Signs data using an asymmetric key.
Usage notes
After all request parameters are encoded using Protocol Buffers, the request body cannot exceed 3 MB. If the request body exceeds 3 MB, the server rejects the request and returns HTTP 413. For large messages, generate a digest locally and pass it with MessageType set to DIGEST, then call the Sign or Verify operation.
For supported key specifications and signing algorithms, see Key types and specifications.
Request parameters
| Parameter | Type | Required | Example | Description |
|---|---|---|---|---|
| KeyId | string | Yes | 1234abcd-12ab-34cd-56ef-12345678**** | The globally unique ID of the key. You can also specify an alias bound to the key. |
| Algorithm | string | Yes | RSAES_OAEP_SHA_256 | The signature algorithm. Valid values: RSA_PSS_SHA_256, RSA_PKCS1_SHA_256, ECDSA_SHA_256, SM2DSA. |
| MessageType | string | Yes | RAW | The message type. Valid values: RAW (default): the raw data. KMS uses the hash algorithm specified by Algorithm to generate a digest, then signs the digest. DIGEST: a pre-computed message digest. KMS uses the private key to sign the digest directly. The digest can be up to 32 bytes. |
| Message | bytes | Yes | Binary data | The message to sign. |
Response elements
| Parameter | Type | Example | Description |
|---|---|---|---|
| Signature | bytes | Binary data | The calculated signature value. |
| KeyId | string | 1234abcd-12ab-34cd-56ef-12345678**** | The globally unique ID of the key. If you specified an alias, this field returns the ID of the key the alias is bound to. |
| Algorithm | string | RSAES_OAEP_SHA_256 | The signing algorithm. |
| MessageType | string | RAW | The message type. |
| RequestId | string | 475f1620-b9d3-4d35-b5c6-3fbdd941423d | The request ID. |
Error codes
For a list of error codes, see Service error codes.
该文章对您有帮助吗?