class Aws::KMS::Types::SignRequest

@note When making an API call, you may pass SignRequest

data as a hash:

    {
      key_id: "KeyIdType", # required
      message: "data", # required
      message_type: "RAW", # accepts RAW, DIGEST
      grant_tokens: ["GrantTokenType"],
      signing_algorithm: "RSASSA_PSS_SHA_256", # required, accepts RSASSA_PSS_SHA_256, RSASSA_PSS_SHA_384, RSASSA_PSS_SHA_512, RSASSA_PKCS1_V1_5_SHA_256, RSASSA_PKCS1_V1_5_SHA_384, RSASSA_PKCS1_V1_5_SHA_512, ECDSA_SHA_256, ECDSA_SHA_384, ECDSA_SHA_512
    }

@!attribute [rw] key_id

Identifies an asymmetric KMS key. KMS uses the private key in the
asymmetric KMS key to sign the message. The `KeyUsage` type of the
KMS key must be `SIGN_VERIFY`. To find the `KeyUsage` of a KMS key,
use the DescribeKey operation.

To specify a KMS key, use its key ID, key ARN, alias name, or alias
ARN. When using an alias name, prefix it with `"alias/"`. To specify
a KMS key in a different Amazon Web Services account, you must use
the key ARN or alias ARN.

For example:

* Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`

* Key ARN:
  `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`

* Alias name: `alias/ExampleAlias`

* Alias ARN: `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias`

To get the key ID and key ARN for a KMS key, use ListKeys or
DescribeKey. To get the alias name and alias ARN, use ListAliases.
@return [String]

@!attribute [rw] message

Specifies the message or message digest to sign. Messages can be
0-4096 bytes. To sign a larger message, provide the message digest.

If you provide a message, KMS generates a hash digest of the message
and then signs it.
@return [String]

@!attribute [rw] message_type

Tells KMS whether the value of the `Message` parameter is a message
or message digest. The default value, RAW, indicates a message. To
indicate a message digest, enter `DIGEST`.
@return [String]

@!attribute [rw] grant_tokens

A list of grant tokens.

Use a grant token when your permission to call this operation comes
from a new grant that has not yet achieved *eventual consistency*.
For more information, see [Grant token][1] and [Using a grant
token][2] in the *Key Management Service Developer Guide*.

[1]: https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token
[2]: https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token
@return [Array<String>]

@!attribute [rw] signing_algorithm

Specifies the signing algorithm to use when signing the message.

Choose an algorithm that is compatible with the type and size of the
specified asymmetric KMS key.
@return [String]

@see docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/SignRequest AWS API Documentation

Constants

SENSITIVE