Function sign

Source
pub fn sign(
    nethsm: &NetHsm,
    key_id: &KeyId,
    message: &[u8],
) -> Result<Vec<u8>, Error>
Expand description

Generates an OpenPGP signature using a given NetHSM key for the message.

Signs the message message using the key identified by key_id and returns a binary OpenPGP data signature.

This call requires using a user in the Operator role, which carries a tag (see add_user_tag) matching one of the tags of the targeted key (see add_key_tag).

§Namespaces

§Errors

Returns an crate::Error::Api if creating an OpenPGP signature for the hasher state fails:

  • the NetHSM is not in Operational state
  • no key identified by key_id exists on the NetHSM
  • the Operator user does not have access to the key (e.g. different namespace)
  • the Operator user does not carry a tag matching one of the key tags
  • the used Credentials are not correct
  • the used Credentials are not those of a user in the Operator role
  • the certificate for a given key has not been generated or is invalid
  • subpacket lengths exceed maximum values
  • hashing signed data fails
  • signature creation using the NetHSM fails
  • constructing OpenPGP signature from parts fails
  • writing the signature to vector fails