Skip to main content

Sign Component

Use the Sign component to generate a digital signature for any piece of data. This component uses standard cryptographic methods like HMAC and RSA to create a unique signature, which can be used to verify the origin and integrity of a message.

Why this matters

Digital signatures are crucial for securing communications. They allow a receiving system to verify that a message truly came from the expected sender and that its content has not been altered in transit. This is essential for securing webhooks and authenticating API requests.

What You’ll Configure

Step 1: Select a Signature Method and Settings

Choose the cryptographic method, hash algorithm, and output format for your signature.

SettingDescription
Signature MethodChoose the signature generation method:
1. HMAC: Combines a cryptographic hash function with a secret key. Best for symmetric signing where both parties share the secret.
2. RSA: Uses asymmetric key encryption with a valid RSA private key. Best for public-key infrastructure where the public key is used for verification.
Key/SecretDefine the cryptographic key to use for signing. For HMAC, this is a secret string. For RSA, this must be a valid RSA private key (e.g., in PEM format).
Secure Your Keys
Store your keys and secrets in the Vault and reference them here as variables (e.g., {{vault.hmac_secret}}).
Hash TypeSelect a cryptographic hash function:
1. md5: 128-bit (less secure).
2. sha1: 160-bit (deprecated).
3. sha256: 256-bit (secure & balanced).
4. sha512: 512-bit (high security, slower).
Output EncodingChoose the output format for the signature string:
1. hex: Hexadecimal string.
2. base64: Base64 string.
3. base64url: URL and filename-safe Base64.
4. latin1: ISO-8859-1 character set.
5. utf8: UTF-8 encoding.

Step 2: Provide Input Data

The component requires the data to sign and can optionally take a key to override the one in the settings.

InputRequired?Description
DataYesThe content or message that you want to sign.
KeyNoA specific key to use for this operation, which will override the default Key/Secret in the settings.

Step 3: Handle the Output Signature

The component produces a single output containing the generated digital signature.

OutputDescription
SignatureThe generated signature string, formatted according to your Output Encoding setting.
Verification

The receiving party must use the same data, secret key (for HMAC) or public key (for RSA), algorithm, and encoding to regenerate the signature and verify that it matches the one you sent.

Best Practices

  • Use HMAC-SHA256 for Webhooks: This is a very common and secure standard for signing webhook payloads and API requests.
  • Never Expose Private Keys: Your HMAC secret and RSA private key should be treated like passwords. Always store them securely in the Vault.
  • Match the Algorithm to the Requirement: Use the signing method and hash algorithm specified by the service you are integrating with. Their documentation will tell you what they expect.
  • Sign the Raw Payload: When signing an API request, always sign the raw, unmodified request body before it is sent.

Troubleshooting Tips

If your signature is invalid...
  • Signature Mismatch: This is the most common issue. It is almost always caused by a subtle difference in the input Data between the signing and verification systems. Even a single extra space, different line endings, or a different order of keys in a JSON object can produce a different signature.
  • Incorrect Key: Ensure you are using the exact same secret (for HMAC) or the correct private/public key pair (for RSA) on both ends.
  • Incorrect Algorithm/Encoding: The hash type and output encoding must match exactly between the signing and verification processes.
  • Invalid RSA Key Format: If using RSA, ensure your private key is in a valid format (like PEM PKCS#1 or PKCS#8) and is not corrupted.

What to Try Next

  • Use this component to generate a signature for an outgoing API Call, adding the signature to the request headers.
  • Create an Agent Skill that acts as a webhook endpoint. Use the Sign component to generate a signature from the incoming request body and compare it to the signature provided in the request headers to verify authenticity.
  • Take a hash generated by the Hash Component and sign that hash for an extra layer of verification.