This topic describes how to use an asymmetric customer master key (CMK) to generate and verify a digital signature. In this topic, Alibaba Cloud CLI is used. You can also use KMS SDKs.

Asymmetric encryption includes the following steps:
  1. A signer sends a public key to a receiver.
  2. The signer uses the private key to sign data.
  3. The signer sends the data and signature to the receiver.
  4. After the receiver receives the data and signature, the receiver uses the public key to verify the signature.

Before you begin

You must call the CreateKey operation to create an asymmetric CMK in KMS. When you create an asymmetric CMK, set the KeySpec parameter to the key type that you want to use and set the Usage parameter to SIGN/VERIFY.

  • Create an RSA signature key:

    aliyun kms CreateKey --KeySpec=RSA_2048 --KeyUsage=SIGN/VERIFY --ProtectionLevel=HSM
  • Create a NIST P-256 signature key:

    aliyun kms CreateKey --KeySpec=EC_P256 --KeyUsage=SIGN/VERIFY --ProtectionLevel=HSM
  • Create a secp256k1 signature key:

    aliyun kms CreateKey --KeySpec=EC_P256K --KeyUsage=SIGN/VERIFY --ProtectionLevel=HSM

Preprocessing before signing: Compute a message digest

Both RSA and ECC signature operations involve first computing the digest of an unsigned message and then signing the digest.

Note The algorithm that is used to compute a message digest must match the algorithm that is specified when you call the KMS API operations to generate a signature. For example, the ECDSA_SHA_256 signature algorithm must be used in conjunction with the SHA-256 digest algorithm. The ECDSA_SHA_256 signature algorithm does not match the SHA-384 digest algorithm.

In the following examples, the SHA-256 digest algorithm is used.

1. Save the "this is message" message that needs to be signed to the message-file.txt file:

echo "this is message" > message-file.txt

2. Compute the SHA-256 digest of the message and save the binary digest to the message-sha256.bin file:

openssl dgst -sha256 -binary -out message-sha256.bin  message-file.txt

Call the KMS API operations to generate the signature

You must call the KMS API operations to generate the signature of a message by using the private key.

1. Before you transmit the message digest over the network, encode the message digest in Base64.

openssl base64 -in message-sha256.bin

The following Base64 encoded digest is returned:

hRP2cuRFSlfEoUXCGuPyi7kZr18VCTZeVOTw0jbUB6w=

2. Pass the Base64 encoded digest to KMS to generate a signature.

Note The parameters passed and the results returned vary based on key types and signature algorithms. Each signature result returned in the example is stored in a different file.
  • RSASSA-PSS

    For RSA keys, you can use the RSASSA-PSS signature algorithm and the SHA-256 digest algorithm to generate a signature. Run the following command:

    aliyun kms AsymmetricSign --KeyId=**** --KeyVersionId=**** \
        --Algorithm=RSA_PSS_SHA_256 --Digest=hRP2cu...
    {
            "KeyId": "****",
            "KeyVersionId": "****",
            "Value": "J7xmdnZ...",
            "RequestId": "70f78da9-c1b6-4119-9635-0ce4427cd424"
    }

    Decode the signature value in Base64 and generate a binary signature. This signature is saved in the file rsa_pss_signature.bin:

    echo J7xmdnZ... | openssl base64 -d -out rsa_pss_signature.bin
  • RSASSA_PKCS1_V1_5

    For RSA keys, you can use the RSASSA_PKCS1_V1_5 signature algorithm and the SHA-256 digest algorithm to generate a signature. Run the following command:

    aliyun kms AsymmetricSign --KeyId=**** --KeyVersionId=**** \
        --Algorithm=RSA_PKCS1_SHA_256 --Digest=hRP2cu...
    {
            "KeyId": "****",
            "KeyVersionId": "****",
            "Value": "qreBkH/u...",
            "RequestId": "4be57288-f477-4ecd-b7be-ad8688390fbc"
    }

    Decode the signature value in Base64 and generate a binary signature. This signature is saved in the file rsa_pkcs1_signature.bin:

    echo qreBkH/u... | openssl base64 -d -out rsa_pkcs1_signature.bin
  • NIST P-256

    For NIST curve P-256, you can use the ECDSA signature algorithm and the SHA-256 digest signature to generate a signature. Run the following command:

    aliyun kms AsymmetricSign --KeyId=**** --KeyVersionId=**** \
        --Algorithm=ECDSA_SHA_256 --Digest=hRP2cu...
    {
            "KeyId": "****",
            "KeyVersionId": "****",
            "Value": "MEYCIQD33Y98...",
            "RequestId": "472d789c-d4be-4271-96bb-367f7f0f8ec3"
    }

    Decode the signature value in Base64 and generate a binary signature. This signature is saved in the file ec_p256_signature.bin:

    echo MEYCIQD33Y98... | openssl base64 -d -out ec_p256_signature.bin
  • secp256k1

    Run the following command:

    aliyun kms AsymmetricSign --KeyId=**** --KeyVersionId=**** \
        --Algorithm=ECDSA_SHA_256 --Digest=hRP2cu...
    {
            "KeyId": "****",
            "KeyVersionId": "****",
            "Value": "MEYCIQDWuuI...",
            "RequestId": "fe41abed-91e7-4069-9f6b-0048f5bf4de5"
    }

    Decode the signature Value in Base64 and generate a binary signature. This signature is saved in the file ec_p256k_signature.bin:

    echo MEYCIQDWuuI... | openssl base64 -d -out ec_p256k_signature.bin

Obtain the public key

Obtain the public key of the asymmetric CMK that is used from KMS. For more information, see Obtain the public key. The preceding examples assume that the following information is true:

  • The public key of the RSA CMK is saved to the file rsa_publickey.pub.
  • The public key of the NIST P-256 CMK is saved to the file ec_p256_publickey.pub.
  • The public key of the secp256k1 CMK is saved to the file ec_p256k_publickey.pub.

Use the public key to verify the signature

Run the following commands to verify the signature. The commands vary based on the key type and signature algorithm that are used.

  • RSASSA-PSS
    openssl dgst \
        -verify rsa_publickey.pub \
        -sha256 \
        -sigopt rsa_padding_mode:pss \
        -sigopt rsa_pss_saltlen:-1 \
        -signature rsa_pss_signature.bin \
        message-file.txt
  • RSASSA_PKCS1_V1_5
    openssl dgst \
        -verify rsa_publickey.pub \
        -sha256 \
        -signature rsa_pkcs1_signature.bin \
        message-file.txt
  • NIST P-256
    openssl dgst \
        -verify ec_p256_publickey.pub \
        -sha256 \
        -signature ec_p256_signature.bin \
        message-file.txt
  • secp256k1
    openssl dgst \
        -verify ec_p256k_publickey.pub \
        -sha256 \
        -signature ec_p256k_signature.bin \
        message-file.txt

If the signature passes verification, the system returns the following message:

Verified OK