nethsm-key-sign(1) General Commands Manual nethsm-key-sign(1) NAME nethsm-key-sign - Sign a message using a key SYNOPSIS nethsm key sign [-f|--force] [-o|--output] [-a|--auth-passphrase-file] [-c|--config] [-l|--label] [-u|--user] [-h|--help] DESCRIPTION Sign a message using a key The targeted key must be equipped with relevant key mechanisms for signing. The chosen signature type must match the target key type and key mechanisms. If no specific output file is chosen, the signature is written to stdout. System-wide users in the "Operator" role can only create signatures for messages using system-wide keys. Namespaced users in the "Operator" role can only create signatures for messages using keys in their own namespace. Requires authentication of a user in the "Operator" role with access (see "nethsm key tag" and "nethsm user tag") to the target key. OPTIONS -f, --force Write to output file even if it exists already May also be specified with the NETHSM_FORCE environment variable. -o, --output=OUTPUT The optional path to a specific file that the signature is written to May also be specified with the NETHSM_KEY_SIGNATURE_OUTPUT_FILE environment variable. -a, --auth-passphrase-file=AUTH_PASSPHRASE_FILE The path to a file containing a passphrase for authentication The passphrase provided in the file must be the one for the user chosen for the command. This option can be provided multiple times, which is needed for commands that require multiple roles at once. With multiple passphrase files ordering matters, as the files are assigned to the respective user provided by the "--user" option. May also be specified with the NETHSM_AUTH_PASSPHRASE_FILE environment variable. -c, --config=CONFIG The path to a custom configuration file If specified, the custom configuration file is used instead of the default configuration file location. May also be specified with the NETHSM_CONFIG environment variable. -l, --label=LABEL A label uniquely identifying a device in the configuration file Must be provided if more than one device is setup in the configuration file. May also be specified with the NETHSM_LABEL environment variable. -u, --user=USER A user name which is used for a command Can be provided, if no user name is setup in the configuration file for a device. Must be provided, if several user names of the same target role are setup in the configuration file for a device. This option can be provided multiple times, which is needed for commands that require multiple roles at once. May also be specified with the NETHSM_USER environment variable. -h, --help Print help (see a summary with '-h') The ID of the key to use for signing the message May also be specified with the NETHSM_KEY_ID environment variable. The signature type to use for the signature One of ["EcdsaP224", "EcdsaP256", "EcdsaP384", "EcdsaP521", "EdDsa", "Pkcs1", "PssMd5", "PssSha1", "PssSha224", "PssSha256", "PssSha384", "PssSha512"] May also be specified with the NETHSM_KEY_SIGNATURE_TYPE environment variable. The path to a message for which to create a signature May also be specified with the NETHSM_KEY_SIGNATURE_MESSAGE environment variable. nethsm-key-sign nethsm-key-sign(1)