This is the response object from the Sign operation.
Inheritance Hierarchy
Amazon.Runtime.AmazonWebServiceResponse
Amazon.KeyManagementService.Model.SignResponse
Namespace: Amazon.KeyManagementService.Model
Assembly: AWSSDK.KeyManagementService.dll
Version: 3.x.y.z
Syntax
public class SignResponse : AmazonWebServiceResponse
The SignResponse type exposes the following members
Constructors
| Name | Description | |
|---|---|---|
|
SignResponse() |
Properties
| Name | Type | Description | |
|---|---|---|---|
|
|
ContentLength | System.Int64 | Inherited from Amazon.Runtime.AmazonWebServiceResponse. |
|
|
HttpStatusCode | System.Net.HttpStatusCode | Inherited from Amazon.Runtime.AmazonWebServiceResponse. |
|
|
KeyId | System.String |
Gets and sets the property KeyId. The Amazon Resource Name (key ARN) of the asymmetric KMS key that was used to sign the message. |
|
|
ResponseMetadata | Amazon.Runtime.ResponseMetadata | Inherited from Amazon.Runtime.AmazonWebServiceResponse. |
|
|
Signature | System.IO.MemoryStream |
Gets and sets the property Signature. The cryptographic signature that was generated for the message.
When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded. |
|
|
SigningAlgorithm | Amazon.KeyManagementService.SigningAlgorithmSpec |
Gets and sets the property SigningAlgorithm. The signing algorithm that was used to sign the message. |
Examples
This operation uses the private key in an asymmetric elliptic curve (ECC) KMS key to generate a digital signature for a given message.
To digitally sign a message with an asymmetric KMS key.
var client = new AmazonKeyManagementServiceClient();
var response = client.Sign(new SignRequest
{
KeyId = "alias/ECC_signing_key", // The asymmetric KMS key to be used to generate the digital signature. This example uses an alias of the KMS key.
Message = new MemoryStream(<message to be signed>), // Message to be signed. Use Base-64 for the CLI.
MessageType = "RAW", // Indicates whether the message is RAW or a DIGEST.
SigningAlgorithm = "ECDSA_SHA_384" // The requested signing algorithm. This must be an algorithm that the KMS key supports.
});
string keyId = response.KeyId; // The key ARN of the asymmetric KMS key that was used to sign the message.
MemoryStream signature = response.Signature; // The digital signature of the message.
string signingAlgorithm = response.SigningAlgorithm; // The actual signing algorithm that was used to generate the signature.
This operation uses the private key in an asymmetric RSA signing KMS key to generate a digital signature for a message digest. In this example, a large message was hashed and the resulting digest is provided in the Message parameter. To tell KMS not to hash the message again, the MessageType field is set to DIGEST
To digitally sign a message digest with an asymmetric KMS key.
var client = new AmazonKeyManagementServiceClient();
var response = client.Sign(new SignRequest
{
KeyId = "alias/RSA_signing_key", // The asymmetric KMS key to be used to generate the digital signature. This example uses an alias of the KMS key.
Message = new MemoryStream(<message digest to be signed>), // Message to be signed. Use Base-64 for the CLI.
MessageType = "DIGEST", // Indicates whether the message is RAW or a DIGEST. When it is RAW, KMS hashes the message before signing. When it is DIGEST, KMS skips the hashing step and signs the Message value.
SigningAlgorithm = "RSASSA_PKCS1_V1_5_SHA_256" // The requested signing algorithm. This must be an algorithm that the KMS key supports.
});
string keyId = response.KeyId; // The key ARN of the asymmetric KMS key that was used to sign the message.
MemoryStream signature = response.Signature; // The digital signature of the message.
string signingAlgorithm = response.SigningAlgorithm; // The actual signing algorithm that was used to generate the signature.
Version Information
.NET Core App:
Supported in: 3.1
.NET Standard:
Supported in: 2.0
.NET Framework:
Supported in: 4.5, 4.0, 3.5