sign Method

Signs a message using a CMK.

Syntax

def sign(key_id: str, algorithm: str, is_digest: bool) -> None: ...

Remarks

This method signs a message using the CMK specified by KeyId and the given Algorithm. The message data to sign is taken from the the specified input_file or the input_data property. The signature data is output to the the specified output_file or the output_data property.

The value passed for the KeyId parameter must be the Id or ARN of a CMK, or the name or ARN of an alias, in the current region. If an ARN is provided, it can be for a CMK or alias in another account so long as the appropriate permissions are in place.

The Algorithm parameter specifies which algorithm to use to sign the data. Possible values are:

RSASSA_PSS_SHA_256
RSASSA_PSS_SHA_384
RSASSA_PSS_SHA_512
RSASSA_PKCS1_V1_5_SHA_256
RSASSA_PKCS1_V1_5_SHA_384
RSASSA_PKCS1_V1_5_SHA_512
ECDSA_SHA_256
ECDSA_SHA_384
ECDSA_SHA_512

The IsDigest parameter specifies whether the message data is the original message (False) or a message digest (True). When supplying a message digest, keep in mind that the same digest will need to be provided in order to verify the signature later.

Note that a maximum of 4096 bytes of message data can be sent to the server. If IsDigest is False, and more than 4096 bytes of message data are provided, the class will automatically compute an appropriate message digest and send it instead. In such cases, the computed digest is made available via the MessageDigest configuration setting.

This method will fail if any of the following are true regarding the specified CMK:

Its key_state is anything other than aksEnabled (0).
It is symmetric (see key_key_spec).
It is for encryption/decryption instead of signing/verification (see key_for_signing).
It is an AWS-managed CMK (see key_aws_managed).

Cloud Keys 2020 Python Edition Website Download Support Questions / Feedback?
	sign Method Signs a message using a CMK. Syntax def sign(key_id: str, algorithm: str, is_digest: bool) -> None: ... Remarks This method signs a message using the CMK specified by `KeyId` and the given `Algorithm`. The message data to sign is taken from the the specified input_file or the input_data property. The signature data is output to the the specified output_file or the output_data property. The value passed for the `KeyId` parameter must be the Id or ARN of a CMK, or the name or ARN of an alias, in the current region. If an ARN is provided, it can be for a CMK or alias in another account so long as the appropriate permissions are in place. The `Algorithm` parameter specifies which algorithm to use to sign the data. Possible values are: `RSASSA_PSS_SHA_256` `RSASSA_PSS_SHA_384` `RSASSA_PSS_SHA_512` `RSASSA_PKCS1_V1_5_SHA_256` `RSASSA_PKCS1_V1_5_SHA_384` `RSASSA_PKCS1_V1_5_SHA_512` `ECDSA_SHA_256` `ECDSA_SHA_384` `ECDSA_SHA_512` The `IsDigest` parameter specifies whether the message data is the original message (`False`) or a message digest (`True`). When supplying a message digest, keep in mind that the same digest will need to be provided in order to verify the signature later. Note that a maximum of 4096 bytes of message data can be sent to the server. If `IsDigest` is `False`, and more than 4096 bytes of message data are provided, the class will automatically compute an appropriate message digest and send it instead. In such cases, the computed digest is made available via the MessageDigest configuration setting. This method will fail if any of the following are true regarding the specified CMK: Its key_state is anything other than `aksEnabled (0)`. It is symmetric (see key_key_spec). It is for encryption/decryption instead of signing/verification (see key_for_signing). It is an AWS-managed CMK (see key_aws_managed).
Copyright (c) 2022 /n software inc. - All rights reserved. Cloud Keys 2020 Python Edition - Version 20.0 [Build 8157]

Cloud Keys 2020 Python Edition

sign Method

Syntax

Remarks