AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.
This is the response object from the Sign operation.
Namespace: Amazon.KeyManagementService.Model
Assembly: AWSSDK.KeyManagementService.dll
Version: 3.x.y.z
public class SignResponse : AmazonWebServiceResponse
The SignResponse type exposes the following members
Name | Description | |
---|---|---|
SignResponse() |
Name | Type | Description | |
---|---|---|---|
ContentLength | System.Int64 | Inherited from Amazon.Runtime.AmazonWebServiceResponse. | |
HttpStatusCode | System.Net.HttpStatusCode | Inherited from Amazon.Runtime.AmazonWebServiceResponse. | |
KeyId | System.String |
Gets and sets the property KeyId. The Amazon Resource Name (key ARN) of the asymmetric KMS key that was used to sign the message. |
|
ResponseMetadata | Amazon.Runtime.ResponseMetadata | Inherited from Amazon.Runtime.AmazonWebServiceResponse. | |
Signature | System.IO.MemoryStream |
Gets and sets the property Signature. The cryptographic signature that was generated for the message.
When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. |
|
SigningAlgorithm | Amazon.KeyManagementService.SigningAlgorithmSpec |
Gets and sets the property SigningAlgorithm. The signing algorithm that was used to sign the message. |
This operation uses the private key in an asymmetric elliptic curve (ECC) KMS key to generate a digital signature for a given message.
var client = new AmazonKeyManagementServiceClient(); var response = client.Sign(new SignRequest { KeyId = "alias/ECC_signing_key", // The asymmetric KMS key to be used to generate the digital signature. This example uses an alias of the KMS key. Message = new MemoryStream(<message to be signed>), // Message to be signed. Use Base-64 for the CLI. MessageType = "RAW", // Indicates whether the message is RAW or a DIGEST. SigningAlgorithm = "ECDSA_SHA_384" // The requested signing algorithm. This must be an algorithm that the KMS key supports. }); string keyId = response.KeyId; // The key ARN of the asymmetric KMS key that was used to sign the message. MemoryStream signature = response.Signature; // The digital signature of the message. string signingAlgorithm = response.SigningAlgorithm; // The actual signing algorithm that was used to generate the signature.
This operation uses the private key in an asymmetric RSA signing KMS key to generate a digital signature for a message digest. In this example, a large message was hashed and the resulting digest is provided in the Message parameter. To tell KMS not to hash the message again, the MessageType field is set to DIGEST
var client = new AmazonKeyManagementServiceClient(); var response = client.Sign(new SignRequest { KeyId = "alias/RSA_signing_key", // The asymmetric KMS key to be used to generate the digital signature. This example uses an alias of the KMS key. Message = new MemoryStream(<message digest to be signed>), // Message to be signed. Use Base-64 for the CLI. MessageType = "DIGEST", // Indicates whether the message is RAW or a DIGEST. When it is RAW, KMS hashes the message before signing. When it is DIGEST, KMS skips the hashing step and signs the Message value. SigningAlgorithm = "RSASSA_PKCS1_V1_5_SHA_256" // The requested signing algorithm. This must be an algorithm that the KMS key supports. }); string keyId = response.KeyId; // The key ARN of the asymmetric KMS key that was used to sign the message. MemoryStream signature = response.Signature; // The digital signature of the message. string signingAlgorithm = response.SigningAlgorithm; // The actual signing algorithm that was used to generate the signature.
.NET:
Supported in: 8.0 and newer, Core 3.1
.NET Standard:
Supported in: 2.0
.NET Framework:
Supported in: 4.5 and newer, 3.5