Step 6: Retrieve the signature - Futurex Documentation

Fetch the completed signing request with GET /api/v2/x509/signing-requests/{uuid}. When state is Signed, the detached DER PKCS #7 / CMS signature is returned base64-encoded in the signature field.

Fetch the signing request

GET /api/v2/x509/signing-requests/{uuid}

curl -sk "${AUTH[@]}" -b "$CJ" \
  "$B/api/v2/x509/signing-requests/$REQUEST"

Response

{
  "success": true,
  "errorCode": "Success",
  "response": {
    "objInfo": { "name": "rest-api-demo-1", "uuid": "060000ee-....-............" },
    "state": "Signed",
    "approvalState": "Approved",
    "serviceUuid": "040000cc-....-............",
    "signingPolicyUuid": "050000dd-....-............",
    "signature": "MIIGxQYJKoZIhvcNAQcCoIIGtjCCBrI...base64-DER-CMS..."
  }
}

Decode the signature

Decode the signature field into a DER file:

Extract the signature

curl -sk "${AUTH[@]}" -b "$CJ" \
  "$B/api/v2/x509/signing-requests/$REQUEST" \
  | python3 -c 'import sys,json,base64; \
sys.stdout.buffer.write(base64.b64decode(json.load(sys.stdin)["response"]["signature"]))' \
  > sig.p7

Two retrieval paths, depending on the signing format:

Detached formats (CMS, Raw) produce a standalone signature with no embedded artifact. Retrieve it from the signature field of GET /api/v2/x509/signing-requests/{uuid}, as shown above.
Embedded / artifact formats (Authenticode, Msi, JavaJar, Powershell) produce a signed artifact (for example, a signed .exe). The artifact is written to the signing service’s configured network drive and is retrieved with GET /api/v2/x509/signing-requests/{uuid}/signed/download. That endpoint requires a network drive on the service and does not apply to detached CMS / Raw requests.

⌘I

Documentation Index