Crypto Pyramids

Overview

You are given access to a service, which allow you to obtain digital signatures for messages of your choice. The service uses SPHINCS+ with a custom set of highly efficient parameters, not even a quantum computer will help you to break it.

Your goal is to produce a valid signature for the message opensesame and send it to the /verify endpoint in order to get access to the secret flag.

API of the service

POST /sign

Request

    {
        "message": "base64 encoded message"
    }
    

Sample request with curl: curl --header "Content-Type: application/json" --request POST --data '{"message": "aGVsbG8="}' https://.../sign

Response

    {
        "signature": "base64 encoded signature",
        "status": "Debug message"
    }
    

POST /verify

Request

    {
        "message": "base64 encoded message",
        "signature": "base64 encoded signature",
    }
    

Sample request with curl: curl --header "Content-Type: application/json" --request POST --data '{"message": "aGVsbG8=", "signature": "rcKh2mrC............"}' https://.../verify

Response

    {
        "status": "Debug message"
    }
    

GET /publickey

Sample request with curl: curl --request GET https://.../publickey

Response

    {
        "publickey": "base64 encoded public key"
    }