Function sign

pub fn sign(
    nethsm: &NetHsm,
    key_id: &KeyId,
    message: &[u8],
) -> Result<Vec<u8>, Error>

Generates an OpenPGP signature using a given NetHSM key for the message.

Signs the message message using the key identified by key_id and returns a binary OpenPGP data signature.

This call requires using a user in the Operator role, which carries a tag (see add_user_tag) matching one of the tags of the targeted key (see add_key_tag).

Namespaces

• Operator users in a namespace only have access to keys in their own namespace.
• System-wide Operator users only have access to system-wide keys.

Errors

Returns an crate::Error::Api if creating an OpenPGP signature for the hasher state fails:

• the NetHSM is not in Operational state
• no key identified by key_id exists on the NetHSM
• the Operator user does not have access to the key (e.g. different namespace)
• the Operator user does not carry a tag matching one of the key tags
• the used Credentials are not correct
• the used Credentials are not those of a user in the Operator role
• the certificate for a given key has not been generated or is invalid
• subpacket lengths exceed maximum values
• hashing signed data fails
• signature creation using the NetHSM fails
• constructing OpenPGP signature from parts fails
• writing the signature to vector fails