HEX
Server: Apache/2.4.65 (Ubuntu)
System: Linux ielts-store-v2 6.8.0-1036-gcp #38~22.04.1-Ubuntu SMP Thu Aug 14 01:19:18 UTC 2025 x86_64
User: root (0)
PHP: 7.2.34-54+ubuntu20.04.1+deb.sury.org+1
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
$ pwd: /snap/google-cloud-cli/394/help/man/man1/
Upload Files
File: //snap/google-cloud-cli/394/help/man/man1/gcloud_kms_asymmetric-sign.1
.TH "GCLOUD_KMS_ASYMMETRIC\-SIGN" 1



.SH "NAME"
.HP
gcloud kms asymmetric\-sign \- sign a user input file using an asymmetric\-signing key version



.SH "SYNOPSIS"
.HP
\f5gcloud kms asymmetric\-sign\fR \fB\-\-input\-file\fR=\fIINPUT_FILE\fR \fB\-\-signature\-file\fR=\fISIGNATURE_FILE\fR [\fB\-\-digest\-algorithm\fR=\fIDIGEST_ALGORITHM\fR] [\fB\-\-key\fR=\fIKEY\fR] [\fB\-\-keyring\fR=\fIKEYRING\fR] [\fB\-\-location\fR=\fILOCATION\fR] [\fB\-\-skip\-integrity\-verification\fR] [\fB\-\-version\fR=\fIVERSION\fR] [\fIGCLOUD_WIDE_FLAG\ ...\fR]



.SH "DESCRIPTION"

Creates a digital signature of the input file using the provided
asymmetric\-signing key version and saves the base64 encoded signature.

The required flag \f5signature\-file\fR indicates the path to store signature.

By default, the command performs integrity verification on data sent to and
received from Cloud KMS. Use \f5\-\-skip\-integrity\-verification\fR to disable
integrity verification.



.SH "EXAMPLES"

The following command will read the file '/tmp/my/file.to.sign', digest it with
the digest algorithm 'sha256' and sign it using the asymmetric CryptoKey
\f5dont\-panic\fR Version 3, and save the signature in base64 format to
\'/tmp/my/signature'.

.RS 2m
$ gcloud kms asymmetric\-sign \-\-location=us\-central1 \e
    \-\-keyring=hitchhiker \-\-key=dont\-panic \-\-version=3 \e
    \-\-digest\-algorithm=sha256 \-\-input\-file=/tmp/my/file.to.sign \e
    \-\-signature\-file=/tmp/my/signature
.RE



.SH "REQUIRED FLAGS"

.RS 2m
.TP 2m
\fB\-\-input\-file\fR=\fIINPUT_FILE\fR

Path to the input file to sign.

.TP 2m
\fB\-\-signature\-file\fR=\fISIGNATURE_FILE\fR

Path to the signature file to output.


.RE
.sp

.SH "OPTIONAL FLAGS"

.RS 2m
.TP 2m
\fB\-\-digest\-algorithm\fR=\fIDIGEST_ALGORITHM\fR

The algorithm to digest the input. \fIDIGEST_ALGORITHM\fR must be one of:
\fBsha256\fR, \fBsha384\fR, \fBsha512\fR.

.TP 2m
\fB\-\-key\fR=\fIKEY\fR

to use for signing.

.TP 2m
\fB\-\-keyring\fR=\fIKEYRING\fR

Key ring of the key.

.TP 2m
\fB\-\-location\fR=\fILOCATION\fR

Location of the keyring.

.TP 2m
\fB\-\-skip\-integrity\-verification\fR

Skip integrity verification on request and response API fields.

.TP 2m
\fB\-\-version\fR=\fIVERSION\fR

Version to use for signing.


.RE
.sp

.SH "GCLOUD WIDE FLAGS"

These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.

Run \fB$ gcloud help\fR for details.



.SH "NOTES"

These variants are also available:

.RS 2m
$ gcloud alpha kms asymmetric\-sign
.RE

.RS 2m
$ gcloud beta kms asymmetric\-sign
.RE
@ Telegram