Method: cryptoKeyVersions.asymmetricSign

Full name: projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.asymmetricSign

Signs data using a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from cryptoKeyVersions.getPublicKey.

HTTP request

POST https://cloudkms.googleapis.com/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:asymmetricSign

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
name

string

Required. The resource name of the CryptoKeyVersion to use for signing.

Authorization requires the following Google IAM permission on the specified resource name:

  • cloudkms.cryptoKeyVersions.useToSign

Request body

The request body contains data with the following structure:

JSON representation
{
  "digest": {
    object(Digest)
  }
}
Fields
digest

object(Digest)

Required. The digest of the data to sign. The digest must be produced with the same digest algorithm as specified by the key version's algorithm.

Response body

If successful, the response body contains data with the following structure:

Response message for KeyManagementService.AsymmetricSign.

JSON representation
{
  "signature": string
}
Fields
signature

string (bytes format)

The created signature.

A base64-encoded string.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloudkms
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

Digest

A Digest holds a cryptographic message digest.

JSON representation
{

  // Union field digest can be only one of the following:
  "sha256": string,
  "sha384": string,
  "sha512": string
  // End of list of possible types for union field digest.
}
Fields
Union field digest. Required. The message digest. digest can be only one of the following:
sha256

string (bytes format)

A message digest produced with the SHA-256 algorithm.

A base64-encoded string.

sha384

string (bytes format)

A message digest produced with the SHA-384 algorithm.

A base64-encoded string.

sha512

string (bytes format)

A message digest produced with the SHA-512 algorithm.

A base64-encoded string.

Try it!

Was this page helpful? Let us know how we did:

Send feedback about...

Cloud KMS Documentation