sign - sign
Creates a signature from a digest using the specified key.
The SIGN operation is applicable to asymmetric and symmetric keys stored in Azure Key Vault since this operation uses the private portion of the key. This operation requires the keys/sign permission.
POST {vaultBaseUrl}/keys/{key-name}/{key-version}/sign?api-version=7.4URI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
key-name
|
path | True |
string |
The name of the key. |
|
key-version
|
path | True |
string |
The version of the key. |
|
vault
|
path | True |
string |
The vault name, for example https://myvault.vault.azure.net. |
|
api-version
|
query | True |
string |
Client API version. |
Request Body
| Name | Required | Type | Description |
|---|---|---|---|
| alg | True | minLength: 1 |
The signing/verification algorithm identifier. For more information on possible algorithm types, see JsonWebKeySignatureAlgorithm. |
| value | True |
string (base64url) |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
The signature value. |
|
| Other Status Codes |
Key Vault error response describing why the operation failed. |
Examples
Sign
Sample request
POST https://myvault.vault.azure.net//keys/testkey/9885aa558e8d448789683188f8c194b0/sign?api-version=7.4
{
"alg": "RS512",
"value": "RUE3Nzg4NTQ4QjQ5RjFFN0U2NzAyQzhDNEMwMkJDOTA1MTYyOTUzNjI5NDhBNzZDQTlFOTM1NDA2M0ZGMjk2Mg"
}
Sample response
{
"kid": "https://myvault.vault.azure.net/keys/testkey/9885aa558e8d448789683188f8c194b0",
"value": "aKFG8NXcfTzqyR44rW42484K_zZI_T7zZuebvWuNgAoEI1gXYmxrshp42CunSmmu4oqo4-IrCikPkNIBkHXnAW2cv03Ad0UpwXhVfepK8zzDBaJPMKVGS-ZRz8CshEyGDKaLlb3J3zEkXpM3RrSEr0mdV6hndHD_mznLB5RmFui5DsKAhez4vUqajgtkgcPfCekMqeSwp6r9ItVL-gEoAohx8XMDsPedqu-7BuZcBcdayaPuBRL4wWoTDULA11P-UN_sJ5qMj3BbiRYhIlBWGR04wIGfZ3pkJjHJUpOvgH2QajdYPzUBauOCewMYbq9XkLRSzI_A7HkkDVycugSeAA"
}Definitions
| Name | Description |
|---|---|
| Error |
The key vault server error. |
|
Json |
The signing/verification algorithm identifier. For more information on possible algorithm types, see JsonWebKeySignatureAlgorithm. |
|
Key |
The key operation result. |
|
Key |
The key operations parameters. |
|
Key |
The key vault error exception. |
Error
The key vault server error.
| Name | Type | Description |
|---|---|---|
| code |
string |
The error code. |
| innererror |
The key vault server error. |
|
| message |
string |
The error message. |
JsonWebKeySignatureAlgorithm
The signing/verification algorithm identifier. For more information on possible algorithm types, see JsonWebKeySignatureAlgorithm.
| Value | Description |
|---|---|
| ES256 |
ECDSA using P-256 and SHA-256, as described in https://tools.ietf.org/html/rfc7518. |
| ES256K |
ECDSA using P-256K and SHA-256, as described in https://tools.ietf.org/html/rfc7518 |
| ES384 |
ECDSA using P-384 and SHA-384, as described in https://tools.ietf.org/html/rfc7518 |
| ES512 |
ECDSA using P-521 and SHA-512, as described in https://tools.ietf.org/html/rfc7518 |
| PS256 |
RSASSA-PSS using SHA-256 and MGF1 with SHA-256, as described in https://tools.ietf.org/html/rfc7518 |
| PS384 |
RSASSA-PSS using SHA-384 and MGF1 with SHA-384, as described in https://tools.ietf.org/html/rfc7518 |
| PS512 |
RSASSA-PSS using SHA-512 and MGF1 with SHA-512, as described in https://tools.ietf.org/html/rfc7518 |
| RS256 |
RSASSA-PKCS1-v1_5 using SHA-256, as described in https://tools.ietf.org/html/rfc7518 |
| RS384 |
RSASSA-PKCS1-v1_5 using SHA-384, as described in https://tools.ietf.org/html/rfc7518 |
| RS512 |
RSASSA-PKCS1-v1_5 using SHA-512, as described in https://tools.ietf.org/html/rfc7518 |
| RSNULL |
Reserved |
KeyOperationResult
The key operation result.
| Name | Type | Description |
|---|---|---|
| aad |
string (base64url) |
|
| iv |
string (base64url) |
|
| kid |
string |
Key identifier |
| tag |
string (base64url) |
|
| value |
string (base64url) |
KeySignParameters
The key operations parameters.
| Name | Type | Description |
|---|---|---|
| alg | minLength: 1 |
The signing/verification algorithm identifier. For more information on possible algorithm types, see JsonWebKeySignatureAlgorithm. |
| value |
string (base64url) |
KeyVaultError
The key vault error exception.
| Name | Type | Description |
|---|---|---|
| error |
The key vault server error. |