sign - sign

Creates a signature from a digest using the specified key.
The SIGN operation is applicable to asymmetric and symmetric keys stored in Azure Key Vault since this operation uses the private portion of the key. This operation requires the keys/sign permission.

POST {vaultBaseUrl}/keys/{key-name}/{key-version}/sign?api-version=7.3

URI Parameters

Name In Required Type Description
key-name
path True
  • string

The name of the key.

key-version
path True
  • string

The version of the key.

vaultBaseUrl
path True
  • string

The vault name, for example https://myvault.vault.azure.net.

api-version
query True
  • string

Client API version.

Request Body

Name Required Type Description
alg True

The signing/verification algorithm identifier. For more information on possible algorithm types, see JsonWebKeySignatureAlgorithm.

value True
  • string

Responses

Name Type Description
200 OK

The signature value.

Other Status Codes

Key Vault error response describing why the operation failed.

Examples

Sign

Sample Request

POST https://myvault.vault.azure.net//keys/testkey/9885aa558e8d448789683188f8c194b0/sign?api-version=7.3

{
  "alg": "RS512",
  "value": "RUE3Nzg4NTQ4QjQ5RjFFN0U2NzAyQzhDNEMwMkJDOTA1MTYyOTUzNjI5NDhBNzZDQTlFOTM1NDA2M0ZGMjk2Mg"
}

Sample Response

{
  "kid": "https://myvault.vault.azure.net/keys/testkey/9885aa558e8d448789683188f8c194b0",
  "value": "aKFG8NXcfTzqyR44rW42484K_zZI_T7zZuebvWuNgAoEI1gXYmxrshp42CunSmmu4oqo4-IrCikPkNIBkHXnAW2cv03Ad0UpwXhVfepK8zzDBaJPMKVGS-ZRz8CshEyGDKaLlb3J3zEkXpM3RrSEr0mdV6hndHD_mznLB5RmFui5DsKAhez4vUqajgtkgcPfCekMqeSwp6r9ItVL-gEoAohx8XMDsPedqu-7BuZcBcdayaPuBRL4wWoTDULA11P-UN_sJ5qMj3BbiRYhIlBWGR04wIGfZ3pkJjHJUpOvgH2QajdYPzUBauOCewMYbq9XkLRSzI_A7HkkDVycugSeAA"
}

Definitions

Error

The key vault server error.

JsonWebKeySignatureAlgorithm

The signing/verification algorithm identifier. For more information on possible algorithm types, see JsonWebKeySignatureAlgorithm.

KeyOperationResult

The key operation result.

KeySignParameters

The key operations parameters.

KeyVaultError

The key vault error exception.

Error

The key vault server error.

Name Type Description
code
  • string

The error code.

innererror

The key vault server error.

message
  • string

The error message.

JsonWebKeySignatureAlgorithm

The signing/verification algorithm identifier. For more information on possible algorithm types, see JsonWebKeySignatureAlgorithm.

Name Type Description
ES256
  • string

ECDSA using P-256 and SHA-256, as described in https://tools.ietf.org/html/rfc7518.

ES256K
  • string

ECDSA using P-256K and SHA-256, as described in https://tools.ietf.org/html/rfc7518

ES384
  • string

ECDSA using P-384 and SHA-384, as described in https://tools.ietf.org/html/rfc7518

ES512
  • string

ECDSA using P-521 and SHA-512, as described in https://tools.ietf.org/html/rfc7518

PS256
  • string

RSASSA-PSS using SHA-256 and MGF1 with SHA-256, as described in https://tools.ietf.org/html/rfc7518

PS384
  • string

RSASSA-PSS using SHA-384 and MGF1 with SHA-384, as described in https://tools.ietf.org/html/rfc7518

PS512
  • string

RSASSA-PSS using SHA-512 and MGF1 with SHA-512, as described in https://tools.ietf.org/html/rfc7518

RS256
  • string

RSASSA-PKCS1-v1_5 using SHA-256, as described in https://tools.ietf.org/html/rfc7518

RS384
  • string

RSASSA-PKCS1-v1_5 using SHA-384, as described in https://tools.ietf.org/html/rfc7518

RS512
  • string

RSASSA-PKCS1-v1_5 using SHA-512, as described in https://tools.ietf.org/html/rfc7518

RSNULL
  • string

Reserved

KeyOperationResult

The key operation result.

Name Type Description
aad
  • string
iv
  • string
kid
  • string

Key identifier

tag
  • string
value
  • string

KeySignParameters

The key operations parameters.

Name Type Description
alg

The signing/verification algorithm identifier. For more information on possible algorithm types, see JsonWebKeySignatureAlgorithm.

value
  • string

KeyVaultError

The key vault error exception.

Name Type Description
error

The key vault server error.