AWS SDK Version 3 for .NET
API Reference

AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

This is the response object from the Sign operation.

Inheritance Hierarchy

System.Object
  Amazon.Runtime.AmazonWebServiceResponse
    Amazon.KeyManagementService.Model.SignResponse

Namespace: Amazon.KeyManagementService.Model
Assembly: AWSSDK.KeyManagementService.dll
Version: 3.x.y.z

Syntax

C#
public class SignResponse : AmazonWebServiceResponse

The SignResponse type exposes the following members

Constructors

NameDescription
Public Method SignResponse()

Properties

NameTypeDescription
Public Property ContentLength System.Int64 Inherited from Amazon.Runtime.AmazonWebServiceResponse.
Public Property HttpStatusCode System.Net.HttpStatusCode Inherited from Amazon.Runtime.AmazonWebServiceResponse.
Public Property KeyId System.String

Gets and sets the property KeyId.

The Amazon Resource Name (key ARN) of the asymmetric KMS key that was used to sign the message.

Public Property ResponseMetadata Amazon.Runtime.ResponseMetadata Inherited from Amazon.Runtime.AmazonWebServiceResponse.
Public Property Signature System.IO.MemoryStream

Gets and sets the property Signature.

The cryptographic signature that was generated for the message.

  • When used with the supported RSA signing algorithms, the encoding of this value is defined by PKCS #1 in RFC 8017.

  • When used with the ECDSA_SHA_256, ECDSA_SHA_384, or ECDSA_SHA_512 signing algorithms, this value is a DER-encoded object as defined by ANSI X9.62–2005 and RFC 3279 Section 2.2.3. This is the most commonly used signature format and is appropriate for most uses.

When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.

Public Property SigningAlgorithm Amazon.KeyManagementService.SigningAlgorithmSpec

Gets and sets the property SigningAlgorithm.

The signing algorithm that was used to sign the message.

Examples

This operation uses the private key in an asymmetric elliptic curve (ECC) KMS key to generate a digital signature for a given message.

To digitally sign a message with an asymmetric KMS key.


var client = new AmazonKeyManagementServiceClient();
var response = client.Sign(new SignRequest 
{
    KeyId = "alias/ECC_signing_key", // The asymmetric KMS key to be used to generate the digital signature. This example uses an alias of the KMS key.
    Message = new MemoryStream(<message to be signed>), // Message to be signed. Use Base-64 for the CLI.
    MessageType = "RAW", // Indicates whether the message is RAW or a DIGEST.
    SigningAlgorithm = "ECDSA_SHA_384" // The requested signing algorithm. This must be an algorithm that the KMS key supports.
});

string keyId = response.KeyId; // The key ARN of the asymmetric KMS key that was used to sign the message.
MemoryStream signature = response.Signature; // The digital signature of the message.
string signingAlgorithm = response.SigningAlgorithm; // The actual signing algorithm that was used to generate the signature.

            

This operation uses the private key in an asymmetric RSA signing KMS key to generate a digital signature for a message digest. In this example, a large message was hashed and the resulting digest is provided in the Message parameter. To tell KMS not to hash the message again, the MessageType field is set to DIGEST

To digitally sign a message digest with an asymmetric KMS key.


var client = new AmazonKeyManagementServiceClient();
var response = client.Sign(new SignRequest 
{
    KeyId = "alias/RSA_signing_key", // The asymmetric KMS key to be used to generate the digital signature. This example uses an alias of the KMS key.
    Message = new MemoryStream(<message digest to be signed>), // Message to be signed. Use Base-64 for the CLI.
    MessageType = "DIGEST", // Indicates whether the message is RAW or a DIGEST. When it is RAW, KMS hashes the message before signing. When it is DIGEST, KMS skips the hashing step and signs the Message value.
    SigningAlgorithm = "RSASSA_PKCS1_V1_5_SHA_256" // The requested signing algorithm. This must be an algorithm that the KMS key supports.
});

string keyId = response.KeyId; // The key ARN of the asymmetric KMS key that was used to sign the message.
MemoryStream signature = response.Signature; // The digital signature of the message.
string signingAlgorithm = response.SigningAlgorithm; // The actual signing algorithm that was used to generate the signature.

            

Version Information

.NET:
Supported in: 8.0 and newer, Core 3.1

.NET Standard:
Supported in: 2.0

.NET Framework:
Supported in: 4.5 and newer, 3.5