yBvWLrn/ks2sg3x6X5rUeegEmbqswgA/wqLR1b0yrNXMv4o3f3Ah6
Response samples 
valid: true

Invoke the hash-data operation

SecurityaccessToken
Request
Request Body schema:
text
required
string <plaintext>
algorithm
string <hmac-digest-type>
Default: "sha256"
  • sha1
  • sha224
  • sha256
  • sha384
  • sha512
  • sha3-224
  • sha3-256
  • sha3-384
  • sha3-512

Digest types, sha1 should be avoided.

format
string <hex-base-type>
Default: "base64"
  • hex: Encode binary data using hex decimal format, e.g., af:03:ff
  • base64: Encode binary using base64 encoding.
Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

post/v1/state/strongbox/crypto-functions/hash-data
Request samples 
text: Zm9vIGJhcgo=
algorithm: sha256
format: base64
Response samples 
hash: 795b303f69d06b2b3edbded518af4e2f53ea09728ef1d12176839bd840ee2198695e1ccd9f27a2839ef11a774b795a0af944037efcf5b20b243d1f5e86148483

Invoke the random-bytes operation

SecurityaccessToken
Request
Request Body schema:
bytes
required
integer <uint32>
format
string <hex-base-type>
Default: "base64"
  • hex: Encode binary data using hex decimal format, e.g., af:03:ff
  • base64: Encode binary using base64 encoding.
Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

post/v1/state/strongbox/crypto-functions/random-bytes
Request samples 
bytes: 32
format: base64
Response samples 
bytes: NA++lSxaE4zdQwQ1aMHIGQ76vcCvKuFp2n52h0PG7/0=

Invoke the random-uuids operation

Generate one or more random UUIDs in a chosen version and format.

  • v4: 122 random bits (RFC 4122). General-purpose random ID.
  • v7: millisecond timestamp + random bits. Lexicographically sortable and collision-resistant.

Format controls how the UUID is serialized (canonical hex, Base64, etc.).

SecurityaccessToken
Request
Request Body schema:
version
string <enumeration>
Default: "v4"
  • v4: UUIDv4 - 122 random bits as per RFC 4122.
  • v7: UUIDv7 - Unix time in milliseconds + random component. Monotonic at ms level.

Which UUID version to generate:

  • v4 - pure random (RFC 4122).
  • v7 - timestamp + randomness (draft), good for indexing/sorting.

If unsure, use v4. Use v7 if you want time-ordering in DBs.

count
integer <uint16>
Default: 1

Number of UUIDs to generate per call. Allowed range: 1..1000.

format
string <enumeration>
Default: "canonical"
  • canonical: Hex with hyphens, lowercase.
  • no-hyphen: 32 hex characters, no hyphens.
  • base64: Standard Base64 of the 16-byte UUID.
  • base64url: URL-safe Base64 (unpadded).
  • base32crockford: Base32 Crockford alphabet.
  • ulid: ULID, lowercase, no hyphens.
  • guid: Microsoft GUID format with {}.

Output serialization format:

  • canonical - hex with hyphens (8-4-4-4-12), lowercase.
  • no-hyphen - 32 hex characters, no hyphens.
  • base64 - 16 raw bytes encoded in standard Base64 (with = padding).
  • base64url - URL-safe Base64 (no + or /), without padding.
  • bytes - raw 16 bytes.

Note: if uuids is of type string in the output, these will be represented as standard Base64 (effectively same as base64). To return true binary values, model uuids as binary instead.

  • base32crockford - Base32 Crockford alphabet (ULID-friendly).
  • guid - Microsoft GUID style with curly braces, e.g. {xxxxxxxx-xxxx-...}.
uppercase
boolean
Default: false

Render hex digits in UPPERCASE where applicable.

Applies only to hex-based formats (canonical, no-hyphen, guid, urn). Ignored for Base64/Base32/bytes.

Responses
200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

503

Service Unavailable (strongbox sealed)

post/v1/state/strongbox/crypto-functions/random-uuids
Request samples 
version: v4
count: 1
format: canonical
uppercase: false
Response samples 
uuids:
  - c95ec1f5-8239-432c-8b40-73dc2400bf50
➔ Next to Entities