class Aws::KMS::Types::SignRequest
@note When making an API call, you may pass SignRequest
data as a hash: { key_id: "KeyIdType", # required message: "data", # required message_type: "RAW", # accepts RAW, DIGEST grant_tokens: ["GrantTokenType"], signing_algorithm: "RSASSA_PSS_SHA_256", # required, accepts RSASSA_PSS_SHA_256, RSASSA_PSS_SHA_384, RSASSA_PSS_SHA_512, RSASSA_PKCS1_V1_5_SHA_256, RSASSA_PKCS1_V1_5_SHA_384, RSASSA_PKCS1_V1_5_SHA_512, ECDSA_SHA_256, ECDSA_SHA_384, ECDSA_SHA_512 }
@!attribute [rw] key_id
Identifies an asymmetric KMS key. KMS uses the private key in the asymmetric KMS key to sign the message. The `KeyUsage` type of the KMS key must be `SIGN_VERIFY`. To find the `KeyUsage` of a KMS key, use the DescribeKey operation. To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with `"alias/"`. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN. For example: * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab` * Key ARN: `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab` * Alias name: `alias/ExampleAlias` * Alias ARN: `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias` To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases. @return [String]
@!attribute [rw] message
Specifies the message or message digest to sign. Messages can be 0-4096 bytes. To sign a larger message, provide the message digest. If you provide a message, KMS generates a hash digest of the message and then signs it. @return [String]
@!attribute [rw] message_type
Tells KMS whether the value of the `Message` parameter is a message or message digest. The default value, RAW, indicates a message. To indicate a message digest, enter `DIGEST`. @return [String]
@!attribute [rw] grant_tokens
A list of grant tokens. Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved *eventual consistency*. For more information, see [Grant token][1] and [Using a grant token][2] in the *Key Management Service Developer Guide*. [1]: https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token [2]: https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token @return [Array<String>]
@!attribute [rw] signing_algorithm
Specifies the signing algorithm to use when signing the message. Choose an algorithm that is compatible with the type and size of the specified asymmetric KMS key. @return [String]
@see docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/SignRequest AWS API Documentation
Constants
- SENSITIVE