class Aws::KMS::Types::SignRequest

@see docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/SignRequest AWS API Documentation
@return [Boolean]<br>: docs.aws.amazon.com/kms/latest/developerguide/testing-permissions.html<br><br><br><br>permissions][1] in the *Key Management Service Developer Guide*.
To learn more about how to use this parameter, see [Testing your
parameter.
Checks if your request will succeed. ‘DryRun` is an optional
@!attribute [rw] dry_run
@return [String]
algorithms for compatibility with existing applications.
RSASSA-PSS algorithms are preferred. We include RSASSA-PKCS1-v1_5
specified asymmetric KMS key. When signing with RSA key pairs,
Choose an algorithm that is compatible with the type and size of the
Specifies the signing algorithm to use when signing the message.
@!attribute [rw] signing_algorithm
@return [Array<String>]<br>: docs.aws.amazon.com/kms/latest/developerguide/using-grant-token.html<br>[1]: docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token<br><br><br><br>token][2] in the *Key Management Service Developer Guide*.
For more information, see [Grant token] and [Using a grant
from a new grant that has not yet achieved *eventual consistency*.
Use a grant token when your permission to call this operation comes
A list of grant tokens.
@!attribute [rw] grant_tokens
@return [String]<br>: docs.aws.amazon.com/kms/latest/developerguide/offline-operations.html#key-spec-sm-offline-verification<br><br><br><br>verification with SM2 key pairs].
* SM2DSA uses the SM3 hashing algorithm. For details, see [Offline
hashing algorithm.
* Signing algorithms that end in SHAKE_256 use the SHAKE_256
algorithm.
* Signing algorithms that end in SHA_512 use the SHA_512 hashing
algorithm.
* Signing algorithms that end in SHA_384 use the SHA_384 hashing
algorithm.
* Signing algorithms that end in SHA_256 use the SHA_256 hashing
`SigningAlgorithm` value.
The hashing algorithm that `Sign` uses is based on the
that assumes a single hash.
this can cause verification failures when verifying with a system
specify `RAW` so the digest is hashed again while signing. However,
You can submit a message digest and omit the `MessageType` or
`Message` value must be 64 bytes.
When the value of `MessageType` is `EXTERNAL_MU` the length of the
specified signing algorithm.
`Message` value must match the length of hashed messages for the
When the value of `MessageType` is `DIGEST`, the length of the
operation can be compromised.
value with an unhashed message, the security of the signing
`Message` parameter is a message digest. If you use the `DIGEST`
Use the `DIGEST` or `EXTERNAL_MU` value only when the value of the
algorithm.
of the public key hash and the message done in the ML-DSA signing
When the value is `EXTERNAL_MU` KMS skips the concatenated hashing
is `DIGEST`, KMS skips the hashing step in the signing algorithm.
signing algorithm, which begins with a hash function. When the value
When the value of `MessageType` is `RAW`, KMS uses the standard
ML-DSA signing as defined in NIST FIPS 204 Section 6.2.
hashed; use `EXTERNAL_MU` for 64-byte representative μ used in
messages; use `DIGEST` for message digests, which are already
hashed as part of the signing algorithm. Use `RAW` for unhashed
Tells KMS whether the value of the `Message` parameter should be
@!attribute [rw] message_type
@return [String]
signing.
`MessageType` to prevent the digest from being hashed again while
If you provide a message digest, use the `DIGEST` value of
0-4096 bytes. To sign a larger message, provide a message digest.
Specifies the message or message digest to sign. Messages can be
@!attribute [rw] message
@return [String]
DescribeKey. To get the alias name and alias ARN, use ListAliases.
To get the key ID and key ARN for a KMS key, use ListKeys or
* Alias ARN: `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias`
* Alias name: `alias/ExampleAlias`
`arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
* Key ARN:
* Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
For example:
the key ARN or alias ARN.
a KMS key in a different Amazon Web Services account, you must use
ARN. When using an alias name, prefix it with `“alias/”`. To specify
To specify a KMS key, use its key ID, key ARN, alias name, or alias
use the DescribeKey operation.
KMS key must be `SIGN_VERIFY`. To find the `KeyUsage` of a KMS key,
asymmetric KMS key to sign the message. The `KeyUsage` type of the
Identifies an asymmetric KMS key. KMS uses the private key in the
@!attribute [rw] key_id