Function sign_hasher_state

pub fn sign_hasher_state(
    nethsm: &NetHsm,
    key_id: &KeyId,
    state: impl Digest + Clone + Write,
) -> Result<Vec<u8>, Error>

Generates an OpenPGP signature based on provided hasher state.

Signs the hasher state using the key identified by key_id and returns a binary OpenPGP data signature.

This call requires using a user in the Operator role, which carries a tag (see add_user_tag) matching one of the tags of the targeted key (see add_key_tag).

Namespaces

• Operator users in a namespace only have access to keys in their own namespace.
• System-wide Operator users only have access to system-wide keys.

Errors

Returns an crate::Error::Api if creating an OpenPGP signature for the hasher state fails:

• the NetHSM is not in Operational state
• no key identified by key_id exists on the NetHSM
• the Operator user does not have access to the key (e.g. different namespace)
• the Operator user does not carry a tag matching one of the key tags
• the used Credentials are not correct
• the used Credentials are not those of a user in the Operator role