Signs an asymmetric key.
Usage notes
The following table describes the signature algorithms for different types of customer master keys (CMKs).
CMK type | Signature algorithm | Description |
---|---|---|
| RSA_PSS_SHA_256 (default value) | RSASSA-PSS using SHA-256 and MGF1 with SHA-256 |
RSA_PKCS1_SHA_256 | RSASSA-PKCS1-v1_5 using SHA-256 | |
| ECDSA_SHA_256 (default value) | ECDSA on the P-256 Curve(secp256r1) with a SHA-256 digest |
EC_SM2 | SM2DSA (default value) | SM2 elliptic curve public key encryption algorithm |
Request message definition
message SignRequest {
string KeyId = 1;
string Algorithm = 2;
bytes Message = 3;
string MessageType = 4;
}
Request parameters
Parameter | Type | Required | Example | Description |
---|---|---|---|---|
KeyId | string | Yes | 1234abcd-12ab-34cd-56ef-12345678**** | The ID of the customer master key (CMK). The ID must be globally unique. You can also set this parameter to an alias that is bound to the CMK. |
Algorithm | string | Yes | RSAES_OAEP_SHA_256 | The signature algorithm. Valid values:
|
MessageType | string | Yes | RAW | The message type. Valid values:
|
Message | bytes | Yes | Binary data | The message to sign.
|
Response message definition
message SignResponse {
string KeyId = 1;
bytes Signature = 2;
string RequestId = 3;
string Algorithm = 4;
string MessageType = 5;
}
Response parameters
Parameter | Type | Example | Description |
---|---|---|---|
Signature | bytes | Binary data | The calculated signature value. |
KeyId | string | 1234abcd-12ab-34cd-56ef-12345678**** | The ID of the CMK. The ID must be globally unique. If the KeyId parameter is set to an alias of the CMK, the ID of the CMK to which the alias is bound is returned. |
Algorithm | string | RSAES_OAEP_SHA_256 | The signature algorithm. |
MessageType | string | RAW | The type of the message. |
RequestId | string | 475f1620-b9d3-4d35-b5c6-3fbdd941423d | The ID of the request. |
Error codes
For more information about error codes, see Common error codes.