Sign Component
Use the Sign component to generate a digital signature for any piece of data. This component uses standard cryptographic methods like HMAC and RSA to create a unique signature, which can be used to verify the origin and integrity of a message.
Why this matters
What You’ll Configure
- Select a Signature Method and Settings
- Provide Input Data
- Handle the Output Signature
- Best Practices
- Troubleshooting Tips
- What to Try Next
Step 1: Select a Signature Method and Settings
Choose the cryptographic method, hash algorithm, and output format for your signature.
Setting | Description |
---|---|
Signature Method | Choose the signature generation method: 1. HMAC: Combines a cryptographic hash function with a secret key. Best for symmetric signing where both parties share the secret. 2. RSA: Uses asymmetric key encryption with a valid RSA private key. Best for public-key infrastructure where the public key is used for verification. |
Key/Secret | Define the cryptographic key to use for signing. For HMAC, this is a secret string. For RSA, this must be a valid RSA private key (e.g., in PEM format). Secure Your Keys |
Hash Type | Select a cryptographic hash function: 1. md5 : 128-bit (less secure). 2. sha1 : 160-bit (deprecated). 3. sha256 : 256-bit (secure & balanced). 4. sha512 : 512-bit (high security, slower). |
Output Encoding | Choose the output format for the signature string: 1. hex : Hexadecimal string. 2. base64 : Base64 string. 3. base64url : URL and filename-safe Base64. 4. latin1 : ISO-8859-1 character set. 5. utf8 : UTF-8 encoding. |
Step 2: Provide Input Data
The component requires the data to sign and can optionally take a key to override the one in the settings.
Input | Required? | Description |
---|---|---|
Data | Yes | The content or message that you want to sign. |
Key | No | A specific key to use for this operation, which will override the default Key/Secret in the settings. |
Step 3: Handle the Output Signature
The component produces a single output containing the generated digital signature.
Output | Description |
---|---|
Signature | The generated signature string, formatted according to your Output Encoding setting. |
Verification
Best Practices
- Use HMAC-SHA256 for Webhooks: This is a very common and secure standard for signing webhook payloads and API requests.
- Never Expose Private Keys: Your HMAC secret and RSA private key should be treated like passwords. Always store them securely in the Vault.
- Match the Algorithm to the Requirement: Use the signing method and hash algorithm specified by the service you are integrating with. Their documentation will tell you what they expect.
- Sign the Raw Payload: When signing an API request, always sign the raw, unmodified request body before it is sent.
Troubleshooting Tips
If your signature is invalid...
What to Try Next
- Use this component to generate a signature for an outgoing API Call, adding the signature to the request headers.
- Create an Agent Skill that acts as a webhook endpoint. Use the
Sign
component to generate a signature from the incoming request body and compare it to the signature provided in the request headers to verify authenticity. - Take a hash generated by the Hash Component and sign that hash for an extra layer of verification.