Help Center/Data Encryption Workshop/API Reference/APIs/Key Management APIs/Signature and Verification/Signature Data

Updated on 2025-09-15 GMT+08:00

Signature Data

Function

This API is used to digitally sign a message or digest using the private key of an asymmetric key.

Constraints

Only the asymmetric key whose key_usage is SIGN_VERIFY can be used for signature.

SM2 keys can only be used to sign message digests.

Calling Method

For details, see Calling APIs.

URI

POST /v1.0/{project_id}/kms/sign

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token.

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
key_id	Yes	String	A 36-byte key ID which matches the regular expression ^[0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12}$, for example, 0d0466b0-e727-4d9c-b35d-f84bb474a37f.
message	Yes	String	Message digest or message to be signed. The message must be Base64-coded and smaller than 4,096 bytes.
signing_algorithm	Yes	String	Signature algorithm. Possible values are as follows: RSASSA_PSS_SHA_256 RSASSA_PSS_SHA_384 RSASSA_PSS_SHA_512 RSASSA_PKCS1_V1_5_SHA_256 RSASSA_PKCS1_V1_5_SHA_384 RSASSA_PKCS1_V1_5_SHA_512 ECDSA_SHA_256 ECDSA_SHA_384 ECDSA_SHA_512 SM2DSA_SM3
message_type	No	String	Message type. The default value is DIGEST. Possible values are as follows: DIGEST: message digest RAW: message
sequence	No	String	A 36-byte serial number of a request message, for example, 919c82d4-8046-4722-9094-35c3c6524cff

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
key_id	String	Key ID
signature	String	Base64-coded signature value

Status code: 400

**Table 5** Response body parameters
Parameter	Type	Description
error	Object	Error message

**Table 6** ErrorDetail
Parameter	Type	Description
error_code	String	Error code returned by the error request
error_msg	String	Error information returned by the error request

Status code: 401

**Table 7** Response body parameters
Parameter	Type	Description
error	Object	Error message

**Table 8** ErrorDetail
Parameter	Type	Description
error_code	String	Error code returned by the error request
error_msg	String	Error information returned by the error request

Status code: 403

**Table 9** Response body parameters
Parameter	Type	Description
error	Object	Error message

**Table 10** ErrorDetail
Parameter	Type	Description
error_code	String	Error code returned by the error request
error_msg	String	Error information returned by the error request

Status code: 404

**Table 11** Response body parameters
Parameter	Type	Description
error	Object	Error message

**Table 12** ErrorDetail
Parameter	Type	Description
error_code	String	Error code returned by the error request
error_msg	String	Error information returned by the error request

Status code: 500

**Table 13** Response body parameters
Parameter	Type	Description
error	Object	Error message

**Table 14** ErrorDetail
Parameter	Type	Description
error_code	String	Error code returned by the error request
error_msg	String	Error information returned by the error request

Status code: 502

**Table 15** Response body parameters
Parameter	Type	Description
error	Object	Error message

**Table 16** ErrorDetail
Parameter	Type	Description
error_code	String	Error code returned by the error request
error_msg	String	Error information returned by the error request

Status code: 504

**Table 17** Response body parameters
Parameter	Type	Description
error	Object	Error message

**Table 18** ErrorDetail
Parameter	Type	Description
error_code	String	Error code returned by the error request
error_msg	String	Error information returned by the error request

Example Requests

Sign messages and digests using the key whose ID is 0d0466b0-e727-4d9c-b35d-f84bb474a37f and the RSASSA_PKCS1_V1_5_SHA_256 algorithm.

{
  "key_id" : "0d0466b0-e727-4d9c-b35d-f84bb474a37f",
  "signing_algorithm" : "RSASSA_PKCS1_V1_5_SHA_256",
  "message" : "MmFiZWE0ZjI3ZGIxYTkzY2RmYmEzM2YwMTA1YmJjYw=="
}

Example Responses

Status code: 200

Request succeeded.

{
  "key_id" : "0d0466b0-e727-4d9c-b35d-f84bb474a37f",
  "signature" : "jFUqQESGBc0j6k9BozzrP9YL4qk8/W9DZRvK6XXX..."
}

Status Codes

Status Code	Description
200	Request succeeded.
400	Invalid request parameters.
401	Username and password are required for the requested page.
403	Authentication failed.
404	The resource does not exist.
500	Internal service error.
502	Failed to complete the request. The server receives an invalid response from the upstream server.
504	Gateway timed out.

Error Codes

See Error Codes.

Parent Topic: Signature and Verification

Previous topic: Signature and Verification

Next topic: Verifying a Signature

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.